URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Submission: On July 01 via api from DE — Scanned from DE

Summary

This website contacted 12 IPs in 4 countries across 12 domains to perform 126 HTTP transactions. The main IP is 2a04:4e42:600::740, located in United States and belongs to FASTLY, US. The main domain is www.forcepoint.com. The Cisco Umbrella rank of the primary domain is 281210.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on November 22nd 2023. Valid for: a year.
This is the only time www.forcepoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
105 2a04:4e42:600... 54113 (FASTLY)
5 104.17.24.14 13335 (CLOUDFLAR...)
3 2600:9000:235... 16509 (AMAZON-02)
1 104.18.141.119 13335 (CLOUDFLAR...)
1 1 68.67.153.60 29990 (ASN-APPNEX)
2 2 185.89.210.244 29990 (ASN-APPNEX)
1 2600:9000:206... 16509 (AMAZON-02)
5 104.19.175.188 13335 (CLOUDFLAR...)
1 2602:816:5001... 54113 (FASTLY)
1 2400:52e0:1e0... 60068 (CDN77 _)
2 159.89.102.253 14061 (DIGITALOC...)
1 212.8.253.238 49981 (WORLDSTREAM)
1 162.247.243.29 54113 (FASTLY)
126 12
Apex Domain
Subdomains
Transfer
105 forcepoint.com
www.forcepoint.com — Cisco Umbrella Rank: 281210
3 MB
5 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 5239
forms-na1.hsforms.com — Cisco Umbrella Rank: 8151
17 KB
5 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 268
96 KB
3 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1313
116 KB
2 geolocation-db.com
geolocation-db.com — Cisco Umbrella Rank: 27103
511 B
2 simpleanalyticscdn.com
scripts.simpleanalyticscdn.com — Cisco Umbrella Rank: 79317
queue.simpleanalyticscdn.com — Cisco Umbrella Rank: 56557
5 KB
2 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 527
2 KB
1 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 311
603 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 900
16 KB
1 ml-api.io
attr.ml-api.io — Cisco Umbrella Rank: 19018
279 B
1 ml-attr.com
s.ml-attr.com — Cisco Umbrella Rank: 16985
283 B
1 hsforms.net
js.hsforms.net — Cisco Umbrella Rank: 7892
156 KB
126 12
Domain Requested by
105 www.forcepoint.com www.forcepoint.com
5 cdnjs.cloudflare.com www.forcepoint.com
3 forms-na1.hsforms.com js.hsforms.net
3 tags.tiqcdn.com www.forcepoint.com
tags.tiqcdn.com
2 geolocation-db.com cdnjs.cloudflare.com
2 forms.hsforms.com js.hsforms.net
2 secure.adnxs.com 2 redirects
1 bam.nr-data.net js-agent.newrelic.com
1 queue.simpleanalyticscdn.com
1 scripts.simpleanalyticscdn.com www.forcepoint.com
1 js-agent.newrelic.com www.forcepoint.com
1 attr.ml-api.io www.forcepoint.com
1 s.ml-attr.com 1 redirects
1 js.hsforms.net www.forcepoint.com
126 14
Subject Issuer Validity Valid
forcepoint.com
Sectigo RSA Organization Validation Secure Server CA
2023-11-22 -
2024-11-21
a year crt.sh
cdnjs.cloudflare.com
E1
2024-06-02 -
2024-08-31
3 months crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02
2024-03-19 -
2025-04-17
a year crt.sh
hsforms.net
WE1
2024-06-13 -
2024-09-11
3 months crt.sh
hsforms.com
WE1
2024-06-14 -
2024-09-12
3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2024 Q1
2024-03-21 -
2025-04-22
a year crt.sh
scripts.simpleanalyticscdn.com
R3
2024-05-20 -
2024-08-18
3 months crt.sh
geolocation-db.com
R11
2024-06-10 -
2024-09-08
3 months crt.sh
queue.simpleanalyticscdn.com
R10
2024-06-07 -
2024-09-05
3 months crt.sh
*.nr-data.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-29 -
2024-10-01
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Frame ID: 91B0850EF832E26886A350B4E61920F2
Requests: 147 HTTP requests in this frame

Screenshot

Page Title

URL shortener in a Microsoft Word file that leads to Remcos

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Page Statistics

126
Requests

99 %
HTTPS

38 %
IPv6

12
Domains

14
Subdomains

12
IPs

4
Countries

3127 kB
Transfer

6564 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID HTTP 302
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=2657853101310053061

