www.fortinet.com Open in urlscan Pro
2600:1f18:1492:1701:a964:c08d:f5eb:b0c  Public Scan

URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Submission: On November 13 via api from DE — Scanned from US

Summary

This website contacted 74 IPs in 2 countries across 64 domains to perform 192 HTTP transactions. The main IP is 2600:1f18:1492:1701:a964:c08d:f5eb:b0c, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.fortinet.com. The Cisco Umbrella rank of the primary domain is 156385.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 16th 2024. Valid for: a year.
This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
38 2600:1f18:149... 14618 (AMAZON-AES)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
22 2600:141b:1c0... 20940 (AKAMAI-ASN1)
1 4 44.197.70.51 14618 (AMAZON-AES)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 23.196.3.207 20940 (AKAMAI-ASN1)
3 23.199.49.127 16625 (AKAMAI-AS)
2 34.171.47.125 396982 (GOOGLE-CL...)
3 2620:1ec:33:2... 8075 (MICROSOFT...)
1 34.196.87.99 14618 (AMAZON-AES)
1 1 100.25.94.54 14618 (AMAZON-AES)
1 63.140.37.206 16509 (AMAZON-02)
2 70.42.32.95 22075 (AS-OUTBRAIN)
14 23.196.3.196 20940 (AKAMAI-ASN1)
1 2600:141b:1c0... 20940 (AKAMAI-ASN1)
2 2607:f8b0:400... 15169 (GOOGLE)
2 99.83.231.3 16509 (AMAZON-02)
2 2a02:6ea0:c45... 60068 (CDN77 _)
1 2607:f8b0:400... 15169 (GOOGLE)
2 3.141.188.58 16509 (AMAZON-02)
2 18.173.219.106 16509 (AMAZON-02)
1 2606:4700:310... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 52.32.164.86 16509 (AMAZON-02)
3 2620:1ec:bdf::40 8075 (MICROSOFT...)
1 74.121.140.211 30419 (PAEDAE-INC)
1 63.140.37.244 16509 (AMAZON-02)
1 34.111.208.231 396982 (GOOGLE-CL...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 44.226.187.177 16509 (AMAZON-02)
1 34.238.149.65 14618 (AMAZON-AES)
1 151.101.44.157 54113 (FASTLY)
1 2600:141b:1c0... 20940 (AKAMAI-ASN1)
6 52.44.251.75 14618 (AMAZON-AES)
2 3 68.67.179.166 29990 (ASN-APPNEX)
3 5 68.67.160.132 29990 (ASN-APPNEX)
1 2600:9000:21f... 16509 (AMAZON-02)
22 25 34.170.123.2 396982 (GOOGLE-CL...)
1 1 2600:9000:284... 16509 (AMAZON-02)
1 2 98.82.157.231 14618 (AMAZON-AES)
2 3 69.194.240.13 26120 (RHYTHMONE)
1 2 35.71.139.29 16509 (AMAZON-02)
1 2600:1f18:612... 14618 (AMAZON-AES)
3 4 34.111.113.62 396982 (GOOGLE-CL...)
1 1 108.138.128.44 16509 (AMAZON-02)
1 1 2600:9000:21f... 16509 (AMAZON-02)
1 2 2600:9000:247... 16509 (AMAZON-02)
1 207.65.37.184 62713 (AS-PUBMATIC)
1 63.251.28.211 13789 (INTERNAP-...)
2 3 2600:1901:0:8... 396982 (GOOGLE-CL...)
1 1 2001:4998:1c:... 14779 (YAHOO)
2 3 2001:4998:14:... 14777 (YAHOO)
1 2 34.229.3.43 14618 (AMAZON-AES)
1 3.218.41.45 14618 (AMAZON-AES)
1 23.39.37.118 16625 (AKAMAI-AS)
1 2 35.175.35.80 14618 (AMAZON-AES)
1 2 54.166.218.157 14618 (AMAZON-AES)
3 3 35.244.154.8 15169 (GOOGLE)
1 1 107.178.254.65 15169 (GOOGLE)
3 6 2620:1ec:21::14 8068 (MICROSOFT...)
1 1 142.251.35.162 15169 (GOOGLE)
1 1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2 69.173.151.100 26667 (RUBICONPR...)
1 2 34.98.64.218 396982 (GOOGLE-CL...)
4 4 142.250.80.34 15169 (GOOGLE)
1 1 2606:4700:440... 13335 (CLOUDFLAR...)
1 13.107.42.14 8068 (MICROSOFT...)
3 162.159.140.229 13335 (CLOUDFLAR...)
3 104.244.42.67 13414 (TWITTER)
1 2 142.250.176.198 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 44.212.189.233 14618 (AMAZON-AES)
1 54.203.236.163 16509 (AMAZON-02)
1 6 34.117.77.79 396982 (GOOGLE-CL...)
1 3.220.203.153 14618 (AMAZON-AES)
2 2a03:2880:f11... 32934 (FACEBOOK)
8 9 52.223.40.198 16509 (AMAZON-02)
2 3 34.197.192.192 14618 (AMAZON-AES)
2 44.235.191.156 16509 (AMAZON-02)
1 52.12.117.226 16509 (AMAZON-02)
1 44.225.29.129 16509 (AMAZON-02)
192 74
Apex Domain
Subdomains
Transfer
39 fortinet.com
www.fortinet.com — Cisco Umbrella Rank: 156385
metrics.fortinet.com — Cisco Umbrella Rank: 444136
4 MB
27 simpli.fi
tag.simpli.fi — Cisco Umbrella Rank: 6380
i.simpli.fi — Cisco Umbrella Rank: 5203
um.simpli.fi — Cisco Umbrella Rank: 1072
15 KB
22 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 468
152 KB
20 6sc.co
j.6sc.co — Cisco Umbrella Rank: 6855
c.6sc.co — Cisco Umbrella Rank: 8270
ipv6.6sc.co — Cisco Umbrella Rank: 6936
b.6sc.co — Cisco Umbrella Rank: 4441
eps.6sc.co — Cisco Umbrella Rank: 10972
v.eps.6sc.co — Cisco Umbrella Rank: 20254
24 KB
9 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 426
insight.adsrvr.org — Cisco Umbrella Rank: 1228
7 KB
8 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 404
www.linkedin.com — Cisco Umbrella Rank: 705
px4.ads.linkedin.com — Cisco Umbrella Rank: 6892
5 KB
8 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 576
ib.adnxs.com — Cisco Umbrella Rank: 302
9 KB
7 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 52
cm.g.doubleclick.net — Cisco Umbrella Rank: 294
10104846.fls.doubleclick.net — Cisco Umbrella Rank: 485898
2 KB
6 ml314.com
ml314.com — Cisco Umbrella Rank: 2086
40 KB
6 stackadapt.com
tags.srv.stackadapt.com — Cisco Umbrella Rank: 3122
10 KB
6 crazyegg.com
script.crazyegg.com — Cisco Umbrella Rank: 3180
tracking.crazyegg.com — Cisco Umbrella Rank: 5448
41 KB
6 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 390
127 KB
5 outbrain.com
amplify.outbrain.com — Cisco Umbrella Rank: 3713
wave.outbrain.com — Cisco Umbrella Rank: 4615
tr.outbrain.com — Cisco Umbrella Rank: 3598
11 KB
5 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 276
fortinet.demdex.net — Cisco Umbrella Rank: 482817
3 KB
4 yahoo.com
cms.analytics.yahoo.com — Cisco Umbrella Rank: 2476
ups.analytics.yahoo.com — Cisco Umbrella Rank: 599
1 KB
4 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 495
1 KB
4 mountain.com
dx.mountain.com — Cisco Umbrella Rank: 5404
px.mountain.com — Cisco Umbrella Rank: 5644
gs.mountain.com — Cisco Umbrella Rank: 11087
11 KB
3 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 1387
2 KB
3 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 1085
848 B
3 t.co
t.co — Cisco Umbrella Rank: 872
1 KB
3 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 519
847 B
3 pro-market.net
fei.pro-market.net — Cisco Umbrella Rank: 3231
pbid.pro-market.net — Cisco Umbrella Rank: 12555
1 KB
3 contanuity.com
intentstream.contanuity.com — Cisco Umbrella Rank: 101692
tracking.contanuity.com — Cisco Umbrella Rank: 24288
1 KB
3 argusplatform.com
tmp.argusplatform.com — Cisco Umbrella Rank: 483741
pixels.argusplatform.com — Cisco Umbrella Rank: 472744
webtracker.argusplatform.com — Cisco Umbrella Rank: 483874
4 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 397
15 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
216 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 208
74 KB
2 openx.net
us-u.openx.net — Cisco Umbrella Rank: 593
502 B
2 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 459
3 KB
2 lijit.com
ce.lijit.com — Cisco Umbrella Rank: 1257
895 B
2 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1277
553 B
2 exelator.com
loadm.exelator.com — Cisco Umbrella Rank: 2703
2 KB
2 intentiq.com
sync.intentiq.com — Cisco Umbrella Rank: 1297
2 KB
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 617
d.agkn.com — Cisco Umbrella Rank: 866
1 KB
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 481
970 B
2 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 566
730 B
2 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 351
2 KB
2 demandscience.com
abm-tracking.demandscience.com — Cisco Umbrella Rank: 97241
3 KB
2 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 35916
ibc-flow.techtarget.com — Cisco Umbrella Rank: 30831 Failed
2 KB
2 omappapi.com
a.omappapi.com — Cisco Umbrella Rank: 7398
api.omappapi.com — Cisco Umbrella Rank: 7432
3 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
177 KB
1 steelhousemedia.com
px.steelhousemedia.com — Cisco Umbrella Rank: 15797
319 B
1 siteimproveanalytics.io
6033413.global.siteimproveanalytics.io — Cisco Umbrella Rank: 452057
149 B
1 siteimproveanalytics.com
siteimproveanalytics.com — Cisco Umbrella Rank: 5098
12 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 4
64 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 110