126 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request url-shortener-microsoft-word-remcos-rat-trojan
www.forcepoint.com/blog/x-labs/
134 KB
46 KB
Document
General
Full URL
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
629649515666e3906b0dcb77fb2fa1696a4b83b630e2c569a7cd4a097dbe3af8
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com; img-src * data: *; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com *.hubspot.com *.hubspot.net *.demdex.net *.libsyn.com *.youtube.com; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
age
2530
cache-control
public, max-age=3600
content-encoding
gzip
content-language
en
content-length
40227
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com; img-src * data: *; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com *.hubspot.com *.hubspot.net *.demdex.net *.libsyn.com *.youtube.com; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
content-type
text/html; charset=utf-8
date
Mon, 01 Jul 2024 06:49:28 GMT
etag
W/"1719814037-0"
expires
Sun, 19 Nov 1978 05:00:00 GMT
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent
EU
http_x_geo_region
DE-BW
last-modified
Mon, 01 Jul 2024 06:07:17 GMT
link
</sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</misc/throbber-inactive.png>; rel=preload; as=image; type="image/png"; nopush,</misc/throbber-active.gif>; rel=preload; as=image; type="image/gif"; nopush,</misc/grippie.png>; rel=preload; as=image; type="image/png"; nopush,</misc/draggable.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree-bottom.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-ok.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-warning.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-error.png>; rel=preload; as=image; type="image/png"; nopush,</misc/help.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-expanded.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-collapsed.png>; rel=preload; as=image; type="image/png"; nopush,</misc/progress.gif>; rel=preload; as=image; type="image/gif"; nopush,</sites/all/libraries/chosen/chosen-sprite.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/libraries/chosen/chosen-sprite@2x.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png>; rel=preload; as=image; type="image/png"; nopush
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=18410000; includeSubDomains; preload
vary
Accept-Encoding, x-geo-country, Cookie, Cookie
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, MISS
x-cache-hits
1, 27, 0
x-content-type-options
nosniff
x-drupal-cache
MISS
x-frame-options
SAMEORIGIN
x-generator
Drupal 7 (http://drupal.org)
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-p5mqc
x-served-by
cache-chi-kigq8000039-CHI, cache-cph2320041-CPH, cache-cph2320040-CPH
x-styx-req-id
2b1fba6e-3770-11ef-ac9d-ee9e1dde6fad
x-timer
S1719816568.053827,VS0,VE5
x-ua-compatible
IE=Edge,chrome=1
x-xss-protection
1
Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized//
18 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:17 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408130
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-prbvz
content-length
18868
x-served-by
cache-chi-kigq8000062-CHI, cache-cph2320032-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816568.181095,VS0,VE3
etag
"667c16d7-49b4"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
cf2381d2-33bf-11ef-8f1c-1edbf4b9e77b
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
50, 27, 0
Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-p5mqc
content-length
18868
x-served-by
cache-chi-kigq8000080-CHI, cache-cph2320026-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816568.182149,VS0,VE3
etag
"667c16d7-49b4"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c669bbfa-33bf-11ef-b6d0-ee9e1dde6fad
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
53, 27, 0
Hoves_Medium.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-llvxv
content-length
18688
x-served-by
cache-chi-klot8100097-CHI, cache-cph2320045-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:44 GMT
server
nginx
x-timer
S1719816568.181484,VS0,VE4
etag
"667c16d8-4900"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c669d5a4-33bf-11ef-9fbf-ee120c8775da
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
54, 27, 0
Hoves_Regular.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-6m95f
content-length
18436
x-served-by
cache-chi-klot8100104-CHI, cache-cph2320045-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816568.181467,VS0,VE4
etag
"667c16d7-4804"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c669861f-33bf-11ef-af3d-7a520cdabf04
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
53, 27, 0
Hoves_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
19 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-ncjj8
content-length
19656
x-served-by
cache-chi-klot8100074-CHI, cache-cph2320044-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:44 GMT
server
nginx
x-timer
S1719816568.181463,VS0,VE3
etag
"667c16d8-4cc8"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c66a3f4f-33bf-11ef-ad75-f60ce2535107
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
52, 27, 0
Hoves_Light.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-z4chc
content-length
18600
x-served-by
cache-chi-kigq8000086-CHI, cache-cph2320034-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816568.181448,VS0,VE4
etag
"667c16d7-48a8"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c66a02e5-33bf-11ef-8526-8245d19189a9
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
53, 27, 0
Hoves_Light_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
19 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-x24lf
content-length
19360
x-served-by
cache-chi-klot8100179-CHI, cache-cph2320048-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816568.181438,VS0,VE4
etag
"667c16d7-4ba0"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c66a4b2e-33bf-11ef-b55f-0a5f4b927256
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
52, 27, 0
Hoves_ExtraLight.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-4fsf9
content-length
17944
x-served-by
cache-chi-kigq8000066-CHI, cache-cph2320051-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:44 GMT
server
nginx
x-timer
S1719816568.181423,VS0,VE4
etag
"667c16d8-4618"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c66a96f5-33bf-11ef-82b6-0e47c8ff5b51
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
53, 27, 0
throbber-inactive.png
www.forcepoint.com/misc/
140 B
536 B
Image
General
Full URL
https://www.forcepoint.com/misc/throbber-inactive.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 1128, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240195
age
1925336
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=320 idim=15x13 ifmt=png ofsz=140 odim=15x13 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-59b5bdfd9-hr6dk
content-length
140
x-served-by
cache-chi-kigq8000107-CHI, cache-ams2100108-AMS, cache-ams2100108-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.292216,VS0,VE1
etag
"CYYfXWQxa+SPObSsE32Xk7Do+LMPmm8BZYCZJK1ZEUA"
vary
Accept
content-type
image/webp
x-styx-req-id
49ffb039-25f3-11ef-bcb1-92bc69777a0d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Tue, 10 Jun 2025 00:00:32 GMT
throbber-active.gif
www.forcepoint.com/misc/
1 KB
2 KB
Image
General
Full URL
https://www.forcepoint.com/misc/throbber-active.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4d58ffb4437135b1a4f7b8cbf01321ea85fe244416aed493ea942462f3d58c86
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 1211, 2
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240196
age
1137023
http_x_geo_region
DE-BW
x-cache
HIT, HIT, HIT, HIT
fastly-io-info
ifsz=1233 idim=15x13 ifmt=gif ofsz=1233 odim=15x13 ofmt=gif ofrm=12
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-668bdc8fc7-vwc4w
content-length
1233
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-klot8100061-CHI, cache-ams21045-AMS, cache-ams12734-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.292845,VS0,VE1
etag
"cciM0uPCYoc09vCSqOmHV4nMniFUM15FCTn0mYxlwCQ"
vary
Accept
content-type
image/gif
x-styx-req-id
fceee927-1173-11ef-acea-f6bba15d4c75
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 14 May 2025 21:58:53 GMT
grippie.png
www.forcepoint.com/misc/
56 B
480 B
Image
General
Full URL
https://www.forcepoint.com/misc/grippie.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 1696, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img05-europe-west3
age
1146349
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=106 idim=27x5 ifmt=png ofsz=56 odim=27x5 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-7c9db67975-rt77l
content-length
56
x-served-by
cache-chi-klot8100115-CHI, cache-ams21073-AMS, cache-ams21073-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.292158,VS0,VE1
etag
"kt9RZLYHWjv58VxK34gY2gtJI3NheIs+DTYX4JV5AGA"
vary
Accept
content-type
image/webp
x-styx-req-id
990fb7eb-120a-11ef-a0cc-d636790e30db
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 15 May 2025 15:56:59 GMT
draggable.png
www.forcepoint.com/misc/
268 B
719 B
Image
General
Full URL
https://www.forcepoint.com/misc/draggable.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 700, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240193
age
1563530
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=268 idim=15x60 ifmt=png ofsz=268 odim=15x60 ofmt=png
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-845bccb87b-rxdp4
content-length
268
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000056-CHI, cache-ams21022-AMS, cache-ams21022-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.293440,VS0,VE1
etag
"KWIpRFdw6XY1xKLUIvevvjFCVB7MVHDdktcCcAkddP0"
vary
Accept
content-type
image/png
x-styx-req-id
af6b1826-293d-11ef-98e5-5a38d201be85
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 14 Jun 2025 04:30:38 GMT
tree.png
www.forcepoint.com/misc/
82 B
436 B
Image
General
Full URL
https://www.forcepoint.com/misc/tree.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 710, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240193
age
3567756
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=130 idim=80x81 ifmt=png ofsz=82 odim=80x81 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-7d5d4db597-dqfkt
content-length
82
x-served-by
cache-chi-kigq8000035-CHI, cache-ams21043-AMS, cache-ams21043-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.293495,VS0,VE1
etag
"Z35FTfoaAVemLhiXshryO4rkEzH1KA6bO8GIRsSVaO0"
vary
Accept
content-type
image/webp
x-styx-req-id
3bc0241e-1703-11ef-911d-fa2fe945313b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 21 May 2025 23:46:52 GMT
tree-bottom.png
www.forcepoint.com/misc/
78 B
501 B
Image
General
Full URL
https://www.forcepoint.com/misc/tree-bottom.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 1399, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img08-europe-west2
age
1936420
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=129 idim=80x81 ifmt=png ofsz=78 odim=80x81 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-5wssg
content-length
78
x-served-by
cache-chi-klot8100109-CHI, cache-ams21021-AMS, cache-ams21028-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.292841,VS0,VE2
etag
"JyOt5s8au+dKwuKYWT9ybz2cVW6ZbelcJx3DlTABXvE"
vary
Accept
content-type
image/webp
x-styx-req-id
eef36650-074f-11ef-8b93-f2f52e1bfc3f
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 00:15:36 GMT
message-24-ok.png
www.forcepoint.com/misc/
902 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/misc/message-24-ok.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 13, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240196
age
2010749
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=1058 idim=24x24 ifmt=png ofsz=902 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-69d957dcb5-hzqfw
content-length
902
x-served-by
cache-chi-klot8100043-CHI, cache-ams21058-AMS, cache-ams21058-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.292841,VS0,VE1
etag
"60PoYDt+1vFXU4yAkaVKB1clxMNlUR3MuNzEGSZ9U9Y"
vary
Accept
content-type
image/webp
x-styx-req-id
0a0dcb57-23ae-11ef-bb72-82eb5061f947
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 07 Jun 2025 02:39:47 GMT
message-24-warning.png
www.forcepoint.com/misc/
612 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/misc/message-24-warning.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 848, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img09-europe-west2
age
2030484
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=753 idim=24x24 ifmt=png ofsz=612 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-2snzw
content-length
612
x-served-by
cache-chi-klot8100163-CHI, cache-ams21073-AMS, cache-ams12751-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.292033,VS0,VE1
etag
"etN9kWF1zriHIse4xor9Tv/e40PLoR3lRGg8xe6tRQE"
vary
Accept
content-type
image/webp
x-styx-req-id
38c734ce-074c-11ef-bd21-e6711c542c27
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 23:49:02 GMT
message-24-error.png
www.forcepoint.com/misc/
614 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/misc/message-24-error.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 339, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img03-europe-west3
age
2723281
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=733 idim=24x24 ifmt=png ofsz=614 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-777f57d6b4-nr2qv
content-length
614
x-served-by
cache-chi-kigq8000043-CHI, cache-ams21042-AMS, cache-ams12747-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.292021,VS0,VE1
etag
"gVoMZ8dd1QgL/2SjIwn0GwzJENiBt143AYaoiF4Ws6M"
vary
Accept
content-type
image/webp
x-styx-req-id
6d90d03b-1eb1-11ef-92d1-b65dd15c85b7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 31 May 2025 18:21:26 GMT
help.png
www.forcepoint.com/misc/
192 B
540 B
Image
General
Full URL
https://www.forcepoint.com/misc/help.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 219, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img04-europe-west3
age
1462242
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=294 idim=16x16 ifmt=png ofsz=192 odim=16x16 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-766d899d75-s659g
content-length
192
x-served-by
cache-chi-klot8100132-CHI, cache-ams21075-AMS, cache-ams21052-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.292170,VS0,VE2
etag
"v6al66PXjd/2WqSfHyL2pCCxkfKAcJfvgCU3I6pbO+4"
vary
Accept
content-type
image/webp
x-styx-req-id
46289daa-1dfa-11ef-b597-b682643632dc
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 30 May 2025 20:30:22 GMT
menu-expanded.png
www.forcepoint.com/misc/
46 B
453 B
Image
General
Full URL
https://www.forcepoint.com/misc/menu-expanded.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 994, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240192
age
1742041
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=106 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-7dd7d79886-tt5q8
content-length
46
x-served-by
cache-chi-klot8100163-CHI, cache-ams21056-AMS, cache-ams12749-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.292001,VS0,VE2
etag
"lnOeF6KlRRR5aM+MCm3C8DB9Vu1cySrSTIEOJY+eTS4"
vary
Accept
content-type
image/webp
x-styx-req-id
61f9c634-1310-11ef-9bbf-f20de0f2e948
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 16 May 2025 23:10:55 GMT
menu-collapsed.png
www.forcepoint.com/misc/
46 B
501 B
Image
General
Full URL
https://www.forcepoint.com/misc/menu-collapsed.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 512, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img03-europe-west3
age
1260787
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=105 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-55987d54bd-mpj8p
content-length
46
x-served-by
cache-chi-kigq8000091-CHI, cache-ams21028-AMS, cache-ams21028-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.293608,VS0,VE2
etag
"HJgRuOhWhAFgOazVOW2HjRFb16cHmG+HSX+vLor86a0"
vary
Accept
content-type
image/webp
x-styx-req-id
90096ed5-2bfe-11ef-964c-ce0c78ab2c1c
cache-control
max-age=31622400
accept-ranges
bytes
expires
Tue, 17 Jun 2025 16:36:21 GMT
progress.gif
www.forcepoint.com/misc/
6 KB
6 KB
Image
General
Full URL
https://www.forcepoint.com/misc/progress.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
91997f03543fdd296c85e60feede1e3df0e950aca03698583ff2870869a2dc0b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 437, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240194
age
1397594
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=5872 idim=20x40 ifmt=gif ofsz=5872 odim=20x40 ofmt=gif ofrm=20
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-845bccb87b-srflh
content-length
5872
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-klot8100021-CHI, cache-ams2100134-AMS, cache-ams2100134-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.291985,VS0,VE2
etag
"KSQIcjJuPSqTVV6Yjqa330VSb5j46NEcKLjR3ejGL1A"
vary
Accept
content-type
image/gif
x-styx-req-id
883e9816-24d4-11ef-a75e-a2ab8c7907d3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 08 Jun 2025 13:47:50 GMT
chosen-sprite.png
www.forcepoint.com/sites/all/libraries/chosen/
430 B
855 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 40, 94
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240195
age
2270811
http_x_geo_region
DE-BW
x-cache
HIT, HIT, HIT, HIT
fastly-io-info
ifsz=538 idim=52x37 ifmt=png ofsz=430 odim=52x37 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-69d957dcb5-vfj67
content-length
430
x-served-by
cache-chi-klot8100058-CHI, cache-ams21024-AMS, cache-ams2100140-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.291975,VS0,VE1
etag
"pCuJ3WEDsPQPzkbIkY90U4TfuAo3yBgHEEN2IOPELGY"
vary
Accept
content-type
image/webp
x-styx-req-id
eade0401-22ce-11ef-bdfd-06c82f407e68
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 06 Jun 2025 00:02:37 GMT
chosen-sprite@2x.png
www.forcepoint.com/sites/all/libraries/chosen/
628 B
1013 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 49, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240195
age
1996464
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=738 idim=104x74 ifmt=png ofsz=628 odim=104x74 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-69d957dcb5-hzqfw
content-length
628
x-served-by
cache-chi-klot8100088-CHI, cache-ams21032-AMS, cache-ams21032-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.291965,VS0,VE3
etag
"1954vZ3omyWtqZWjx3EPpQPU3ZMgJvFFfwvKeF5rhm0"
vary
Accept
content-type
image/webp
x-styx-req-id
7ffc13a4-23c2-11ef-bb72-82eb5061f947
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 07 Jun 2025 05:06:14 GMT
ui-bg_flat_75_ffffff_40x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
44 B
428 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 185, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240196
age
2052023
http_x_geo_region
DE-BW
x-cache
HIT, HIT, HIT, HIT
fastly-io-info
ifsz=178 idim=40x100 ifmt=png ofsz=44 odim=40x100 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-845bccb87b-srflh
content-length
44
x-served-by
cache-chi-kigq8000066-CHI, cache-ams2100113-AMS, cache-ams2100113-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.296232,VS0,VE4
etag
"O9SdHkbja5Mmzi4DWOWJdZgUQirITGa5uuAK5R/QoyM"
vary
Accept
content-type
image/webp
x-styx-req-id
52f9a834-24cc-11ef-a75e-a2ab8c7907d3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 08 Jun 2025 12:49:05 GMT
ui-bg_highlight-soft_75_cccccc_1x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
54 B
422 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 0, 1101, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img03-europe-west2
age
2030484
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=101 idim=1x100 ifmt=png ofsz=54 odim=1x100 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-z9kn6
content-length
54
x-served-by
cache-chi-kigq8000036-CHI, cache-ams21053-AMS, cache-ams12766-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.297788,VS0,VE1
etag
"SVL3LfYtpcUTzNEo8mHT+EoBDkNcvK2l7xiLlLE7P6w"
vary
Accept
content-type
image/webp
x-styx-req-id
79be48f5-07bc-11ef-b06b-3246cedab68e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:12:34 GMT
ui-bg_glass_75_e6e6e6_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
78 B
436 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 0, 984, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img01-europe-west2
age
1977586
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=110 idim=1x400 ifmt=png ofsz=78 odim=1x400 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-vj962
content-length
78
x-served-by
cache-chi-kigq8000098-CHI, cache-ams21026-AMS, cache-ams12763-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.296173,VS0,VE1
etag
"4s1MwOZKDfGEu/a/SFo57USn639l3MbW8dYbzZPyEag"
vary
Accept
content-type
image/webp
x-styx-req-id
79be7b6b-07bc-11ef-891e-fad2edf62dbb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:12:34 GMT
ui-bg_glass_75_dadada_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
84 B
559 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 777, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240195
age
1557803
http_x_geo_region
DE-BW
x-cache
HIT, HIT, HIT, HIT
fastly-io-info
ifsz=111 idim=1x400 ifmt=png ofsz=84 odim=1x400 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-845bccb87b-c7w7c
content-length
84
x-served-by
cache-chi-klot8100024-CHI, cache-ams21038-AMS, cache-ams21038-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.296752,VS0,VE5
etag
"msf+sm6St45S//5aPCnGaIqq4DmKLsS3uxv+ikcGyuY"
vary
Accept
content-type
image/webp
x-styx-req-id
0490b650-294b-11ef-91a4-f680ab016c03
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 14 Jun 2025 06:06:04 GMT
css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408131
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
2109
x-served-by
cache-chi-kigq8000159-CHI, cache-cph2320037-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:05:49 GMT
server
nginx
x-timer
S1719816568.180855,VS0,VE3
etag
W/"65e6b63d-1797"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e591bfd4-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
11 KB
3 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Mon, 28 Apr 2025 10:38:01 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408131
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-6zx56
content-length
2662
x-served-by
cache-chi-kigq8000165-CHI, cache-cph2320042-CPH, cache-cph2320040-CPH
last-modified
Tue, 05 Mar 2024 06:05:43 GMT
server
nginx
x-timer
S1719816568.252549,VS0,VE4
etag
W/"65e6b637-2d9a"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
387529c2-0482-11ef-be95-3a8be9a6877a
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
76, 27, 0
css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
789 B
740 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 28, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408146
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-z27mm
content-length
405
x-served-by
cache-chi-kigq8000114-CHI, cache-cph2320021-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:43 GMT
server
nginx
x-timer
S1719816568.252813,VS0,VE3
etag
W/"65e6b637-315"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d80591ea-f1d7-11ee-8a97-36bf4d504f37
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:03 GMT
css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
14 KB
3 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
48, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408146
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-kk5rj
content-length
2632
x-served-by
cache-chi-klot8100179-CHI, cache-cph2320053-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:45 GMT
server
nginx
x-timer
S1719816568.255369,VS0,VE4
etag
W/"65e6b639-3962"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d721e3ae-f1d7-11ee-b87b-f2654297ce89
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
512 B
512 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408146
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-m255z
content-length
230
x-served-by
cache-chi-kigq8000068-CHI, cache-cph2320025-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:05:46 GMT
server
nginx
x-timer
S1719816568.254219,VS0,VE4
etag
W/"65e6b63a-200"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d804a972-f1d7-11ee-976d-4e9dd3d547b2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:03 GMT
css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
3 KB
1 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sat, 31 May 2025 05:34:47 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-pantheon-styx-hostname
styx-fe1-a-766d899d75-s659g
age
408131
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
content-length
1172
x-served-by
cache-chi-kigq8000154-CHI, cache-cph2320040-CPH, cache-cph2320040-CPH
last-modified
Tue, 05 Mar 2024 06:05:52 GMT
server
nginx
x-timer
S1719816568.254197,VS0,VE3
etag
W/"65e6b640-c8c"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
538c932d-1e46-11ef-b597-b682643632dc
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 27, 0
css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
506 B
591 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
23, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408130
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-fn6sp
content-length
175
x-served-by
cache-chi-kigq8000153-CHI, cache-cph2320059-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:53 GMT
server
nginx
x-timer
S1719816568.254748,VS0,VE4
etag
W/"65e6b641-1fa"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e596f71a-f1d7-11ee-89fc-2e39b17a00a2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
454 B
528 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-97hrc
age
408130
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
content-length
221
x-served-by
cache-chi-kigq8000054-CHI, cache-cph2320040-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:54 GMT
server
nginx
x-timer
S1719816568.254713,VS0,VE3
etag
W/"65e6b642-1c6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e59403e9-f1d7-11ee-9c8c-7a18807b770d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
502 B
605 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Tue, 03 Jun 2025 10:17:05 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408130
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-766d899d75-fzdtp
content-length
252
x-served-by
cache-chi-klot8100023-CHI, cache-cph2320046-CPH, cache-cph2320040-CPH
last-modified
Tue, 05 Mar 2024 06:05:55 GMT
server
nginx
x-timer
S1719816568.254714,VS0,VE4
etag
W/"65e6b643-1f6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
42eebcb4-20c9-11ef-a8e2-12b292f98399
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 27, 0
css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
5 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
62, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408066
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
2091
x-served-by
cache-chi-klot8100098-CHI, cache-cph2320039-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:05:56 GMT
server
nginx
x-timer
S1719816568.254713,VS0,VE4
etag
W/"65e6b644-1218"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e5943fb9-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
128 B
320 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-j9qgk
content-length
118
x-served-by
cache-chi-klot8100059-CHI, cache-cph2320022-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:05:47 GMT
server
nginx
x-timer
S1719816568.254713,VS0,VE4
etag
W/"65e6b63b-80"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e599bfb1-f1d7-11ee-8caf-72f948985f1d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
203 B
506 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408130
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
137
x-served-by
cache-chi-klot8100122-CHI, cache-cph2320044-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:05:56 GMT
server
nginx
x-timer
S1719816568.254100,VS0,VE4
etag
W/"65e6b644-cb"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e59b82f5-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
99 B
380 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Wed, 11 Jun 2025 11:24:22 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408130
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-845bccb87b-srflh
content-length
100
x-served-by
cache-chi-klot8100084-CHI, cache-cph2320056-CPH, cache-cph2320040-CPH
last-modified
Tue, 05 Mar 2024 06:05:58 GMT
server
nginx
x-timer
S1719816568.254104,VS0,VE3
etag
W/"65e6b646-63"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
fc2a0d8d-271b-11ef-a75e-a2ab8c7907d3
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
81, 27, 0
css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
493 KB
118 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sun, 11 May 2025 14:10:41 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-7p2sd
content-length
120174
x-served-by
cache-chi-kigq8000100-CHI, cache-cph2320041-CPH, cache-cph2320040-CPH
last-modified
Tue, 05 Mar 2024 06:05:48 GMT
server
nginx
x-timer
S1719816568.254076,VS0,VE4
etag
W/"65e6b63c-7b4f7"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
15c42075-0ed7-11ef-9e44-6609e5b21e96
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 27, 0
css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
2 MB
300 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8117b5d7ba159bfb0cf341d96a566b4b06c466a0038eca2273a8533b1536e019