23 B
1 pippio.com
pippio.com — Cisco Umbrella Rank: 947
633 B
1 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 2756
27 B
1 bfmio.com
sync.bfmio.com — Cisco Umbrella Rank: 1727
421 B
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 685
655 B
1 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 1092
552 B
1 tremorhub.com
simplifi.partners.tremorhub.com — Cisco Umbrella Rank: 8215
175 B
1 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1416
378 B
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 649
544 B
1 inzynk.io
tags.inzynk.io — Cisco Umbrella Rank: 313829
443 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1142
14 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 1236
16 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 331
14 KB
1 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 4421
711 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 65
1 opmnstr.com
a.opmnstr.com — Cisco Umbrella Rank: 38980
17 KB
1 omtrdc.net
fortinet.tt.omtrdc.net — Cisco Umbrella Rank: 465451
842 B
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1776
490 B
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 610
305 B
192 64
Domain Requested by
38 www.fortinet.com www.fortinet.com
25 um.simpli.fi 22 redirects
22 assets.adobedtm.com cdn.cookielaw.org
assets.adobedtm.com
13 b.6sc.co www.fortinet.com
8 match.adsrvr.org 7 redirects
6 ml314.com 1 redirects www.fortinet.com
ml314.com
6 px.ads.linkedin.com 3 redirects snap.licdn.com
6 tags.srv.stackadapt.com www.fortinet.com
tags.srv.stackadapt.com
6 cdn.cookielaw.org www.fortinet.com
cdn.cookielaw.org
5 ib.adnxs.com 3 redirects
4 cm.g.doubleclick.net 4 redirects
4 pixel.tapad.com 3 redirects
4 script.crazyegg.com www.fortinet.com
script.crazyegg.com
4 dpm.demdex.net 1 redirects www.fortinet.com
3 ps.eyeota.net 2 redirects
3 analytics.twitter.com
3 t.co
3 idsync.rlcdn.com 3 redirects
3 ups.analytics.yahoo.com 2 redirects
3 secure.adnxs.com 2 redirects
3 bat.bing.com assets.adobedtm.com
bat.bing.com
www.fortinet.com
2 px.mountain.com dx.mountain.com
px.mountain.com
2 www.facebook.com
2 connect.facebook.net www.fortinet.com
connect.facebook.net
2 10104846.fls.doubleclick.net 1 redirects assets.adobedtm.com
2 us-u.openx.net 1 redirects
2 pixel.rubiconproject.com 1 redirects
2 ce.lijit.com 1 redirects
2 bcp.crwdcntrl.net 1 redirects
2 loadm.exelator.com 1 redirects
2 fei.pro-market.net 2 redirects
2 sync.intentiq.com 1 redirects
2 eb2.3lift.com 1 redirects
2 sync.1rx.io 2 redirects
2 s.amazon-adsystem.com 1 redirects
2 intentstream.contanuity.com abm-tracking.demandscience.com
2 abm-tracking.demandscience.com www.fortinet.com
abm-tracking.demandscience.com
2 v.eps.6sc.co j.6sc.co
2 tracking.crazyegg.com script.crazyegg.com
2 eps.6sc.co j.6sc.co
2 www.googletagmanager.com assets.adobedtm.com
abm-tracking.demandscience.com
2 tr.outbrain.com amplify.outbrain.com
2 amplify.outbrain.com www.fortinet.com
amplify.outbrain.com
1 insight.adsrvr.org 1 redirects
1 px.steelhousemedia.com
1 gs.mountain.com px.mountain.com
1 6033413.global.siteimproveanalytics.io
1 webtracker.argusplatform.com tmp.argusplatform.com
1 tracking.contanuity.com abm-tracking.demandscience.com
1 siteimproveanalytics.com assets.adobedtm.com
1 px4.ads.linkedin.com
1 www.linkedin.com 1 redirects
1 www.google.com
1 googleads.g.doubleclick.net 1 redirects
1 www.googleadservices.com 1 redirects
1 pippio.com 1 redirects
1 stags.bluekai.com
1 sync.bfmio.com
1 pbid.pro-market.net
1 cms.analytics.yahoo.com 1 redirects
1 ads.stickyadstv.com
1 image2.pubmatic.com
1 d.agkn.com 1 redirects
1 aa.agkn.com 1 redirects
1 simplifi.partners.tremorhub.com
1 sync.targeting.unrulymedia.com
1 s.ad.smaato.net 1 redirects
1 tags.inzynk.io assets.adobedtm.com
1 snap.licdn.com www.fortinet.com
1 static.ads-twitter.com www.fortinet.com
1 dx.mountain.com www.fortinet.com
1 i.simpli.fi tag.simpli.fi
1 cdn.jsdelivr.net abm-tracking.demandscience.com
1 pixels.argusplatform.com tmp.argusplatform.com
1 ibc-flow.techtarget.com trk.techtarget.com
1 metrics.fortinet.com www.fortinet.com
1 pixel.mathtag.com www.fortinet.com
1 tmp.argusplatform.com www.fortinet.com
1 trk.techtarget.com www.fortinet.com
1 api.omappapi.com a.opmnstr.com
1 a.omappapi.com a.opmnstr.com
1 www.google-analytics.com www.googletagmanager.com
1 a.opmnstr.com assets.adobedtm.com
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 wave.outbrain.com amplify.outbrain.com
1 fortinet.tt.omtrdc.net www.fortinet.com
1 cm.everesttech.net 1 redirects
1 fortinet.demdex.net www.fortinet.com
1 tag.simpli.fi assets.adobedtm.com
1 j.6sc.co www.fortinet.com
1 geolocation.onetrust.com cdn.cookielaw.org
192 92
Subject Issuer Validity Valid
*.fortinet.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-16 -
2025-07-15
a year crt.sh
cookielaw.org
WE1
2024-10-11 -
2025-01-09
3 months crt.sh
geolocation.onetrust.com
WE1
2024-10-11 -
2025-01-09
3 months crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-09 -
2025-08-09
a year crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-09-25 -
2025-10-26
a year crt.sh
script.crazyegg.com
Cloudflare Inc ECC CA-3
2024-08-02 -
2024-12-31
5 months crt.sh
6sc.co
R10
2024-09-23 -
2024-12-22
3 months crt.sh
*.outbrain.com
DigiCert TLS RSA SHA256 2020 CA1
2023-12-14 -
2024-12-14
a year crt.sh
*.simpli.fi
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-11-07 -
2024-12-07
a year crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 03
2024-09-16 -
2025-03-15
6 months crt.sh
*.tt.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1
2024-02-26 -
2025-03-28
a year crt.sh
*.google-analytics.com
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
eps.6sc.co
Amazon RSA 2048 M03
2024-08-27 -
2025-09-25
a year crt.sh
a.opmnstr.com
R11
2024-11-05 -
2025-02-03
3 months crt.sh
crazyegg.com
Amazon RSA 2048 M02
2024-06-30 -
2025-07-30
a year crt.sh
v.eps.6sc.co
Amazon RSA 2048 M03
2024-09-06 -
2025-10-05
a year crt.sh
a.omappapi.com
R10
2024-11-05 -
2025-02-03
3 months crt.sh
omappapi.com
WE1
2024-10-12 -
2025-01-10
3 months crt.sh
trk.techtarget.com
WE1
2024-09-20 -
2024-12-19
3 months crt.sh
abm-tracking.demandscience.com
R10
2024-10-13 -
2025-01-11
3 months crt.sh
tmp.argusplatform.com
GeoTrust Global TLS RSA4096 SHA256 2022 CA1
2024-09-09 -
2025-03-09
6 months crt.sh
*.mathtag.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-04-23 -
2025-04-30
a year crt.sh
metrics.fortinet.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-12-26 -
2025-01-25
a year crt.sh
ibc-flow.techtarget.com
WR3
2024-10-24 -
2025-01-22
3 months crt.sh
pixels.argusplatform.com
GeoTrust Global TLS RSA4096 SHA256 2022 CA1
2024-09-08 -
2025-03-08
6 months crt.sh
*.jsdelivr.net
Sectigo RSA Domain Validation Secure Server CA
2024-05-04 -
2025-05-04
a year crt.sh
intentstream.contanuity.com
E5
2024-10-14 -
2025-01-12
3 months crt.sh
*.mountain.com
Go Daddy Secure Certificate Authority - G2
2024-05-23 -
2025-06-24
a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-06-25 -
2025-06-24
a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
*.srv.stackadapt.com
Amazon RSA 2048 M03
2024-08-09 -
2025-09-06
a year crt.sh
*.inzynk.io
Amazon RSA 2048 M02
2024-01-07 -
2025-02-04
a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-10-14 -
2025-04-14
6 months crt.sh
t.co
E5
2024-09-28 -
2024-12-27
3 months crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-10-07 -
2025-10-06
a year crt.sh
*.doubleclick.net
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-08-22 -
2024-11-20
3 months crt.sh
siteimproveanalytics.com
WE1
2024-10-17 -
2025-01-15
3 months crt.sh
44.212.189.233
Sectigo RSA Domain Validation Secure Server CA
2024-01-26 -
2025-02-15
a year crt.sh
tracking.contanuity.com
R11
2024-11-11 -
2025-02-09
3 months crt.sh
webtracker.argusplatform.com
GeoTrust Global TLS RSA4096 SHA256 2022 CA1
2024-09-09 -
2025-03-09
6 months crt.sh
event-horizon.gcp.bomm.in
WR3
2024-10-18 -
2025-01-16
3 months crt.sh
*.global.r1.siteimproveanalytics.io
Amazon RSA 2048 M02
2024-09-02 -
2025-10-01
a year crt.sh