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sat, 21 Jun 2025 13:27:13 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-pantheon-styx-hostname
styx-fe1-a-56d7969b4f-nzfgb
age
408130
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
content-length
307198
x-served-by
cache-chi-kigq8000037-CHI, cache-cph2320040-CPH, cache-cph2320040-CPH
last-modified
Thu, 20 Jun 2024 13:27:07 GMT
server
nginx
x-timer
S1719816568.254064,VS0,VE3
etag
W/"66742e2b-1f7287"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
ce42fc2e-2f08-11ef-b403-3a4931867672
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 27, 0
forcepoint.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/forcepoint.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
55, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-cr9cd
content-length
783
x-served-by
cache-chi-klot8100172-CHI, cache-cph2320046-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816568.254007,VS0,VE3
etag
W/"667c16d7-6ad"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
c6a01b99-33bf-11ef-a454-563f282b1988
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Jun 2025 13:27:03 GMT
about_us_0.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/about_us_0.svg?itok=3xrS9jXe
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 28, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408144
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-8gp4k
content-length
866
x-served-by
cache-chi-kigq8000108-CHI, cache-cph2320021-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Wed, 18 Oct 2023 11:53:36 GMT
server
nginx
x-timer
S1719816568.253997,VS0,VE4
etag
W/"652fc740-76e"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d8a73d5e-f1d7-11ee-96a4-d2ef4ea261cb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:05 GMT
our_approach_0.svg
www.forcepoint.com/sites/default/files/
3 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/our_approach_0.svg?itok=XjvgKmGS
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
1012
x-served-by
cache-chi-klot8100045-CHI, cache-cph2320032-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Wed, 18 Oct 2023 11:53:58 GMT
server
nginx
x-timer
S1719816568.284051,VS0,VE3
etag
W/"652fc756-a97"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d725995a-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
our_customers_0.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/our_customers_0.svg?itok=pljm0BZO
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 111, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-z27mm
content-length
913
x-served-by
cache-chi-kigq8000075-CHI, cache-cph2320036-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Wed, 18 Oct 2023 11:54:19 GMT
server
nginx
x-timer
S1719816568.284134,VS0,VE3
etag
W/"652fc76b-9af"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db834eb6-f1d7-11ee-8a97-36bf4d504f37
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon_12.svg
www.forcepoint.com/sites/default/files/
1 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon_12.svg?itok=mLSyqP7-
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 65, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-l79x9
age
408144
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
content-length
725
x-served-by
cache-chi-kigq8000075-CHI, cache-cph2320040-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Mon, 18 Mar 2024 16:01:42 GMT
server
nginx
x-timer
S1719816568.297428,VS0,VE3
etag
W/"65f86566-5ed"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db750a4b-f1d7-11ee-a7b0-d6145dabcebb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon-hover_12.svg
www.forcepoint.com/sites/default/files/
1 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon-hover_12.svg?itok=lvMOGlA6
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408144
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-kk5rj
content-length
737
x-served-by
cache-chi-kigq8000131-CHI, cache-cph2320026-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Mon, 18 Mar 2024 16:01:47 GMT
server
nginx
x-timer
S1719816568.297041,VS0,VE4
etag
W/"65f8656b-5fb"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db770500-f1d7-11ee-b87b-f2654297ce89
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ee27e3cdc69e172aac4b82b3f20d30a2e9b8fc56e7154475292f0ce338b8a5a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408129
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
1421
x-served-by
cache-chi-kigq8000092-CHI, cache-cph2320025-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:59 GMT
server
nginx
x-timer
S1719816568.295262,VS0,VE4
etag
W/"65e6b647-19a6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e5937e66-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
fp_one_icon_0.svg
www.forcepoint.com/sites/default/files/
1 KB
985 B
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon_0.svg?itok=eKi29PlI
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
80, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408144
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-z27mm
content-length
725
x-served-by
cache-chi-kigq8000060-CHI, cache-cph2320046-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Wed, 18 Oct 2023 11:35:43 GMT
server
nginx
x-timer
S1719816568.297770,VS0,VE3
etag
W/"652fc30f-5ed"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db7b0db8-f1d7-11ee-8a97-36bf4d504f37
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon-hover_0.svg
www.forcepoint.com/sites/default/files/
1 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon-hover_0.svg?itok=ecRnPBsZ
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
27, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408144
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-6v4d5
content-length
737
x-served-by
cache-chi-kigq8000145-CHI, cache-cph2320023-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Wed, 18 Oct 2023 11:35:50 GMT
server
nginx
x-timer
S1719816568.297292,VS0,VE3
etag
W/"652fc316-5fb"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d8a93da4-f1d7-11ee-b900-62d8d57276c4
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:05 GMT
cyber_edu_icon.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/cyber_edu_icon.svg?itok=XXkKE01K
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408144
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
813
x-served-by
cache-chi-klot8100039-CHI, cache-cph2320050-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Wed, 18 Oct 2023 12:02:27 GMT
server
nginx
x-timer
S1719816568.296765,VS0,VE4
etag
W/"652fc953-9a9"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d721c0d1-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
cyber_edu_icon-hover.svg
www.forcepoint.com/sites/default/files/
3 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/cyber_edu_icon-hover.svg?itok=ymKcsOZ4
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2528d731c4e61e67f78982f202d1de7e6f7a234117b4d9c98325c27e33c6e1d3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408144
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-5zbrs
content-length
869
x-served-by
cache-chi-kigq8000147-CHI, cache-cph2320054-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Wed, 18 Oct 2023 12:02:37 GMT
server
nginx
x-timer
S1719816568.296654,VS0,VE4
etag
W/"652fc95d-b0c"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
dc5b370e-f1d7-11ee-bbb7-623f168e5bfe
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:11 GMT
remcos.jpg
www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/
47 KB
47 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/remcos.jpg?itok=XWFEbG-M&timestamp=1719232019
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b486e01022c2460a86538a67510d4f39ce41e9dd5050a3d9578ec6f4c054f8ec
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 11, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240194
age
580910
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=49888 idim=1180x346 ifmt=jpeg ofsz=48148 odim=1180x346 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-lk559
content-length
48148
x-served-by
cache-chi-klot8100155-CHI, cache-ams2100130-AMS, cache-ams2100135-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.298240,VS0,VE3
etag
"F2ZaRqJk0daflRfM97xFkdxMqC80bQbsMHZ6zAMLKSA"
vary
Accept
content-type
image/webp
x-styx-req-id
869891a0-322d-11ef-be6b-420e4ed0c032
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:27:38 GMT
url_shortener_ms_file_xlabs_i_1-v2.jpg
www.forcepoint.com/sites/default/files/
17 KB
17 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_1-v2.jpg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fe7d3ca3e17134925638b03cba3263b8da913e73bf270bf48fda841b2c8ad761
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 14, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img05-europe-west3
age
581512
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=105667 idim=800x953 ifmt=jpeg ofsz=17382 odim=800x953 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-prbvz
content-length
17382
x-served-by
cache-chi-kigq8000073-CHI, cache-ams2100102-AMS, cache-ams21031-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.296733,VS0,VE1
etag
"7SVxGRTsRsD5DU30HaPYBDN93bomOXFsQX/LHmWXXdk"
vary
Accept
content-type
image/webp
x-styx-req-id
1fd6a34a-322c-11ef-9a99-1edbf4b9e77b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:36 GMT
url_shortener_ms_file_xlabs_i_2.png
www.forcepoint.com/sites/default/files/
315 KB
316 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_2.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6aa75e0e135df761bc11a0e1231af1ef27a5b7fe5985714865f35781286b42e9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 14, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img05-europe-west3
age
581511
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=445150 idim=1444x609 ifmt=png ofsz=322528 odim=1444x609 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-ncjj8
content-length
322528
x-served-by
cache-chi-klot8100131-CHI, cache-ams2100098-AMS, cache-ams21035-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.297282,VS0,VE2
etag
"d5h+klWK/c7FrFheTTDNPoHf9RZz9vZzXQ3zYK0Ag68"
vary
Accept
content-type
image/webp
x-styx-req-id
20160127-322c-11ef-ad75-f60ce2535107
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_3.png
www.forcepoint.com/sites/default/files/
39 KB
40 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_3.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fdc11521f5009cca4ba4c329f0ab9a94273191d33239245d16f484ccbbff23d1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 14, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img02-europe-west3
age
581511
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=88530 idim=605x658 ifmt=png ofsz=40326 odim=605x658 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-prbvz
content-length
40326
x-served-by
cache-chi-klot8100150-CHI, cache-ams2100117-AMS, cache-ams2100096-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.297300,VS0,VE1
etag
"wXvHW4YabVL2AfDEgggP0bxYC3oJAyiFtk9V5vhiAkA"
vary
Accept
content-type
image/webp
x-styx-req-id
2020a90c-322c-11ef-9a99-1edbf4b9e77b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_4.png
www.forcepoint.com/sites/default/files/
199 KB
200 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_4.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
365e944c8e49f6e24235dabb2633d0f154ef6a8ef077a8abfe29a6847ae1153a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 14, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img05-europe-west3
age
581511
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=267689 idim=828x522 ifmt=png ofsz=203952 odim=828x522 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-llvxv
content-length
203952
x-served-by
cache-chi-klot8100172-CHI, cache-ams21051-AMS, cache-ams2100145-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.297404,VS0,VE1
etag
"SnfZyKFrn7g7K10KsEnCFXqiSGvmtQKty6oQjAwzi0c"
vary
Accept
content-type
image/webp
x-styx-req-id
20232f76-322c-11ef-b79f-ee120c8775da
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_5.png
www.forcepoint.com/sites/default/files/
162 KB
163 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_5.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
74a6ba58527ccbbde80b52bb6b23dd5671a4a72199fe789324786d15d6fa9a24
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 14, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img03-europe-west3
age
581511
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=204427 idim=948x411 ifmt=png ofsz=166150 odim=948x411 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-w9nrv
content-length
166150
x-served-by
cache-chi-kigq8000044-CHI, cache-ams2100100-AMS, cache-ams2100130-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.296262,VS0,VE2
etag
"zshYMnvqesS4N24wNRT5g8dW6vY2dr7FffVrMqSETho"
vary
Accept
content-type
image/webp
x-styx-req-id
2028ab18-322c-11ef-b993-de70e4427182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_6.png
www.forcepoint.com/sites/default/files/
44 KB
45 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_6.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
afe5695ceec4f19c701784c442de76dc711f61482071b8f860bb1608380bc8b5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 14, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240194
age
581511
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=114045 idim=948x353 ifmt=png ofsz=45538 odim=948x353 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-ct69k
content-length
45538
x-served-by
cache-chi-kigq8000039-CHI, cache-ams21072-AMS, cache-ams2100142-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.297292,VS0,VE2
etag
"cfBum3WxXrzMpjRlESCQfwdNZNbNjYvADjmedfK8LSY"
vary
Accept
content-type
image/webp
x-styx-req-id
202315e3-322c-11ef-b7ec-065f8a95e18c
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_7.png
www.forcepoint.com/sites/default/files/
39 KB
40 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_7.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f1b6cef797b1f839c2db70c44e77b6e0551cba4e22c5f7b056fcb805468b613
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 14, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240193
age
581511
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=76711 idim=951x328 ifmt=png ofsz=39984 odim=951x328 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-h68wv
content-length
39984
x-served-by
cache-chi-kigq8000106-CHI, cache-ams21035-AMS, cache-ams2100133-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.299360,VS0,VE2
etag
"E0nTLGQVejF9I+JPXrT1rl0nue8wOAsvX/88MxUWfMA"
vary
Accept
content-type
image/webp
x-styx-req-id
20231e69-322c-11ef-bacb-5e8344290807
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_8.png
www.forcepoint.com/sites/default/files/
78 KB
78 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_8.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3d71af35f2b359f1b23e69e6fb08b67a73db8dc5907a7bf83d87b62849ed3b3b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 22, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240195
age
581511
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=86768 idim=582x326 ifmt=png ofsz=79904 odim=582x326 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-cxdcg
content-length
79904
x-served-by
cache-chi-kigq8000054-CHI, cache-ams2100142-AMS, cache-ams21065-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.296752,VS0,VE1
etag
"pyh1leYjmlkDOtqryhGPE54Gdl84kP1cIsSdvOa0k2s"
vary
Accept
content-type
image/webp
x-styx-req-id
2023264e-322c-11ef-942b-6a153845af30
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_9.png
www.forcepoint.com/sites/default/files/
172 KB
172 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_9.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
273da5f5372f7eca262d218c1b3a1b0a7055dad4843e7cf485cf7804d8aa0ca4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 14, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240196
age
581511
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=229302 idim=599x257 ifmt=png ofsz=176152 odim=599x257 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-ct69k
content-length
176152
x-served-by
cache-chi-kigq8000135-CHI, cache-ams21036-AMS, cache-ams21041-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.296759,VS0,VE2
etag
"ZK5vWPTQmrVXDpfN+aL9muvdsTJFaAMd2cFPGDZN0XU"
vary
Accept
content-type
image/webp
x-styx-req-id
202381ce-322c-11ef-b7ec-065f8a95e18c
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_10.png
www.forcepoint.com/sites/default/files/
23 KB
23 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_10.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
353db1686dfd23728735c8f83a8382b37b37f1243ca1ee2ef2f7241341f2e1e4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 22, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240193
age
581511
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=36167 idim=601x130 ifmt=png ofsz=23266 odim=601x130 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-6m95f
content-length
23266
x-served-by
cache-chi-kigq8000077-CHI, cache-ams2100100-AMS, cache-ams21063-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.297806,VS0,VE1
etag
"3jDUa28hecKxwsIzbF9aV2EMfqR31hpAKs4GbOWIzdg"
vary
Accept
content-type
image/webp
x-styx-req-id
2022f9d5-322c-11ef-a182-7a520cdabf04
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_11.png
www.forcepoint.com/sites/default/files/
275 KB
275 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_11.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
87649ba070f4b18de6d9d8824f7a347d4842b913451fddde49bfdb163ae2e12a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 22, 23
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240193
age
529384
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=370812 idim=1081x482 ifmt=png ofsz=281090 odim=1081x482 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-w9nrv
content-length
281090
x-served-by
cache-chi-kigq8000041-CHI, cache-ams21060-AMS, cache-ams21060-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.296237,VS0,VE0
etag
"mKkjbVo+60hxqOwHSsXW7Wu5LTZXMJM8lUvdQ2LlD+c"
vary
Accept
content-type
image/webp
x-styx-req-id
be186572-322b-11ef-b993-de70e4427182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:14:52 GMT
url_shortener_ms_file_xlabs_i_12.png
www.forcepoint.com/sites/default/files/
122 KB
122 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_12.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
dd7fe585c74e77b78c21455683a55283fe4f723875c825a1c676e1347ba54ab3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 14, 2
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img04-europe-west3
age
581510
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=164157 idim=1222x566 ifmt=png ofsz=124494 odim=1222x566 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-4fsf9
content-length
124494
x-served-by
cache-chi-kigq8000028-CHI, cache-ams2100108-AMS, cache-ams21022-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.298704,VS0,VE0
etag
"Pan41FY3BfR+w1lgx1T/Brapl4HMlottlLd0zQX6CsE"
vary
Accept
content-type
image/webp
x-styx-req-id
2029ccf5-322c-11ef-82b6-0e47c8ff5b51
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_13.png
www.forcepoint.com/sites/default/files/
128 KB
129 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_13.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1a551853bab605782355fae523df4ddad8f3ec86be2e9654278282b154490cc2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 14, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
img03-europe-west3
age
581511
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=173257 idim=1053x393 ifmt=png ofsz=131538 odim=1053x393 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-p5mqc
content-length
131538
x-served-by
cache-chi-klot8100114-CHI, cache-ams2100087-AMS, cache-ams21042-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.298139,VS0,VE2
etag
"quOqBzZpzPns+RRLjsT8g5NYuunGnoCnvSYXOxKX9J8"
vary
Accept
content-type
image/webp
x-styx-req-id
20281448-322c-11ef-a649-ee9e1dde6fad
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
placeholder_image.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
34 B
506 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/placeholder_image.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 293, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240193
age
2782743
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=1272 idim=20x20 ifmt=png ofsz=34 odim=20x20 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-777f57d6b4-7lfsr
content-length
34
x-served-by
cache-chi-kigq8000157-CHI, cache-ams21022-AMS, cache-ams21022-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.298312,VS0,VE1
etag
"1Cw1g26qcqy/qXiETpkqMbr8ayhbr57dIxJ0jC+RrrE"
vary
Accept
content-type
image/webp
x-styx-req-id
fb236c33-1e26-11ef-9bc5-ca0a99e76898
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 31 May 2025 01:50:24 GMT
xlabs_html_masquerading_hero.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/
23 KB
24 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/xlabs_html_masquerading_hero.jpg?itok=2gIxoLip&timestamp=1716422629
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
59976a805bd708c7009f31a3cd7a86357c53b1f2331d2f2997d0db350b9bb32b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 54, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240193
age
1558259
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=23903 idim=570x270 ifmt=jpeg ofsz=23903 odim=570x270 ofmt=jpeg
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-67997c6b59-7tkcr
content-length
23903
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000068-CHI, cache-ams21028-AMS, cache-ams2100131-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.296764,VS0,VE1
etag
"OvNJbKbS9BsYY3A+jpX6UDbrLPde7v94aCOY6aCmyTM"
vary
Accept
content-type
image/jpeg
x-styx-req-id
54323768-2277-11ef-b2a9-de862396ff34
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 05 Jun 2025 13:35:38 GMT
metamorfo.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/
20 KB
21 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/metamorfo.jpg?itok=2hdrV4LI&timestamp=1715862746
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
61cbf8a09d67fc91bd97e439ecb5b880e5b0ea421fdcb9190d5da2f4c8890aa5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 19, 2
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240195
age
1205035
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=20480 idim=570x270 ifmt=jpeg ofsz=20480 odim=570x270 ofmt=jpeg
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-55987d54bd-sbxbq
content-length
20480
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-klot8100163-CHI, cache-ams2100144-AMS, cache-ams21073-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.298240,VS0,VE0
etag
"o5gUs/gM/6PF8KxB8xS2CI2m8z/tJNSW4KmOVrptZOs"
vary
Accept
content-type
image/jpeg
x-styx-req-id
5e8c7cd3-2c80-11ef-a275-5e4d677334db
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 18 Jun 2025 08:05:32 GMT
photoshop_ai_header-green.jpg
www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/
6 KB
6 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/photoshop_ai_header-green.jpg?itok=8hLu2US7
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
06253733aa87841e74e8076ca1a74c6b8a5eed79057c8dc2812e8f622cbdd45e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 14, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:28 GMT
fastly-io-served-by
vpop-etou8240195
age
498564
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=5882 idim=199x111 ifmt=jpeg ofsz=5882 odim=199x111 ofmt=jpeg
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-h68wv
content-length
5882
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000025-CHI, cache-ams21040-AMS, cache-ams2100086-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816568.295770,VS0,VE6
etag
"Y6htgqRKYVV6fCxh29+UgVVRJbGoqqD03HeXx0cVYxs"
vary
Accept
content-type
image/jpeg
x-styx-req-id
404d8316-32ed-11ef-bacb-5e8344290807
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 26 Jun 2025 12:20:03 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/
88 KB
28 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
912654
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
28035
last-modified
Wed, 08 Mar 2023 16:05:42 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"6408b256-6d83"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7NkmD%2B78sMJZEdxfBBQQuTytw9u%2FvS7E57w7ShKAzU9r8GEhCL%2BMBkExopramO3BjQ4VxuOovhwoF8B4jxhbWcpGnu6wY%2FaD%2FIKEYnBtUTancn%2BDSNBVI%2B5sV%2FnFhvW5veJOOrFa"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89c474cffd621979-FRA
expires
Sat, 21 Jun 2025 06:49:28 GMT
jquery-migrate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.4.1/
13 KB
5 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.4.1/jquery-migrate.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
20779
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4374
last-modified
Fri, 24 Feb 2023 02:37:49 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"63f822fd-1116"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0VlBOOpAXIbtCJWvSVaWhCSBQB6UKd3CrUMjHFM8y5nU%2F5YWzw%2F3XKLwHa00Yj8oXN3ykwPF%2FBcL1ddI59SM6QagQrQl%2B1Dz5B7GZlSjpdrvpDHgdm6BpzOCTqq87UmJsMyzNsaw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89c474cffd641979-FRA
expires
Sat, 21 Jun 2025 06:49:28 GMT
jquery-ui.min.js
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/
249 KB
56 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
920259
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
56990
last-modified
Fri, 29 Jul 2022 20:40:53 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"62e445d5-de9e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nm%2FKwnaxbJrD%2B%2Br%2FbPsSIftV2wX5%2BUBD9NuUB0fgJ9ZApRb5bFpMHpTj0Z7AwYQo8SR19DizaHMEF8ijaaF%2F1AbYRDHwsjRWkJCAfTh82KB1ofk7Q1mV2FhzVCEYF1ZUx0ifLWDL"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89c474cffd671979-FRA
expires
Sat, 21 Jun 2025 06:49:28 GMT
jquery.cookie.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/
1 KB
1 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1663996
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
591
last-modified
Mon, 04 May 2020 16:11:45 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec1-514"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2FawRQxY92weZfjJ%2Bmqv7PscB8Zg7Vt%2F20BLSdAOcaS1dTPz2B9TPMyJ9%2BVol0b8UQ5gbZWBQU%2FuZiK43NZ5FDAhE9bFgrZPULOd4DXWzxCkRP059l0%2BVSCZU9ZfSNUkvWS4UGkd"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89c474cffd6a1979-FRA
expires
Sat, 21 Jun 2025 06:49:28 GMT
jquery.form.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.form/4.3.0/
17 KB
6 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.form/4.3.0/jquery.form.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3242681
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5719
last-modified
Sun, 07 Jun 2020 05:05:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5edc7595-42c6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d7IBF%2FL9xGfVTp5n14ajSNQ14VGWiMR5bUyoPEBfz6Le5azf0EDSn7id7YnNouy233%2FpCNscgHFfhUtI%2BYNLCyFNzbryozF2fogAMPRLT69q%2BEuoXftnpuOtQDWH%2BcsXzBGwEWBk"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89c474cffd6b1979-FRA
expires
Sat, 21 Jun 2025 06:49:28 GMT
utag.sync.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/
17 KB
5 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9a363427efaa6cd56ae165653d1070e96c6b804c99253d1cde1488da66f7af69