This page contains 3 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Frame ID: E9646EEF95C13BE18BF21448D196253F
Requests: 187 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: 149DD6396205C570D635578231F4AC29
Requests: 1 HTTP requests in this frame

Frame: https://10104846.fls.doubleclick.net/activityi;dc_pre=CNq23ZTM2YkDFYuKdwEdhXE8uQ;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4036147131945.669
Frame ID: 7E669F4AF852BA2B4D2615A8383ACAA2
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

New Campaign Uses Remcos RAT to Exploit Victims | FortiGuard Labs

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc/designs/
  • /etc\.clientlibs/

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • /fingerprintjs@(\d)

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • tracker\.js

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

192
Requests

82 %
HTTPS

36 %
IPv6

64
Domains

92
Subdomains

74
IPs

2
Countries

4596 kB
Transfer

7099 kB
Size

127
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58
  • https://cm.everesttech.net/cm/dd?d_uuid=19970388947444869440355377206328874018 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZzTB0gAAAJARZQOH
Request Chain 120
  • https://secure.adnxs.com/px?id=1773420&t=2 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2
Request Chain 121
  • https://ib.adnxs.com/seg?add=36113683 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683
Request Chain 123
  • https://um.simpli.fi/smaato HTTP 302
  • https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=58D823FA4EF84E62B213BE5E83BC1996 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=6c6fd2c8-c9f3-4a37-9a77-029dc3cc98b3&id=06c56c6b25&gdpr=0&gdpr_consent= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=6c6fd2c8-c9f3-4a37-9a77-029dc3cc98b3&id=06c56c6b25&gdpr=0&gdpr_consent=&dcc=t
Request Chain 124
  • https://um.simpli.fi/nexxen HTTP 302
  • https://sync.1rx.io/usersync/simplifi/58D823FA4EF84E62B213BE5E83BC1996 HTTP 302
  • https://sync.1rx.io/usersync/simplifi/58D823FA4EF84E62B213BE5E83BC1996?zcc=1&cb=1731510735972 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-0062a4f5-281f-4e09-9e6e-9e266c332d9b-005
Request Chain 125
  • https://um.simpli.fi/triplelift HTTP 302
  • https://eb2.3lift.com/xuid?mid=7969&xuid=58D823FA4EF84E62B213BE5E83BC1996&dongle=yf3 HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=58D823FA4EF84E62B213BE5E83BC1996&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
Request Chain 126
  • https://um.simpli.fi/telaria_p HTTP 302
  • https://simplifi.partners.tremorhub.com/sync?UISF=58D823FA4EF84E62B213BE5E83BC1996
Request Chain 127
  • https://um.simpli.fi/tapad HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=58D823FA4EF84E62B213BE5E83BC1996 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=58D823FA4EF84E62B213BE5E83BC1996
Request Chain 128
  • https://um.simpli.fi/ad_advisor HTTP 302
  • https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=58D823FA4EF84E62B213BE5E83BC1996 HTTP 302
  • https://d.agkn.com/pixel/10751/?che=1731510740151&ip=208.252.80.24&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D214360605065013991114 HTTP 302
  • https://um.simpli.fi/aa_px?sk=214360605065013991114 HTTP 302
  • https://um.simpli.fi/empty.gif
Request Chain 129
  • https://um.simpli.fi/intentiq HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=58D823FA4EF84E62B213BE5E83BC1996 HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=58D823FA4EF84E62B213BE5E83BC1996&ckls=true&ci=5wum5GjkM8&nc=false&trid=1335681020
Request Chain 130
  • https://um.simpli.fi/pubmatic HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:58D823FA4EF84E62B213BE5E83BC1996
Request Chain 131
  • https://um.simpli.fi/freewheel HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=58D823FA4EF84E62B213BE5E83BC1996
Request Chain 132
  • https://um.simpli.fi/dtnx HTTP 302
  • https://fei.pro-market.net/engine?du=24;csync=58D823FA4EF84E62B213BE5E83BC1996;mimetype=img; HTTP 302
  • https://fei.pro-market.net/engine?du=24;csync=58D823FA4EF84E62B213BE5E83BC1996;mimetype=img;sr HTTP 302
  • https://cms.analytics.yahoo.com/cms?partner_id=DATCS HTTP 302
  • https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS HTTP 302
  • https://pbid.pro-market.net/engine?du=81&mimetype=img&csync=y-T5lmfKBE2pTQYArgTwdzNCIx8jw.C_rWjNo-~A
Request Chain 133
  • https://um.simpli.fi/exelatem HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=58D823FA4EF84E62B213BE5E83BC1996&j=0 HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=58D823FA4EF84E62B213BE5E83BC1996&j=0&xl8blockcheck=1
Request Chain 134
  • https://um.simpli.fi/yahoo HTTP 302
  • https://ups.analytics.yahoo.com/ups/55964/sync?uid=58D823FA4EF84E62B213BE5E83BC1996 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55964/sync?uid=58D823FA4EF84E62B213BE5E83BC1996&verify=true
Request Chain 135
  • https://um.simpli.fi/beachfront HTTP 302
  • https://sync.bfmio.com/sync?pid=141&uid=58D823FA4EF84E62B213BE5E83BC1996
Request Chain 136
  • https://um.simpli.fi/bluekai HTTP 302
  • https://stags.bluekai.com/site/29931?id=58D823FA4EF84E62B213BE5E83BC1996
Request Chain 137
  • https://um.simpli.fi/crwdcntrl HTTP 302
  • https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=58D823FA4EF84E62B213BE5E83BC1996 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=58D823FA4EF84E62B213BE5E83BC1996
Request Chain 138
  • https://um.simpli.fi/lj_match HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=58D823FA4EF84E62B213BE5E83BC1996 HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=58D823FA4EF84E62B213BE5E83BC1996&dnr=1
Request Chain 139
  • https://um.simpli.fi/liveramp_match HTTP 302
  • https://idsync.rlcdn.com/419566.gif?partner_uid=58D823FA4EF84E62B213BE5E83BC1996 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CO7NGRIrCicIARDuJBogNThEODIzRkE0RUY4NEU2MkIyMTNCRTVFODNCQzE5OTYQABoNCNSD07kGEgUI6AcQAEIASgA HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=723db2e5727567ce05d8da08249bb15f719dbb551995314fc56a318c0f1bc18c791426b5417dce21&_=2 HTTP 307
  • https://px.ads.linkedin.com/db_sync?pid=10339&puuid=723db2e5727567ce05d8da08249bb15f719dbb551995314fc56a318c0f1bc18c791426b5417dce21&rand=04382946
Request Chain 140
  • https://www.googleadservices.com/pagead/conversion/1026675585/?random=1731510739555&cv=7&fst=1731510739555&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=1982491961&cv=7&fst=1731510739555&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAgilxrEC&pscrd=IhMIg5rYlMzZiQMVKVRHAR06qx_MMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v HTTP 302
  • https://www.google.com/pagead/1p-conversion/1026675585/?random=1982491961&cv=7&fst=1731510739555&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAgilxrEC&pscrd=IhMIg5rYlMzZiQMVKVRHAR06qx_MMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v&is_vtc=1&cid=CAQSGwCa7L7dyLzI3BXre_leai5kL-ubKa-t8WbwAw&random=3884899340
Request Chain 142
  • https://um.simpli.fi/an HTTP 302
  • https://ib.adnxs.com/setuid?entity=66&code=58D823FA4EF84E62B213BE5E83BC1996
Request Chain 143
  • https://um.simpli.fi/rb_match HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=58D823FA4EF84E62B213BE5E83BC1996&expires=365
Request Chain 144
  • https://um.simpli.fi/ox_match HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=58D823FA4EF84E62B213BE5E83BC1996 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=58D823FA4EF84E62B213BE5E83BC1996
Request Chain 145
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc= HTTP 302
  • https://um.simpli.fi/g_match?id=&google_gid=CAESEH2uaJHf5A9UnZUYbjP0Xzo&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=58D823FA4EF84E62B213BE5E83BC1996 HTTP 302
  • https://um.simpli.fi/g_match?id=
Request Chain 148
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290%2C6313418&time=1731510739874&li_adsId=db161ea0-4a6e-4b18-8718-59a666b33f4e&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290%2C6313418&time=1731510739874&li_adsId=db161ea0-4a6e-4b18-8718-59a666b33f4e&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%252C2159050%252C4628290%252C6313418%26time%3D1731510739874%26li_adsId%3Ddb161ea0-4a6e-4b18-8718-59a666b33f4e%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%252Fnew-campaign-uses-remcos-rat-to-exploit-victims%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290%2C6313418&time=1731510739874&li_adsId=db161ea0-4a6e-4b18-8718-59a666b33f4e&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290%2C6313418&time=1731510739874&li_adsId=db161ea0-4a6e-4b18-8718-59a666b33f4e&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&cookiesTest=true&liSync=true&e_ipv6=AQLGuJ8tZ4JDywAAAZMmFSaUcm4CMpqtCRon0VsMAkSF-OCS1HYxo53ive5frEN2XReE7HU0GQ
Request Chain 154
  • https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4036147131945.669 HTTP 302
  • https://10104846.fls.doubleclick.net/activityi;dc_pre=CNq23ZTM2YkDFYuKdwEdhXE8uQ;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4036147131945.669
Request Chain 175
  • https://idsync.rlcdn.com/395886.gif?partner_uid=3648398715617542195 HTTP 307
  • https://ml314.com/csync.ashx?fp=ba83b506a8a851606647747a525c087bb753ef7c94cf7c5b561b7efbbc3da039f4cb09cee1a4f8eb&person_id=3648398715617542195&eid=50082
Request Chain 176
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
  • https://ml314.com/utsync.ashx?eid=53819&et=0&fp=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&gdpr=0&gdpr_consent=
Request Chain 177
  • https://ib.adnxs.com/getuid?https://ml314.com/csync.ashx%3Ffp=$UID%26person_id=3648398715617542195%26eid=2 HTTP 302
  • https://ml314.com/csync.ashx?fp=5958286857444545603&person_id=3648398715617542195&eid=2
Request Chain 178
  • https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
  • https://ml314.com/utsync.ashx?eid=50052&et=0&fp=21ZTqxwgMxP-0O8B3nU-FMZkdzBhDCSOmlJVFs1Ve42w&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_pid%3Dr8hrb20 HTTP 302
  • https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Request Chain 179
  • https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=0ac9c017dfdd772893a32ead8dfce3c5_1731510739844 HTTP 303
  • https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=0ac9c017dfdd772893a32ead8dfce3c5_1731510739844&_bee_ppp=1 HTTP 303
  • https://tracking.contanuity.com/usersync?bwcookie=AADZFE7OaYQAABTFJInqAg
Request Chain 187
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=aecb4b52-a1d1-11ef-9110-13dab07cf320&gdpr=&gdpr_consent= HTTP 302
  • https://px.steelhousemedia.com/tdsync?tdid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&shguid=aecb4b52-a1d1-11ef-9110-13dab07cf320
Request Chain 188
  • https://insight.adsrvr.org/track/evnt/?adv=6s0zaeu&ct=0:0bi0elf&fmt=3 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=903&dpuuid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=YzU3YjRhMjAtZGNmYS00YmM3LWIzZGYtMWU1ZWY2M2NmNWQ5&gdpr=0&gdpr_consent=&ttd_tdid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9 HTTP 302
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&google_gid=CAESEFOxE__-4EuleQD3EVrFoPU&google_cver=1 HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9 HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=5958286857444545603&ttd_tdid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&partner_url=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dtapad HTTP 302
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3D040b98bc-28d1-4c8c-8153-818d09b18300%252Chttps%25253A%25252F%25252Fmatch.adsrvr.org%25252Ftrack%25252Fcmf%25252Fgeneric%25253Fttd_pid%25253Dtapad%252C HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=5958286857444545603&pt=040b98bc-28d1-4c8c-8153-818d09b18300%2Chttps%253A%252F%252Fmatch.adsrvr.org%252Ftrack%252Fcmf%252Fgeneric%253Fttd_pid%253Dtapad%2C HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad