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
f7XlDKALolka7PsLnulZvA_cVYX85BNV
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Mon, 01 Jul 2024 06:46:25 GMT
last-modified
Thu, 13 Jun 2024 14:02:24 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
186
x-amz-server-side-encryption
AES256
etag
W/"a7ad28ce871f50adcd1baf2802161690"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
zQkvD_S5LdBjVqbVlWm8xa4H6FQaPCAp1qn0puDNi9FS93sZ11_TXw==
v2.js
js.hsforms.net/forms/
482 KB
156 KB
Script
General
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.141.119 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
age
33
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=89c47402d9af3a6c-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.5387/bundles/project-v2.js
date
Mon, 01 Jul 2024 06:49:28 GMT
x-amz-version-id
mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-content-type-options
nosniff
cf-cache-status
HIT
via
1.1 c0b0d7167cc2eb52d8d154aa7fc03a0a.cloudfront.net (CloudFront)
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
56077867-1576-45ba-b44c-5cca5435e826
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
56077867-1576-45ba-b44c-5cca5435e826
last-modified
Thu, 06 Jun 2024 13:36:59 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XwW4aknWNNhCsCJRxDbXgqB9xMO0kG9ZlIfyVGY%2BKdurUtP%2BiHxeTC0iXnSHYdtqy%2Bv%2FxzWny9BuFM6K5zgH1JQaHRlF5PQBJoZUFSHMUuSK75tlYsHy6kT3t892xoy7"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-5s6qd
cf-ray
89c474d02b779f29-FRA
x-amz-cf-id
yBJjqok1aIsRom-BMxzyy0Bm9RA_hRaUtQPVueQNaRJJJDfCP3KdEg==
js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
11 KB
5 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f443007354af04e5d9f0aea2ce21303442752753ce63ab035a6c76d4f06d5d52
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sat, 17 May 2025 05:22:12 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408130
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-8688d6cf87-vrdl9
content-length
4874
x-served-by
cache-chi-kigq8000024-CHI, cache-cph2320041-CPH, cache-cph2320040-CPH
last-modified
Tue, 05 Mar 2024 06:05:59 GMT
server
nginx
x-timer
S1719816568.296070,VS0,VE3
etag
W/"65e6b647-2a50"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
402786fd-1344-11ef-8bd4-c263bcbaff8d
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 27, 0
js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
13 KB
5 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff79200e9d0486ad1207f01f3c5918eea0771ded9b1681694da8caaae4c74c1a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408150
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-fddpv
content-length
4854
x-served-by
cache-chi-kigq8000072-CHI, cache-cph2320024-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:05:49 GMT
server
nginx
x-timer
S1719816568.299872,VS0,VE4
etag
W/"65e6b63d-343a"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d721c50f-f1d7-11ee-a6cf-faab7e7aaaa3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
547 B
588 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
634b615987ef6bc5cf11ff7eb78673aebf61e436dc7a56de0f4b4aa543ccb577