192 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request new-campaign-uses-remcos-rat-to-exploit-victims
www.fortinet.com/blog/threat-research/
81 KB
26 KB
Document
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
619a66b171139705014abb66652b93ba67dba872d941be3aa7372ceb08201dbb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Age
649
Cache-Control
max-age=600, public, s-maxage=10800
Connection
keep-alive
Content-Encoding
gzip
Content-Length
24698
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Content-Type
text/html;charset=utf-8
Date
Wed, 13 Nov 2024 15:01:27 GMT
ETag
W/"145bf-626cc9bacfa54-gzip"
Last-Modified
Wed, 13 Nov 2024 15:01:27 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
Via
1.1 a1b25b0d3d9a8dc90e047cb69c24f48c.cloudfront.net (CloudFront)
X-Amz-Cf-Id
gZEf3nbmcABQELyBN78pyPrhRmzL-Fk7-DURavSSwUC_ZxlAfCJV2A==
X-Amz-Cf-Pop
IAD61-P2
X-Cache
Hit from cloudfront
X-Content-Type-Options
nosniff
X-Dispatcher
dispatcher2uswest1-28559771
X-Frame-Options
SAMEORIGIN
X-Vhost
publish
X-XSS-Protection
1; mode=block
visitorapi.min.js
www.fortinet.com/etc/designs/fortinet/adb-target/
64 KB
30 KB
Script
General
Full URL
https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"fe2d-6117284c96900-gzip"
Age
396974
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
VUWgSrk4_bj2IrlsrawjAH7m-hgj4elfwFfM8KRA7lZNbwcSOSP7iQ==
Date
Sat, 09 Nov 2024 00:56:02 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Last-Modified
Thu, 15 Feb 2024 21:43:32 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 a1b25b0d3d9a8dc90e047cb69c24f48c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
29532
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
at.js
www.fortinet.com/etc/designs/fortinet/adb-target/
104 KB
48 KB
Script
General
Full URL
https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"19e83-61431fc4b24c0-gzip"
Age
116144
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
DTiuaaIZ_QuDFMBS2Le-jGHLrC7WPyJs9tKMW-YPj8cUjLDh0g9lgA==
Date
Tue, 12 Nov 2024 06:56:32 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Last-Modified
Thu, 21 Mar 2024 20:59:39 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
47782
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/
540 KB
28 KB
Stylesheet
General
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"86e1b-61b58998583c0-gzip"
Age
326371
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
ou_ILmiyzlCimQ-fGIgcX3Cxd2RhIT8IpSjiL1QE8J4z7IOZZZdkiQ==
Date
Sat, 09 Nov 2024 20:32:45 GMT
Content-Type
text/css;charset=utf-8
Last-Modified
Thu, 20 Jun 2024 21:00:07 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 a1b25b0d3d9a8dc90e047cb69c24f48c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
27478
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
22 KB
8 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
Vo/d0f3ZefkwyML/PnJnjg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD03B52B60A337
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
3979
x-content-type-options
nosniff
expires
Thu, 14 Nov 2024 15:12:16 GMT
date
Wed, 13 Nov 2024 15:12:16 GMT
content-type
application/javascript
last-modified
Wed, 13 Nov 2024 07:31:20 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
8676ee84-f01e-0019-699f-35bfe2000000
cf-ray
8e1fb2f83c5542e1-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
7212
x-ms-blob-type
BlockBlob
server
cloudflare
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/
32 KB
3 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"7ebb-565d53a1d6e40-gzip"
Age
300494
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
CXI12lBYZL_QckFzmsKotSTdkwfKhj6SVTAoNcq6zQqTyoLnTgI4_w==
Date
Sun, 10 Nov 2024 03:44:02 GMT
Content-Type
image/svg+xml
Content-Disposition
attachment; filename="fortinet-logo-white.svg"
Vary
Accept-Encoding
Last-Modified
Thu, 22 Feb 2018 23:16:01 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
1998
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
toc-icon.jpg
www.fortinet.com/content/dam/fortinet/images/
1 KB
3 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet/images/toc-icon.jpg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"4fd-60a2031eb4f40"
Age
383957
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
_p6MuwMuespa6ZyYz-y8aV19TjqfE3o66kOckpvjp9Df8naHnfCgkQ==
Date
Sat, 09 Nov 2024 04:32:59 GMT
Content-Type
image/jpeg
Last-Modified
Tue, 14 Nov 2023 17:34:13 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 ded2db8c78a1ad7377261200a0bb44fa.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
1277
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/
160 KB
74 KB
Script
General
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"28100-61cff033f9240-gzip"
Age
383957
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
YU2nWu8VfI5gCT3a2Km48isAWaz_DhQQR2ZwdFtsHnGpkBdVgPDzIg==
Date
Sat, 09 Nov 2024 04:32:59 GMT
Content-Type
application/javascript;charset=utf-8
Vary
Accept-Encoding
Last-Modified
Thu, 11 Jul 2024 20:57:37 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
74768
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
f85f39fc-d7aa-467a-b762-fbb722748016.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/
5 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
Uj3iBUKm1Vl2g2NHq67V+w==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC07DF23DF5130
age
27669
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Thu, 14 Nov 2024 15:12:16 GMT
date
Wed, 13 Nov 2024 15:12:16 GMT
content-type
application/json
last-modified
Thu, 28 Dec 2023 19:56:54 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
a1b962b5-b01e-0073-3a58-26e349000000
cf-ray
8e1fb2f9695b9e1a-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
1792
x-ms-blob-type
BlockBlob
server
cloudflare
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/
32 KB
0
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"7ebb-565d53a1d6e40-gzip"
Age
300494
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
CXI12lBYZL_QckFzmsKotSTdkwfKhj6SVTAoNcq6zQqTyoLnTgI4_w==
Date
Sun, 10 Nov 2024 03:44:02 GMT
Content-Type
image/svg+xml
Vary
Accept-Encoding
Content-Disposition
attachment; filename="fortinet-logo-white.svg"
X-Frame-Options
SAMEORIGIN
Last-Modified
Thu, 22 Feb 2018 23:16:01 GMT
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Via
1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
1998
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
fg-rat-hero.jpg
www.fortinet.com/content/dam/fortinet-blog/article-heros/
117 KB
119 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/fg-rat-hero.jpg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
0cf246d6cd139b795a60b01f5d66885f3a685b2433222bd698371d429418d5ea
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"1d5a7-626349f6adec0"
Age
436228
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
JtKI5Ybyhf9ao0uSOSSzilphcF60qEx3-x9SbgLb8hZg1kkyD3j7Jg==
Date
Fri, 08 Nov 2024 14:02:34 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:41:55 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
120231
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
deep-analysis-of-new-emotet-variant-part-2.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/
35 KB
36 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/deep-analysis-of-new-emotet-variant-part-2.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
9ce9e23b2f0aff01f3a20cde4e99e014e306dfb3c420bee920ea9e0f323a6ccc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"8a6d-5673b5c033a00"
Age
372072
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
2FfTFM9saJltmaJGTSj7lr8Epnae0EzN2XLNHEkclDuXGJE9miOdoA==
Date
Sat, 09 Nov 2024 07:51:04 GMT
Content-Type
image/png
Last-Modified
Mon, 12 Mar 2018 18:32:08 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
35437
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
pdf-phishing-leads-to-nanocore-rat-targets-french-nationals.jpg.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/
153 KB
154 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/pdf-phishing-leads-to-nanocore-rat-targets-french-nationals.jpg.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
5a922a2c59c77d6ae5ce67413c452540ffe00b468d240ab6928531bab15fce2b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"26320-567c8817b12c0"
Age
363454
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
CVwnfKmHqTBc_LRqnBSg93uWj0objSG1WEFNF8nULl01R36qh4MWfw==
Date
Sat, 09 Nov 2024 10:14:42 GMT
Content-Type
image/png
Last-Modified
Mon, 19 Mar 2018 18:55:47 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 a1b25b0d3d9a8dc90e047cb69c24f48c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
156448
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
a_deep_dive_analysis_of_fallchill_remote_admin_tool.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/
12 KB
13 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/a_deep_dive_analysis_of_fallchill_remote_admin_tool.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
910ab43f73b6073142379650feb6de6f77744c9a418754fab9e8c71b12065c10
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"3022-5663656517780"
Age
296311
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
84GH-bVCo_LPuCO51wUkFRJQoe31QzEbiUX8e8h3AJkQD-4H-zRGzQ==
Date
Sun, 10 Nov 2024 04:53:45 GMT
Content-Type
image/png
Last-Modified
Tue, 27 Feb 2018 19:07:26 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 ded2db8c78a1ad7377261200a0bb44fa.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
12322
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
www.fortinet.com/etc/designs/fortinet/gfonts/
37 KB
38 KB
Font
General
Full URL
https://www.fortinet.com/etc/designs/fortinet/gfonts/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.fortinet.com
Referer
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Response headers

X-Vhost
publish
ETag
"9354-5df4fa74ff980"
Age
1093007
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
nFv5QYZ-54fLh8WDHbRB2Mt33wulOJpji4YqVt7733-67XsMSdD0Xw==
Date
Thu, 31 Oct 2024 23:35:33 GMT
Content-Type
application/octet-stream
Last-Modified
Wed, 18 May 2022 21:08:06 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=2000000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 a1b25b0d3d9a8dc90e047cb69c24f48c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
37716
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
69 B
305 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept
application/json
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, OPTIONS
cf-ray
8e1fb2fb195bc34e-EWR
access-control-allow-origin
*
date
Wed, 13 Nov 2024 15:12:17 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.10.0/
356 KB
78 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c44f719750dd68af8862cbcfa4ab17d67bf462fa44992e5043f073af63c72984
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
Bh9exWOPGIwRshWljrtlEw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
cf-bgj
minify
cf-cache-status
HIT
x-ms-version
2009-09-19
age
13244
content-encoding
gzip
x-content-type-options
nosniff
cf-polished
origSize=364824
date
Wed, 13 Nov 2024 15:12:17 GMT
content-type
application/javascript
last-modified
Thu, 03 Dec 2020 02:43:00 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
f4887a51-a01e-00a0-1512-205cec000000
cf-ray
8e1fb2fbb8bb42e1-EWR
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
fig01-remcos-rat-software-website.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image.img.jpeg/1730856265174/
50 KB
51 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image.img.jpeg/1730856265174/fig01-remcos-rat-software-website.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
ced16fb84941eb1582822542d082b1911b669ac0c125c3ba47d55e3521a1514c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"c888-6263460d52440"
Age
436228
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
vPlCov0XwRYzRqmJgFd6zbd9WPwxk8WiPAntP1ri7yXQa-zqpZfhhw==
Date
Wed, 13 Nov 2024 15:01:28 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:24:25 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 a1b25b0d3d9a8dc90e047cb69c24f48c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
51336
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig02-remcos-phishing-email.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_2145042393.img.jpeg/1730856285752/
77 KB
78 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_2145042393.img.jpeg/1730856285752/fig02-remcos-phishing-email.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
fc0de94620ef9ccacfa68e0c7fef1dd6ad73f7920acd47cc1009713af6f1b703
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"133db-6263462065140"
Age
436228
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
tK3asVC95hFVe0z1RKBnSzFpp6SYTVY31PJM7a22MDrEJjCPnGmRkg==
Date
Wed, 13 Nov 2024 15:01:28 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:24:45 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
78811
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
fig03-remcos-excel-file.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1526230262.img.jpeg/1730856306653/
77 KB
79 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1526230262.img.jpeg/1730856306653/fig03-remcos-excel-file.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
75e1826a8d1cd5059e09ca0c508d8da3228ecf159fd01316ec34eaef57543357
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"134ca-626346346c080"
Age
436097
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
w42LgFw2KHNSkUxXp8gdQJkEqpH5Sa1e8hNW-S1j1XrQuDP5CNnSxQ==
Date
Wed, 13 Nov 2024 15:01:28 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:25:06 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
79050
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig04-remcos-crafted-ole.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_978323627.img.jpeg/1730856324452/
146 KB
147 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_978323627.img.jpeg/1730856324452/fig04-remcos-crafted-ole.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
30e3ee538441256091bfe54048cdb9883bd4509a9e6e4b68827771ddb1cf4207
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"2471c-6263464596900"
Age
436104
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
5BZ8c-2YwIgq1SZrCzwtsrIKxGGN4iTDaSEf8J--uBeQJTIbLMdGHw==
Date
Wed, 13 Nov 2024 15:01:28 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:25:24 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 ded2db8c78a1ad7377261200a0bb44fa.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
149276
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig05-remcos-downloaded-hta.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_214426422.img.jpeg/1730856341252/
108 KB
110 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_214426422.img.jpeg/1730856341252/fig05-remcos-downloaded-hta.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
c5e2f3bd6de83dae9307b2eb56380edaef01582a4ca721583ce3c745b15c2388
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"1b119-62634655ccf40"
Age
436227
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
CU12KYHINPhG6yeGNDcwl5tb16wib2QSXFVBs31n8vdGXAZG-85ttw==
Date
Wed, 13 Nov 2024 15:01:28 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:25:41 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 1448cc53c16b560cf86c5348358d4682.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
110873
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig06-remcos-examples-script.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_215710500.img.jpeg/1730856359157/
169 KB
171 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_215710500.img.jpeg/1730856359157/fig06-remcos-examples-script.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
2bc3f32248814e53fb0792922dae3d54ebbeb6c7be7d95d20df0e2fa6a69ae67
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"2a4dd-62634666f77c0"
Age
435973
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
KnsX4Tq1rTdmvHy4s0oJWxNXyRr-N1G04gnRewQozJAFs9178_1Zlw==
Date
Wed, 13 Nov 2024 15:01:28 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:25:59 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
173277
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig07-remcos-extracted-files.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1869023178.img.jpeg/1730856378002/
66 KB
67 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1869023178.img.jpeg/1730856378002/fig07-remcos-extracted-files.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
f2489dc61786cfcc0a7d81d9ef195c9ad53620928e746388f507f59f76cbb258
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"106d0-6263467916280"
Age
435809
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
h8eNEOm47JvKvcb8WOJxmQtDnu3Be0-sk94MXm2BvfwmEmI9deLLlQ==
Date
Wed, 13 Nov 2024 15:01:28 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:26:18 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 a1b25b0d3d9a8dc90e047cb69c24f48c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
67280
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig08-remcos-dllhost-powershell.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1494152091.img.jpeg/1730856395632/
137 KB
138 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1494152091.img.jpeg/1730856395632/fig08-remcos-dllhost-powershell.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
3cafe408bf18e918d7daac870762a97244d03a73aca8ed7fe6a17141dfe34dad
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"22255-626346894c8c0"
Age
436104
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
HVELl7ZeciF5M1MrevO-Z5WM35f6o48d78SFFgrQgEk7n2lf7t0raw==
Date
Wed, 13 Nov 2024 15:01:28 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:26:35 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
139861
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig09-remcos-debugging-aerognosy.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1263028014.img.jpeg/1730856420367/
99 KB
100 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1263028014.img.jpeg/1730856420367/fig09-remcos-debugging-aerognosy.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
5f13d75795dbc9a02d514d38afb282a463efe4698b22c820a040b17c132a6127
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"18be6-626346a124100"
Age
436104
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
7GKPniyhTiNbFzgJvCDPrTxRoXmyB5YBbsMu3SA0Z6Fty1AlyyLDeQ==
Date
Wed, 13 Nov 2024 15:01:28 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:27:00 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