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-srsz5
age
408130
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
content-length
294
x-served-by
cache-chi-klot8100132-CHI, cache-cph2320040-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:06:00 GMT
server
nginx
x-timer
S1719816568.295900,VS0,VE4
etag
W/"65e6b648-223"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e597477d-f1d7-11ee-83a9-32c190c1efda
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
27 KB
8 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
033ea4cefced423a11d0cc62afb56c3b09c16913abe8a891fc578b2f2327a101
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408149
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
7981
x-served-by
cache-chi-kigq8000113-CHI, cache-cph2320048-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:55 GMT
server
nginx
x-timer
S1719816568.296778,VS0,VE4
etag
W/"65e6b643-6d75"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd156f92-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
22 KB
8 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b2da29ed5ab13ba88c22a51b412428640f8b495c40e0225d712d16eb6ea8351e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408065
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
7765
x-served-by
cache-chi-kigq8000098-CHI, cache-cph2320050-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:06:01 GMT
server
nginx
x-timer
S1719816568.296070,VS0,VE4
etag
W/"65e6b649-59a3"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e59287d2-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
730 B
697 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
67138202cdb85739d98743e8226b60fbef18366ce3da88902bee16dacd0f0959
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408150
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ph6zp
content-length
381
x-served-by
cache-chi-klot8100120-CHI, cache-cph2320039-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:56 GMT
server
nginx
x-timer
S1719816568.298755,VS0,VE3
etag
W/"65e6b644-2da"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd343a59-f1d7-11ee-89af-8edf77054182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__udVKtMVyYcbvVHDJ0nPML4nntXexNWL2oMqAdYSCgWM__DGF7DhDt4X72RMZfC0gLtM1DzR4cKNX-xUUTDHAODaQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
27 KB
10 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__udVKtMVyYcbvVHDJ0nPML4nntXexNWL2oMqAdYSCgWM__DGF7DhDt4X72RMZfC0gLtM1DzR4cKNX-xUUTDHAODaQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c3af792cf17fc9da7b301e6ec8a24dcec9e7b4d3ef83622c2417329f658e8848
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 17 Apr 2025 13:54:31 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408129
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-dfscd
content-length
10066
x-served-by
cache-chi-klot8100144-CHI, cache-cph2320026-CPH, cache-cph2320040-CPH
last-modified
Tue, 16 Apr 2024 13:54:18 GMT
server
nginx
x-timer
S1719816568.299292,VS0,VE4
etag
W/"661e830a-6bc3"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d99a5f32-fbf8-11ee-84c5-c204ae6b7bc4
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 27, 0
js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
710 B
709 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1f81387d932ab97c0ddff8edfc8e1ca4e37201b3cfb5d3911bc25a04e4087ae7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408149
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ph6zp
content-length
306
x-served-by
cache-chi-klot8100117-CHI, cache-cph2320056-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:57 GMT
server
nginx
x-timer
S1719816568.296719,VS0,VE5
etag
W/"65e6b645-2c6"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd2ddb29-f1d7-11ee-89af-8edf77054182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
798 B
681 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0af941ad21ab4dc704f04bdf8d21825869cfe27eb61b3a37e295f70697c48c88
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
78, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408130
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-srsz5
content-length
428
x-served-by
cache-chi-klot8100128-CHI, cache-cph2320039-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:06:02 GMT
server
nginx
x-timer
S1719816568.296143,VS0,VE3
etag
W/"65e6b64a-31e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e59612e5-f1d7-11ee-83a9-32c190c1efda
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
981 B
800 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
33df7d1430b49b83528e5df930e1da6d9bf492fb32b37ff2b9fd4d97834a0abd
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Mon, 12 May 2025 21:23:44 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-548957645b-ggnrv
content-length
452
x-served-by
cache-chi-klot8100097-CHI, cache-cph2320022-CPH, cache-cph2320040-CPH
last-modified
Tue, 05 Mar 2024 06:06:03 GMT
server
nginx
x-timer
S1719816568.296059,VS0,VE5
etag
W/"65e6b64b-3d5"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
becdc4fc-0fdc-11ef-94bd-42e5d22ea1b9
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 27, 0
js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
3 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9e815610f978cad8bc6a72832b206c68e17bf6799cd0c937b2b3c30014243f73
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sun, 25 May 2025 07:15:48 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408149
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-6b7857bbbb-dfbjw
content-length
1539
x-served-by
cache-chi-klot8100066-CHI, cache-cph2320051-CPH, cache-cph2320040-CPH
last-modified
Tue, 19 Mar 2024 19:19:24 GMT
server
nginx
x-timer
S1719816568.296059,VS0,VE5
etag
W/"65f9e53c-d5a"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
721db0cf-199d-11ef-a9e0-26ad238f469f
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 27, 0
js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
32 KB
14 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6806cdcdd3c7f06950968eeebc5ed11dc261adde18cfefd541532fcf5e59ddff
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
79, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408130
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-h68w5
content-length
14177
x-served-by
cache-chi-klot8100139-CHI, cache-cph2320055-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:06:03 GMT
server
nginx
x-timer
S1719816568.295745,VS0,VE4
etag
W/"65e6b64b-81b7"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e592268a-f1d7-11ee-9fa0-220fea7644ee
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__awDE3dco34o6B5V5PT-wcPX9t75VGt6sjYxNLg-Ibew__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
6 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__awDE3dco34o6B5V5PT-wcPX9t75VGt6sjYxNLg-Ibew__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c654220d555e70fb63334836085ed53e9a9d2982e79824664fba6d89e6dc490e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 17 Apr 2025 13:54:31 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408149
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-c4v2w
content-length
2104
x-served-by
cache-chi-klot8100167-CHI, cache-cph2320047-CPH, cache-cph2320040-CPH
last-modified
Tue, 16 Apr 2024 13:54:19 GMT
server
nginx
x-timer
S1719816568.296192,VS0,VE4
etag
W/"661e830b-183e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d99b81fb-fbf8-11ee-9c93-fae8d33dc845
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 27, 0
js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
4 KB
1 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
61deedef5519831c5ba93b5ea4ccbe1d3a6a544c37709704271d05871caf1a02
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Wed, 21 May 2025 14:41:43 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408037
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-7d5d4db597-t449s
content-length
1194
x-served-by
cache-chi-kigq8000035-CHI, cache-cph2320032-CPH, cache-cph2320040-CPH
last-modified
Tue, 05 Mar 2024 06:06:26 GMT
server
nginx
x-timer
S1719816568.295451,VS0,VE4
etag
W/"65e6b662-f33"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
13b2b807-16b7-11ef-ab5f-328758f3d7f2
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
55, 27, 0
js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
4 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7a06dd94021db644db9732192dd8c6b062b80d3f99488e35ce495e82f0ccf961
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408066
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-srsz5
content-length
1541
x-served-by
cache-chi-klot8100156-CHI, cache-cph2320052-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:06:04 GMT
server
nginx
x-timer
S1719816568.295747,VS0,VE5
etag
W/"65e6b64c-f24"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e594d3d7-f1d7-11ee-83a9-32c190c1efda
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
4 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fd08b09bb992ad9d8eb1fa512716a782939ee1df7c7b10ebecef57bc7b023626
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408066
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
1260
x-served-by
cache-chi-kigq8000118-CHI, cache-cph2320023-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:06:05 GMT
server
nginx
x-timer
S1719816568.296192,VS0,VE5
etag
W/"65e6b64d-ebd"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
ea32fd72-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:34 GMT
js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
5 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a167f660daaa2f0abba7204685eb46f7127b490d936f10747a2f8c5daba26b83
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sat, 21 Jun 2025 22:59:42 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408145
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-56d7969b4f-kpvrp
content-length
1853
x-served-by
cache-chi-klot8100113-CHI, cache-cph2320036-CPH, cache-cph2320040-CPH
last-modified
Tue, 05 Mar 2024 06:05:50 GMT
server
nginx
x-timer
S1719816568.295773,VS0,VE4
etag
W/"65e6b63e-1377"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
c7e56e84-2f58-11ef-a52a-56441efc25bf
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 27, 0
js__RKHlmU6t0RLUncGnTujiufoFCC5MbSOoksjftmO9T3k__zuc6_saw4GugjJbkXjhIWvD6QUdji5PLzz5KMmYf8SA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
6 KB
3 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__RKHlmU6t0RLUncGnTujiufoFCC5MbSOoksjftmO9T3k__zuc6_saw4GugjJbkXjhIWvD6QUdji5PLzz5KMmYf8SA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
706bcb95e6eec4ff78ac6d9647ad0e0e7163134b73c45f0fc5b801ca529127d2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 17 Apr 2025 13:54:51 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408131
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-6494bdc54b-252xz
content-length
2348
x-served-by
cache-chi-kigq8000179-CHI, cache-cph2320023-CPH, cache-cph2320040-CPH
last-modified
Tue, 16 Apr 2024 13:54:32 GMT
server
nginx
x-timer
S1719816568.295394,VS0,VE3
etag
W/"661e8318-1965"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e54bdec9-fbf8-11ee-9577-c280e6ba379a
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 27, 0
js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
2 KB
1 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ac12f243172f3c8376a67f24942257093fd70d0c10212a58bf8df60f372be24e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408149
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
762
x-served-by
cache-chi-kigq8000175-CHI, cache-cph2320055-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:59 GMT
server
nginx
x-timer
S1719816568.295378,VS0,VE4
etag
W/"65e6b647-76d"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
de004b55-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:14 GMT
js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__YDKn5kOzd1mgJhYu7UkUXBFTO-WC5n-FhasqlgTZXKY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
10 KB
4 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__YDKn5kOzd1mgJhYu7UkUXBFTO-WC5n-FhasqlgTZXKY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0eb42d32c51e79e9d48a5694328c0ce8889f58a2c25bf13f239a8d818226a96a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 17 Apr 2025 13:54:51 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408131
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-c4v2w
content-length
3791
x-served-by
cache-chi-kigq8000049-CHI, cache-cph2320051-CPH, cache-cph2320040-CPH
last-modified
Tue, 16 Apr 2024 13:54:33 GMT
server
nginx
x-timer
S1719816568.295366,VS0,VE4
etag
W/"661e8319-262c"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e54d52df-fbf8-11ee-9c93-fae8d33dc845
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 27, 0
js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
1017 B
915 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2db23bd96dca0757b0f0d309acb62fe766c08348c86c195ed79658f7f7b456c3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408146
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-m7qcg
content-length
566
x-served-by
cache-chi-kigq8000115-CHI, cache-cph2320059-CPH, cache-cph2320040-CPH
last-modified
Tue, 05 Mar 2024 06:05:51 GMT
server
nginx
x-timer
S1719816568.295344,VS0,VE4
etag
W/"65e6b63f-3f9"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
c671924e-33bf-11ef-828b-222e41344d78
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
51, 27, 0
js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
2 KB
1 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3180fea88eaa47e87effdffd92cc7f52249a701909b6b617b2d0c55b7a0e7c98
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408149
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-h68w5
content-length
629
x-served-by
cache-chi-kigq8000137-CHI, cache-cph2320039-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:06:01 GMT
server
nginx
x-timer
S1719816568.297808,VS0,VE4
etag
W/"65e6b649-61e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
ddd9505b-f1d7-11ee-9fa0-220fea7644ee
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:13 GMT
js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__AT6c7sCefn259J383Kk5L3xgymjOI5hghQofGOoaazQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
21 KB
7 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__AT6c7sCefn259J383Kk5L3xgymjOI5hghQofGOoaazQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7dfeb329f73421a0c80e8a067d3e1d67c916c84746f94cb9826c06bc58516d1f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:26:32 GMT
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408149
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-ct69k
content-length
6820
x-served-by
cache-chi-klot8100110-CHI, cache-cph2320047-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:26:03 GMT
server
nginx
x-timer
S1719816568.295375,VS0,VE6
etag
W/"667c16eb-55f3"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
b45e7b01-33bf-11ef-a5ff-065f8a95e18c
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
53, 27, 0
js__5JgaXR8D2C00E22GhU2eB1lVAKgbz2L03t9_2mjtbvU__jsf8gUmjQabawiet5xN7FARmhje4S0BRk0UtxOVEzLY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
1 KB
885 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__5JgaXR8D2C00E22GhU2eB1lVAKgbz2L03t9_2mjtbvU__jsf8gUmjQabawiet5xN7FARmhje4S0BRk0UtxOVEzLY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76d9063e5a28081ce23c52ce4c500f8a39674afbedf24aad5f304df8f00a84df
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
11, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408130
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-2j9t5
content-length
495
x-served-by
cache-chi-klot8100119-CHI, cache-cph2320037-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:06:09 GMT
server
nginx
x-timer
S1719816568.295293,VS0,VE4
etag
W/"65e6b651-40c"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e594266c-f1d7-11ee-aed0-566d988ffce8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__bunscNd0XY0JtFyEPHN8vrG4QmOdFsldeaRN0v3VA9M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
79 KB
27 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__bunscNd0XY0JtFyEPHN8vrG4QmOdFsldeaRN0v3VA9M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2da781a6191588a46eeb8e47e2d5c4fd2d49a2eceeb1e6e061dbac289e63dc7c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
4, 27, 0
date
Mon, 01 Jul 2024 06:49:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408037
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
26917
x-served-by
cache-chi-klot8100116-CHI, cache-cph2320053-CPH, cache-cph2320040-CPH
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Mon, 18 Mar 2024 14:45:01 GMT
server
nginx
x-timer
S1719816568.295274,VS0,VE6
etag
W/"65f8536d-13c91"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e5945f6d-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
/
attr.ml-api.io/
Redirect Chain
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=2657853101310053061
4 B
279 B
Image
General
Full URL
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=2657853101310053061
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Server
2600:9000:206f:1800:5:7a81:86c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 01 Jul 2024 06:49:29 GMT
via
1.1 910fc18161f0602555cc5b6397ca26f2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
content-type
application/json
alt-svc
h3=":443"; ma=86400
content-length
4
apigw-requestid
aOGrBi0-oAMEPhA=
x-amz-cf-id
O3mqGjRrq5474Ir5_0fC4m_a4YFCORk7_0NeLjEfLvK_RS7Bb-OA5w==