101350
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig10-remcos-decrypted-code.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1245682691.img.jpeg/1730856441657/
106 KB
107 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1245682691.img.jpeg/1730856441657/fig10-remcos-decrypted-code.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
8cbd18186b68edee7ccf8f12acfd296f3752d51cd0ebc04dff271e9d601d744d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"1a7ad-626346b52b040"
Age
436104
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
dcD7XPwTgomKe2ziS4x9T_-JVpsLI0nFZ1lqyfnQ1kKJpEUlWTEwOg==
Date
Wed, 13 Nov 2024 15:01:28 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:27:21 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 a1b25b0d3d9a8dc90e047cb69c24f48c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
108461
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig11-remcos-exception.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1504675537.img.jpeg/1730856457579/
91 KB
92 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1504675537.img.jpeg/1730856457579/fig11-remcos-exception.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
789e8ae2f43db57070e47d9ab0ec5ba687cd2e3525084d152b001cb17e36d03c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"16ae7-626346c46d440"
Age
435973
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
BAGUIZjyfzBzqWukE19BfOs_W0ppAj6uaGgf5E5Ov0-RGsvpjCZaow==
Date
Wed, 13 Nov 2024 15:01:28 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:27:37 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
92903
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig12-remcos-zwsetinformation.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1264330218.img.jpeg/1730856485385/
91 KB
92 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1264330218.img.jpeg/1730856485385/fig12-remcos-zwsetinformation.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
b726aa772c609165b5815643b26bb2e91d5d55d337a1cd073a0b9b943d77e869
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"16c89-626346df21340"
Age
435973
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
sorieM3JycBVdaQivOfCVlS45sKLOE4a4mKDYj008WOkBS8IYbdFeA==
Date
Wed, 13 Nov 2024 15:01:28 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:28:05 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 ded2db8c78a1ad7377261200a0bb44fa.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
93321
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig12a-remcos.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1026353546.img.jpeg/1730856721310/
37 KB
38 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1026353546.img.jpeg/1730856721310/fig12a-remcos.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
259bd74127f3150b5dbe1c2f9da49d1dbeeecce06bd0152f333839f448722ae2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"92e0-626347c032640"
Age
435807
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
fbPiByc36Pbj-wumjExYJGWHRhv0FsB7dF8TMDhICArdw6E4zlmS_w==
Date
Wed, 13 Nov 2024 15:01:29 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:32:01 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
37600
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig12b-remcos.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_2010556436.img.jpeg/1730856715090/
52 KB
53 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_2010556436.img.jpeg/1730856715090/fig12b-remcos.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
c3b557d8a9405227edbfd04c2f2f199168deceb2806059a02abba860054615a5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"cfaf-626347ba798c0"
Age
436104
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
bOwY_iA1j2dzdWRVVPIRck1Inclg1BPXycUIH0Q0GqJ178JUDxvjxA==
Date
Wed, 13 Nov 2024 15:01:29 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:31:55 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 1448cc53c16b560cf86c5348358d4682.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
53167
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig13-remcos-display.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_759706181.img.jpeg/1730856571640/
132 KB
133 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_759706181.img.jpeg/1730856571640/fig13-remcos-display.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
3923bff4786ef686d8dd4376b99c73c72b93e302b1dfb68243c7b620c4c27b99
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"20f13-62634731254c0"
Age
436097
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
OZKVpDsxTGRHncFUbL6uoqqRVvF4tcjkOZZZ1Xi5hDjdCtPnR5Sngg==
Date
Wed, 13 Nov 2024 15:01:29 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:29:31 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
134931
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig14-remcos-autorun.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_116464583.img.jpeg/1730856593234/
193 KB
194 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_116464583.img.jpeg/1730856593234/fig14-remcos-autorun.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
a1050b6624dd64bb43f5b8c093c1363ab2fdc3b0698ee486df2e7d897d2c6ef6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"302f9-6263474620640"
Age
436104
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
Qmi3tUmS2u3tQRyZlJDqt-qi2sJJdPPK-j9IUOOGdIPeUD8diOFSSg==
Date
Wed, 13 Nov 2024 15:01:29 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:29:53 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 a1b25b0d3d9a8dc90e047cb69c24f48c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
197369
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig15-remcos-payload.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1244753560.img.jpeg/1730856614418/
94 KB
96 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1244753560.img.jpeg/1730856614418/fig15-remcos-payload.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
38a4d98e8a644d2a59d5f709452915bec15b125de944590af7fcaeb06b2472ca
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"17920-6263475a27580"
Age
436096
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
Crraujq16FsNl7HuQ1auz0MJlOpNuDWA2Y8MZrZzxdmDScyG809S-A==
Date
Wed, 13 Nov 2024 15:01:29 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:30:14 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
96544
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig16-remcos-memory-view-decrypted-setting-blocl.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_116539316.img.jpeg/1730856630902/
209 KB
211 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_116539316.img.jpeg/1730856630902/fig16-remcos-memory-view-decrypted-setting-blocl.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
7d8bd939933062935977eeb7af4d11047164be70e17407be8c754458ae19ba4e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"34522-6263476969980"
Age
436103
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
hd2_PJOogEKO2-uLXP7v96HFsvzC-fRqt19ZqBMKK-zab-tcaSXzLQ==
Date
Wed, 13 Nov 2024 15:01:29 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:30:30 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 ded2db8c78a1ad7377261200a0bb44fa.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
214306
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig17-remcos-register-packet.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_320814119.img.jpeg/1730856652374/
266 KB
268 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_320814119.img.jpeg/1730856652374/fig17-remcos-register-packet.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
4874fa9fd13dc1a03d79114835648fcad2a4ea5f9e53a72a19f7a1c2f002de34
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"428a2-6263477e64b00"
Age
436104
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
ZYSXES9brynfEqAitN1fbRP1RJvANaUU41APnjlzPqJ4JRwbZ_tUTg==
Date
Wed, 13 Nov 2024 15:01:29 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:30:52 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 1448cc53c16b560cf86c5348358d4682.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
272546
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig17b-remcos-command.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1144901365.img.jpeg/1730856733204/
8 KB
9 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1144901365.img.jpeg/1730856733204/fig17b-remcos-command.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
32b4931413d5ce2afcf4ef52b12d39c3d6dd7247bd73c3a160c734b67c1a4c95
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"1f26-626347cba4140"
Age
436098
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
Wgj1f0BmIibNTUAv0QdxKbLMVU5X9zx7GoCcADlNajw0_lMTotiAdg==