Redirect headers

pragma
no-cache
date
Mon, 01 Jul 2024 06:49:29 GMT
an-x-request-uuid
c0a5fa91-0f6f-46c6-ad51-e5771a6aa08d
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=2657853101310053061
x-proxy-origin
80.255.7.116; 80.255.7.116; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
utag.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/
434 KB
111 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e87016d2d889ede0cfc1d5c8f1b69dfaf7d461f89ea0eda0bb9f0e3a081ca57d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
zr4gwCy6_8xEUw51.SYGeQ_pSFhNdynW
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Mon, 01 Jul 2024 06:49:02 GMT
last-modified
Thu, 13 Jun 2024 14:02:24 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
27
x-amz-server-side-encryption
AES256
etag
W/"44468fa32fdb667ec6e335ac4a3e7d81"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
z2dt9echCebNQm7vHKFnyhwxUaat_eABuqa0biXalIBywSsG6RryAA==
truncated
/
166 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
450 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
141 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
187 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
660 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
372 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
372 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
248 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
chevron-right-xxs.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/
213 B
525 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/chevron-right-xxs.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
eb06d9c1faf512de924b0840e5ff2cea13ea5154e84b9a2edb23c3ee94602bd7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
48, 27, 0
date
Mon, 01 Jul 2024 06:49:29 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408150
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-4l4rv
content-length
174
x-served-by
cache-chi-kigq8000176-CHI, cache-cph2320050-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:46 GMT
server
nginx
x-timer
S1719816569.052795,VS0,VE4
etag
W/"667c16da-d5"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
c47c6d75-33bf-11ef-a478-a28498a186e3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Jun 2025 13:27:00 GMT
truncated
/
636 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
636 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
636 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
banner-woman.jpg
www.forcepoint.com/sites/default/files/
12 KB
13 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/banner-woman.jpg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 186, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:29 GMT
fastly-io-served-by
vpop-etou8240195
age
3396828
http_x_geo_region
DE-BW
x-cache
HIT, HIT, HIT, HIT
fastly-io-info
ifsz=139269 idim=591x426 ifmt=jpeg ofsz=12712 odim=591x426 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-fff8fdb6d-mgt8t
content-length
12712
x-served-by
cache-chi-klot8100073-CHI, cache-ams21037-AMS, cache-ams12723-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816569.052760,VS0,VE2
etag
"N0lQYBtHe5ciagpRVpui8m2mvIrccgSXz/6JZdtfgoA"
vary
Accept
content-type
image/webp
x-styx-req-id
5fd10c48-1254-11ef-8773-22ec67fc409e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 16 May 2025 00:45:06 GMT
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
750 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
ajax-loader.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
365 B
750 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ajax-loader.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
195211df418c32079abb41bb0ebd2ea3aace287509a9c49702d80f1350313527
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 1486, 2
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:29 GMT
fastly-io-served-by
img04-europe-west2
age
2015509
http_x_geo_region
DE-BW
x-cache
HIT, HIT, HIT, HIT
fastly-io-info
ifsz=404 idim=43x11 ifmt=gif ofsz=365 odim=43x11 ofmt=gif ofrm=4
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-6zx56
content-length
365
x-served-by
cache-chi-klot8100112-CHI, cache-ams21053-AMS, cache-ams21053-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816569.053174,VS0,VE1
etag
"c9vdSz1SobFgJvEEIebuVOe3obQGnXd87HeEFJfv0io"
vary
Accept
content-type
image/gif
x-styx-req-id
36bb2f24-0c16-11ef-a6fd-3a8be9a6877a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 08 May 2025 02:05:01 GMT
bg-blog-podcast-final-plea.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/
136 KB
137 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/bg-blog-podcast-final-plea.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
defd01b0db74c62e4efe18ef38e5ec968f2b8c2cf51ab6b14f12e1ad250eec84
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 23, 2
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:29 GMT
fastly-io-served-by
vpop-etou8240196
age
892352
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=236236 idim=580x458 ifmt=png ofsz=139710 odim=580x458 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-56d7969b4f-tq26q
content-length
139710
x-served-by
cache-chi-kigq8000133-CHI, cache-ams21022-AMS, cache-ams21032-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816569.053169,VS0,VE1
etag
"J4HM7COV6lmZQG/n7TaO0MtxZmafgyzKI2fNbOojs8E"
vary
Accept
content-type
image/webp
x-styx-req-id
6555f2fb-2f58-11ef-a04e-8e5f079c444d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 21 Jun 2025 22:56:57 GMT
f-white.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/
257 B
410 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/f-white.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
46, 27, 0
date
Mon, 01 Jul 2024 06:49:29 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408149
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-4fsf9
content-length
187
x-served-by
cache-chi-klot8100146-CHI, cache-cph2320047-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:44 GMT
server
nginx
x-timer
S1719816569.053131,VS0,VE4
etag
W/"667c16d8-101"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
c4b51725-33bf-11ef-82b6-0e47c8ff5b51
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Jun 2025 13:27:00 GMT
truncated
/
442 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
icon-anchor-arrow-teal.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/
655 B
688 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/icon-anchor-arrow-teal.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
46, 28, 0
date
Mon, 01 Jul 2024 06:49:29 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408148
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-lk559
content-length
400
x-served-by
cache-chi-kigq8000077-CHI, cache-cph2320021-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816569.053707,VS0,VE4
etag
W/"667c16d7-28f"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
c4b652ab-33bf-11ef-be6b-420e4ed0c032
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Jun 2025 13:27:00 GMT
truncated
/
383 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
558 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
356 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
431 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
688 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
utag.v.js
tags.tiqcdn.com/utag/tiqapp/
2 B
431 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=websense/forcepoint-2018/202406131401&cb=1719816569353
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date
Mon, 01 Jul 2024 06:40:03 GMT
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
age
570
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2
last-modified
Sat, 11 Mar 2023 06:57:46 GMT
server
AmazonS3
etag
"7bc0ee636b3b83484fc3b9348863bd22"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
jsc7Y8Xao8tBaj0XBoClHs60I6p-9MpSOugqyoDsgORuGquzLzxmmQ==
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/
47 KB
7 KB
XHR
General
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ecb51b60ee20c9486e0a9161e7c38adab1d83be7df4acbb59c8e8bc811e1cad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-origin-hublet
na1
date
Mon, 01 Jul 2024 06:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
ead51fd9-422a-46d8-bf5a-2ae067825f8b
x-envoy-upstream-service-time
19
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
ead51fd9-422a-46d8-bf5a-2ae067825f8b
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.forcepoint.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
89c474d75f48bbc4-WAW
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-k4hjn
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/
47 KB
7 KB
XHR
General
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
599f5830ccbfb27f548221a3dd7d16786520037c583e53cbfcca34f1a0e11229
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-origin-hublet
na1
date
Mon, 01 Jul 2024 06:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
bd69f6dc-c988-4cb8-9148-eb145c8f18b2
x-envoy-upstream-service-time
13
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
bd69f6dc-c988-4cb8-9148-eb145c8f18b2
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.forcepoint.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
89c474d898abbbc4-WAW
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-ptpxr
loading.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
76 KB
77 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/loading.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3f3a06c93db350a7a9d3616a3dbbd6c252e702ade48978256c8a125fc2981d2d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 144, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:49:29 GMT
fastly-io-served-by
vpop-etou8240193
age
1594299
http_x_geo_region
DE-BW
x-cache
MISS, HIT, HIT, HIT
fastly-io-info
ifsz=80522 idim=200x200 ifmt=gif ofsz=78253 odim=200x200 ofmt=gif ofrm=30
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-59b5bdfd9-bfq9m
content-length
78253
x-served-by
cache-chi-kigq8000130-CHI, cache-ams21030-AMS, cache-ams21030-AMS, cache-cph2320040-CPH
server
nginx
x-timer
S1719816569.435526,VS0,VE2
etag
"Nxhc6+NYNokf+oi4tit7qUckgh54LwQ6JJFLiU/ddPg"
vary
Accept
content-type
image/gif
x-styx-req-id
0c2525e1-28f6-11ef-8faa-8658b3269531
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 13 Jun 2025 19:57:50 GMT
nr-rum-1.261.1.min.js
js-agent.newrelic.com/
49 KB
16 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-rum-1.261.1.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2602:816:5001::39 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d0ec82a82ae412d1cbcf08f404ce69ef215cd47d8a98d6aa13309fc66dacba1f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
PtpEMFkvDPThYBpPR8Pubi8RTrSqq2TW
content-encoding
br
via
1.1 varnish
date
Mon, 01 Jul 2024 06:49:29 GMT
strict-transport-security
max-age=300
x-amz-request-id
XFCN5EKRSBY32DMT
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
15608
x-amz-id-2
MHAVFeBJhZD7YET3LqS0sI6gTF8PP9HuXZAk734ooskE66CrZF/YL6NIFKQdvfbPcTD00wJ52zo=
x-served-by
cache-cph2320022-CPH
last-modified
Wed, 26 Jun 2024 18:29:32 GMT
server
AmazonS3
etag
"af66b9ecbf2258d50184f3a2cab623c1"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
55562
latest.js
scripts.simpleanalyticscdn.com/
7 KB
5 KB
Script
General
Full URL
https://scripts.simpleanalyticscdn.com/latest.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_js/js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
a965bdafdcbdf6a1bc0a04fb81ee6d5fb86e1fde7a2da4e8998ab3bcf467bdb4

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:49:29 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-storageserver
DE-680
cdn-cachedat
04/30/2024 19:00:38
cdn-pullzone
103822
last-modified
Mon, 10 Jul 2023 03:50:47 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
635
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"64ab8017-1d5b"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
621ef7c8-45de-46e4-8237-2eca0c3a2d75
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=604800
simple-analytics
true
cdn-requestid
1242f8123b00f055c835f5cc3c6fe189
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
favicon.ico
www.forcepoint.com/sites/all/themes/custom/fp/assets/icons/favicon/
15 KB
924 B
Other
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/icons/favicon/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
59a410a623d86c98b190b07e27d0cf4e36455f184fc85cc1a4021aac1bc8a860
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-l749x
date
Mon, 01 Jul 2024 06:49:29 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
408139
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
expires
Fri, 27 Jun 2025 13:27:09 GMT
content-length
606
x-served-by
cache-chi-klot8100165-CHI, cache-cph2320043-CPH, cache-cph2320040-CPH
last-modified
Wed, 26 Jun 2024 13:25:44 GMT
server
nginx
x-timer
S1719816570.598647,VS0,VE3
etag
"667c16d8-3aee"
vary
Accept-Encoding
content-type
image/x-icon
x-styx-req-id
ca528571-33bf-11ef-8b05-0e97991a7547
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
46, 28, 0
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
887 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:49:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
34d6e851-92fb-41e4-bd42-216c7ac9bad2
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
34d6e851-92fb-41e4-bd42-216c7ac9bad2
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-x87g5
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
89c474d90a18c077-WAW
truncated
/
133 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
geolocation-db.com/json/
144 B
256 B
XHR
General
Full URL
https://geolocation-db.com/json/
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
73b0da8a840c64018227ed4fe926f61a8a2c26f8acf0af2b4c5fa34f03ef4483

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Mon, 01 Jul 2024 06:49:30 GMT
content-encoding
gzip
server
nginx/1.14.0 (Ubuntu)
content-type
text/html; charset=UTF-8
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
850 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:49:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
20872948-4afb-4ab2-ae66-2b471e638e02
x-envoy-upstream-service-time
8
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
20872948-4afb-4ab2-ae66-2b471e638e02
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-ptpxr
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
89c474d90a15c077-WAW
simple.gif
queue.simpleanalyticscdn.com/
43 B
410 B
Image
General
Full URL
https://queue.simpleanalyticscdn.com/simple.gif?version=cdn_latest_11&hostname=www.forcepoint.com&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F126.0.0.0%20Safari%2F537.36&https=true&timezone=Europe%2FBerlin&page_id=de83cb41-9dcd-4dc8-9231-ee9560fe5825&session_id=15718445-d36c-48fb-8bd9-cbf9a296047d&sri=false&mobile=false&brands=%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22126%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22126%22%7D%5D&os_name=Win32&os_version=10.0.0&path=%2Fblog%2Fx-labs%2Furl-shortener-microsoft-word-remcos-rat-trojan&viewport_width=1600&viewport_height=1200&language=de-DE&screen_width=1600&screen_height=1200&unique=true&id=de83cb41-9dcd-4dc8-9231-ee9560fe5825&type=pageview&time=1719816569762
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.8.253.238 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
212-8-253-238.hosted-by-worldstream.net
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Mon, 01 Jul 2024 06:49:30 GMT
Simple-Analytics-Feedback
Thanks for sending this page view!
Simple-Analytics-Location
not_set
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
43
Expires
0
NRJS-922263b7f65c352c48b
bam.nr-data.net/1/
150 B
603 B
XHR
General
Full URL
https://bam.nr-data.net/1/NRJS-922263b7f65c352c48b?a=477262540&v=1.261.1&to=YFEDbUMFXBBXB0RbXlkbNEtYSx0KWABVSh9HXBE%3D&rst=2080&ck=0&s=0a01cce23c375de5&ref=https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan&ptid=4181d7f6dd7ff931&ap=1427&be=383&fe=1491&dc=1278&at=TBYAGwsfTx4%3D&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1719816567697,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:1,%22c%22:1,%22s%22:35,%22ce%22:337,%22rq%22:337,%22rp%22:384,%22rpe%22:433,%22di%22:1628,%22ds%22:1642,%22de%22:1661,%22dc%22:1872,%22l%22:1872,%22le%22:1874%7D,%22navigation%22:%7B%7D%7D&fp=1198&fcp=1453
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.261.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2d178ee57c5d2a506b3799b50fea41d93ed1b786b8249434071bd048f2f376ac

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 01 Jul 2024 06:49:30 GMT
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
content-type
text/plain
access-control-allow-origin
https://www.forcepoint.com
access-control-expose-headers
Date
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
Connection
keep-alive
timing-allow-origin
https://www.forcepoint.com
Content-Length
150
x-served-by
cache-fra-etou8220157-FRA
/
geolocation-db.com/json/
144 B
255 B
XHR
General
Full URL
https://geolocation-db.com/json/
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
73b0da8a840c64018227ed4fe926f61a8a2c26f8acf0af2b4c5fa34f03ef4483

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Mon, 01 Jul 2024 06:49:30 GMT
content-encoding
gzip
server
nginx/1.14.0 (Ubuntu)
content-type
text/html; charset=UTF-8
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
539 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:49:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
0dc4c795-4bc3-4cbe-8880-b84b60426dac
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
0dc4c795-4bc3-4cbe-8880-b84b60426dac
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-9q5kl
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
89c474da6ba2c077-WAW

Verdicts & Comments Add Verdict or Comment

133 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 undefined| event object| fence object| sharedStorage object| NREUM object| webpackChunk:NRBA-1.261.1.PROD object| newrelic object| utag_data undefined| $ function| jQuery number| _vis_opt_account_id string| _vis_opt_protocol string| _vis_opt_script1src string| _vis_opt_script1id string| _vis_opt_script2src string| _vis_opt_script2id undefined| scriptsInitialized function| _vis_opt_loadScript function| _vis_opt_loadScript_write function| loadTopBottomScript function| vwoSyncCode function| consentCookie function| vwoConsentGiven object| consentFunctionalCookie boolean| hasSessionStorageConsent number| prevScrollPos function| shouldRunScript object| body function| insertModalInBody boolean| hasScrolled boolean| hasSpentTime boolean| hasExitIntent boolean| hasDSEOpened boolean| scrolledUp function| userScrolledUp function| userInteracted function| userSpentTime function| userLeavesPage function| closeModal object| forresterUrls undefined| hasOpenedForrester undefined| forresterModalOpenedInSession undefined| imgSrc undefined| titleContent undefined| linkTo undefined| forresterModalString undefined| forresterModal undefined| modalCloseBtn undefined| modalLinkBtn undefined| forresterModalContent object| dseUrls undefined| newScript undefined| dseModalOpened undefined| title undefined| video undefined| linkUrl undefined| linkText undefined| dseModalString undefined| dseModal undefined| dseModalCloseBtn undefined| dseModalContent undefined| dseModalLinkBtn boolean| hasValidUtm object| formProductModal undefined| hasDataWildOpened undefined| dataWildTitle undefined| dataWildDescription undefined| dataWildParagraph undefined| dataWildLinkUrl undefined| dataWildLinkText undefined| dataWildImageUrl undefined| dataWildModalString undefined| wildModal undefined| wildModalCloseBtn undefined| wildModalContent undefined| wildModalLinkBtn undefined| canShowWildModal object| hubspot object| HubSpotForms object| hbspt object| hsFormsOnReady object| utag_err boolean| utag_condload string| url object| utag function| e object| s function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap object| _linkedin object| _qevents function| _tealium_old_error boolean| __tealium_twc_switch object| adobe function| Visitor object| s_c_il number| s_c_in number| s_objectID number| s_giq object| _linkedin_data_partner_ids string| gtagRename object| dataLayer function| gtag function| rdt object| md5 function| fbq function| _fbq function| advagg_mod_2 function| advagg_mod_2_check function| advagg_mod_defer_1 function| init_drupal_core_settings object| html5 object| Modernizr object| Drupal function| DOMPurify function| lazyloaderDebounceOrThrottle object| echo function| Waypoint object| AOS object| picturefillCFG function| picturefill function| tealiumGetResourceSearchData function| tealiumTrackResourceSearch object| tealFuncs object| options object| _hsq boolean| sa_event_loaded boolean| sa_loaded function| sa_event

12 Cookies

Domain/Path Name / Value
.hsforms.net/ Name: __cf_bm
Value: 55uHG2xkZBzDdKfE7sWwJNLyRbVbZENVZas.sNrllXY-1719816568-1.0.1.1-NYFI7WwcDoe8KuO4dL2xY9KLPlL14cS7buBdEN_71GxxTvqf5mBReTG0_PhOjV2lOboulw0i0XUAhsBzlQKykQ
.adnxs.com/ Name: XANDR_PANID
Value: QuH4wrBat84wOFkRGo_b2hm4z10-SATRvic8C4MFhHtLBWcNHexwZjtkLRppIl2S4GAHu-MTW2CixPTeeVyI_esjB9sGaOFUXfeTTyV8zAE.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 2657853101310053061
.forcepoint.com/ Name: utag_main__sn
Value: 1
.forcepoint.com/ Name: utag_main__se
Value: 1%3Bexp-session
.forcepoint.com/ Name: utag_main__ss
Value: 1%3Bexp-session
.forcepoint.com/ Name: utag_main__st
Value: 1719818369264%3Bexp-session
.forcepoint.com/ Name: utag_main_ses_id
Value: 1719816569264%3Bexp-session
.forcepoint.com/ Name: utag_main__pn
Value: 1%3Bexp-session
.hsforms.com/ Name: __cf_bm
Value: h2zTKJW1UZrmE3LqKZ41ghH7PV2H1I6HpDozYh9awGU-1719816569-1.0.1.1-L6csqC1ifo6LhQPOQ7PD73RoxWrSI3bjES1.4h7QkWD5t7K5fbaIiIGoxcKGWGU1ysYUB0OelZBGIkgHSCZGow
.hsforms.com/ Name: _cfuvid
Value: FlETzbeC5Y0oIe54q4WywcYTz7kbDVvr4StMsxKILYU-1719816569909-0.0.1.1-604800000

19 Console Messages

Source Level URL
Text
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/help.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/message-24-warning.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/message-24-error.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/menu-expanded.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/tree-bottom.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/menu-collapsed.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/message-24-ok.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/throbber-inactive.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/draggable.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/grippie.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/tree.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/throbber-active.gif was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/progress.gif was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
security error URL: https://scripts.simpleanalyticscdn.com/latest.js(Line 2)
Message:
Refused to connect to 'https://queue.simpleanalyticscdn.com/append' because it violates the following Content Security Policy directive: "connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com; img-src * data: *; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com *.hubspot.com *.hubspot.net *.demdex.net *.libsyn.com *.youtube.com; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

attr.ml-api.io
bam.nr-data.net
cdnjs.cloudflare.com
forms-na1.hsforms.com
forms.hsforms.com
geolocation-db.com
js-agent.newrelic.com
js.hsforms.net
queue.simpleanalyticscdn.com
s.ml-attr.com
scripts.simpleanalyticscdn.com
secure.adnxs.com
tags.tiqcdn.com
www.forcepoint.com
104.17.24.14
104.18.141.119
104.19.175.188
159.89.102.253
162.247.243.29
185.89.210.244
212.8.253.238
2400:52e0:1e00::1080:1
2600:9000:206f:1800:5:7a81:86c0:93a1
2600:9000:235a:9400:7:2bfb:7c00:93a1
2602:816:5001::39
2a04:4e42:600::740
68.67.153.60
033ea4cefced423a11d0cc62afb56c3b09c16913abe8a891fc578b2f2327a101
06253733aa87841e74e8076ca1a74c6b8a5eed79057c8dc2812e8f622cbdd45e
0af941ad21ab4dc704f04bdf8d21825869cfe27eb61b3a37e295f70697c48c88
0eb42d32c51e79e9d48a5694328c0ce8889f58a2c25bf13f239a8d818226a96a
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae
0ecb51b60ee20c9486e0a9161e7c38adab1d83be7df4acbb59c8e8bc811e1cad
10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
195211df418c32079abb41bb0ebd2ea3aace287509a9c49702d80f1350313527
1a551853bab605782355fae523df4ddad8f3ec86be2e9654278282b154490cc2
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d
1f81387d932ab97c0ddff8edfc8e1ca4e37201b3cfb5d3911bc25a04e4087ae7
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
2528d731c4e61e67f78982f202d1de7e6f7a234117b4d9c98325c27e33c6e1d3
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4
273da5f5372f7eca262d218c1b3a1b0a7055dad4843e7cf485cf7804d8aa0ca4
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
2d178ee57c5d2a506b3799b50fea41d93ed1b786b8249434071bd048f2f376ac
2da781a6191588a46eeb8e47e2d5c4fd2d49a2eceeb1e6e061dbac289e63dc7c
2db23bd96dca0757b0f0d309acb62fe766c08348c86c195ed79658f7f7b456c3
3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d
3180fea88eaa47e87effdffd92cc7f52249a701909b6b617b2d0c55b7a0e7c98
33df7d1430b49b83528e5df930e1da6d9bf492fb32b37ff2b9fd4d97834a0abd
353db1686dfd23728735c8f83a8382b37b37f1243ca1ee2ef2f7241341f2e1e4
365e944c8e49f6e24235dabb2633d0f154ef6a8ef077a8abfe29a6847ae1153a
3d71af35f2b359f1b23e69e6fb08b67a73db8dc5907a7bf83d87b62849ed3b3b
3f3a06c93db350a7a9d3616a3dbbd6c252e702ade48978256c8a125fc2981d2d
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3
4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a
4d58ffb4437135b1a4f7b8cbf01321ea85fe244416aed493ea942462f3d58c86
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70
521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
59976a805bd708c7009f31a3cd7a86357c53b1f2331d2f2997d0db350b9bb32b
599f5830ccbfb27f548221a3dd7d16786520037c583e53cbfcca34f1a0e11229
59a410a623d86c98b190b07e27d0cf4e36455f184fc85cc1a4021aac1bc8a860
5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886
5f1b6cef797b1f839c2db70c44e77b6e0551cba4e22c5f7b056fcb805468b613
5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49
61cbf8a09d67fc91bd97e439ecb5b880e5b0ea421fdcb9190d5da2f4c8890aa5
61deedef5519831c5ba93b5ea4ccbe1d3a6a544c37709704271d05871caf1a02
629649515666e3906b0dcb77fb2fa1696a4b83b630e2c569a7cd4a097dbe3af8
634b615987ef6bc5cf11ff7eb78673aebf61e436dc7a56de0f4b4aa543ccb577
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53
67138202cdb85739d98743e8226b60fbef18366ce3da88902bee16dacd0f0959
6806cdcdd3c7f06950968eeebc5ed11dc261adde18cfefd541532fcf5e59ddff
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868
69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d
6aa75e0e135df761bc11a0e1231af1ef27a5b7fe5985714865f35781286b42e9
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
706bcb95e6eec4ff78ac6d9647ad0e0e7163134b73c45f0fc5b801ca529127d2
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
73b0da8a840c64018227ed4fe926f61a8a2c26f8acf0af2b4c5fa34f03ef4483
74a6ba58527ccbbde80b52bb6b23dd5671a4a72199fe789324786d15d6fa9a24
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
76d9063e5a28081ce23c52ce4c500f8a39674afbedf24aad5f304df8f00a84df
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455
7a06dd94021db644db9732192dd8c6b062b80d3f99488e35ce495e82f0ccf961
7dfeb329f73421a0c80e8a067d3e1d67c916c84746f94cb9826c06bc58516d1f
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a
8117b5d7ba159bfb0cf341d96a566b4b06c466a0038eca2273a8533b1536e019
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
87649ba070f4b18de6d9d8824f7a347d4842b913451fddde49bfdb163ae2e12a
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
91997f03543fdd296c85e60feede1e3df0e950aca03698583ff2870869a2dc0b
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742
9a363427efaa6cd56ae165653d1070e96c6b804c99253d1cde1488da66f7af69
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
9e815610f978cad8bc6a72832b206c68e17bf6799cd0c937b2b3c30014243f73
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a167f660daaa2f0abba7204685eb46f7127b490d936f10747a2f8c5daba26b83
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d
a965bdafdcbdf6a1bc0a04fb81ee6d5fb86e1fde7a2da4e8998ab3bcf467bdb4
ac12f243172f3c8376a67f24942257093fd70d0c10212a58bf8df60f372be24e
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9
afe5695ceec4f19c701784c442de76dc711f61482071b8f860bb1608380bc8b5
b2da29ed5ab13ba88c22a51b412428640f8b495c40e0225d712d16eb6ea8351e
b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b
b486e01022c2460a86538a67510d4f39ce41e9dd5050a3d9578ec6f4c054f8ec
b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b
bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf
c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b
c3af792cf17fc9da7b301e6ec8a24dcec9e7b4d3ef83622c2417329f658e8848
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
c654220d555e70fb63334836085ed53e9a9d2982e79824664fba6d89e6dc490e
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
d0ec82a82ae412d1cbcf08f404ce69ef215cd47d8a98d6aa13309fc66dacba1f
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
dd7fe585c74e77b78c21455683a55283fe4f723875c825a1c676e1347ba54ab3
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3
defd01b0db74c62e4efe18ef38e5ec968f2b8c2cf51ab6b14f12e1ad250eec84
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f
e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c
e87016d2d889ede0cfc1d5c8f1b69dfaf7d461f89ea0eda0bb9f0e3a081ca57d
eb06d9c1faf512de924b0840e5ff2cea13ea5154e84b9a2edb23c3ee94602bd7
ee27e3cdc69e172aac4b82b3f20d30a2e9b8fc56e7154475292f0ce338b8a5a5
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
f443007354af04e5d9f0aea2ce21303442752753ce63ab035a6c76d4f06d5d52
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5
f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1
fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5
fd08b09bb992ad9d8eb1fa512716a782939ee1df7c7b10ebecef57bc7b023626
fdc11521f5009cca4ba4c329f0ab9a94273191d33239245d16f484ccbbff23d1
fe7d3ca3e17134925638b03cba3263b8da913e73bf270bf48fda841b2c8ad761
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0
ff79200e9d0486ad1207f01f3c5918eea0771ded9b1681694da8caaae4c74c1a