Date
Wed, 13 Nov 2024 15:01:29 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:32:13 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
7974
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig18-remcos-send-process-list-c2.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_42816202.img.jpeg/1730856755219/
219 KB
220 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_42816202.img.jpeg/1730856755219/fig18-remcos-send-process-list-c2.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
d12d6916f244b407ef03c8a770d16da6a3aa60adef4d3ad50c6341c32fe841cc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"36ad6-626347e09f2c0"
Age
435972
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
WhFp_TMTInGtPSSjNrtlAB9cPNKbPV1IAARbpbDIHF6Fl9BjWoMdzg==
Date
Wed, 13 Nov 2024 15:01:29 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:32:35 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
223958
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig19-remcos-process-manager.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1820712132.img.jpeg/1730856776798/
122 KB
124 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1820712132.img.jpeg/1730856776798/fig19-remcos-process-manager.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
a5fedaddf8960351b7dcb1bf9b4a2ce58b28a336901d7eebe92b92c9aeb185f8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"1e978-626347f4a6200"
Age
436103
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
tr27ElLpTerXgGm5XYn9Ih5gxxg0I20L7JS56TGItJ44mUnCvwi9bg==
Date
Wed, 13 Nov 2024 15:01:29 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:32:56 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
125304
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig19-remcos-table.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_988305437.img.jpeg/1730856801764/
577 KB
578 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_988305437.img.jpeg/1730856801764/fig19-remcos-table.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
23ca5578686d651deed4508b104fe16de675ab296becda560dc17d741f090af1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"9046c-6263480c7da40"
Age
436103
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
i73u2rG-6zCEIuhvyK0-tkX_9PV_0Dw9Nbyc-Cx67LNJWR3xZnLL1Q==
Date
Wed, 13 Nov 2024 15:01:29 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:33:21 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
590956
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
fig20-remcos-workflow.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_109718400.img.jpeg/1730856820846/
69 KB
71 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_109718400.img.jpeg/1730856820846/fig20-remcos-workflow.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
c93c62ebfd2a7f0e95f77ea558c53c2536ba327c1a28ad4870f2d518476500b6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"115f2-6263481e9c500"
Age
436097
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
yu65xDzgg9Dhk57T2xthEDCmPgfDIW0S9cN8nHNsI3kZQSx4KrI-sg==
Date
Wed, 13 Nov 2024 15:01:29 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:33:40 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 a1b25b0d3d9a8dc90e047cb69c24f48c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
71154
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
en.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/68cad325-7b77-4fcb-9f98-ba2e81aa9045/
99 KB
24 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/68cad325-7b77-4fcb-9f98-ba2e81aa9045/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ad0607daba7c0ddecacb3c696099e761076f147549440a7b3c4baa8f67ddaac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
SDJFQYswktbx6w5cJzzMRQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC07DF2B6F9C71
age
69672
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Thu, 14 Nov 2024 15:12:17 GMT
date
Wed, 13 Nov 2024 15:12:17 GMT
content-type
application/json
last-modified
Thu, 28 Dec 2023 19:57:06 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
6c547f26-001e-002e-324c-26134d000000
cf-ray
8e1fb2fc6d379e1a-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
24004
x-ms-blob-type
BlockBlob
server
cloudflare
otFlat.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/
13 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
W9e0YobmEbvdB0V9OmpQkw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8D89735209A34D6
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
41178
x-content-type-options
nosniff
date
Wed, 13 Nov 2024 15:12:17 GMT
content-type
application/json
last-modified
Thu, 03 Dec 2020 02:42:50 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
9d92755c-601e-00d0-506b-cd2f28000000
cf-ray
8e1fb2fdaed19e1a-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
3329
x-ms-blob-type
BlockBlob
server
cloudflare
otPcTab.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/
45 KB
12 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
zNsRoM1FEmsEgJoYMCNTng==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8D897352245C4EA
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
77469
x-content-type-options
nosniff
date
Wed, 13 Nov 2024 15:12:17 GMT
content-type
application/json
last-modified
Thu, 03 Dec 2020 02:42:53 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
77f313b5-301e-0034-7eb4-210a4b000000
cf-ray
8e1fb2fdaed49e1a-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
11755
x-ms-blob-type
BlockBlob
server
cloudflare
launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
assets.adobedtm.com/
506 KB
122 KB
Script
General
Full URL
https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
0cd344605a83e699d26efaf3206c882e108d1197292e2f3b4c327a24ed53e613
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"5af35dc6c4eab0ab0109cd04e32f1d39:1730940560.67827"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:17 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
124401
date
Wed, 13 Nov 2024 15:12:17 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:20 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
id
dpm.demdex.net/
367 B
918 B
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1731510737813
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.197.70.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-197-70-51.compute-1.amazonaws.com
Software
/
Resource Hash
8597ad2e8b2fc6e05e60562da3d66e3b15f1c046ff172983d21912bdf189f10b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-va6-1-v068-054035f0a.edge-va6.demdex.com 3 ms
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
x-tid
IRFZpf+XTB4=
expires
Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin
https://www.fortinet.com
content-length
312
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Wed, 13 Nov 2024 15:12:17 GMT
content-type
application/json;charset=utf-8
vary
Origin
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP31dbb9c60e404ba1aa6e746d49be6f29/
35 KB
13 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP31dbb9c60e404ba1aa6e746d49be6f29/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
7db8d077fc21c20f1449a2603d524e423cfa25d7df6d5fd845a8e5e883aa227e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache
timing-allow-origin
*
content-encoding
gzip
etag
"66aabcd8a7ba429711eebdad8acc3dd6:1729811534.672229"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:17 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
13011
date
Wed, 13 Nov 2024 15:12:17 GMT
content-type
application/x-javascript
last-modified
Thu, 24 Oct 2024 23:12:14 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP31dbb9c60e404ba1aa6e746d49be6f29/
3 KB
2 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP31dbb9c60e404ba1aa6e746d49be6f29/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
2a250e2f225e48cf583d54a0a42d623c700847de17323bf23ea372e5d9e89cb2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache
timing-allow-origin
*
content-encoding
gzip
etag
"ddda3fb3f27121fcba6a33a82f32d57c:1729811534.987187"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:17 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
1598
date
Wed, 13 Nov 2024 15:12:17 GMT
content-type
application/x-javascript
last-modified
Thu, 24 Oct 2024 23:12:14 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
0786.js
script.crazyegg.com/pages/scripts/0117/
7 KB
3 KB
Script
General
Full URL
https://script.crazyegg.com/pages/scripts/0117/0786.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16fb72ffe51980a00e52edf9a001b7d560b2bdbd1a56e04366a70b674204c359

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-expose-headers
CE-Version
content-encoding
gzip
cf-cache-status
HIT
age
94157
alt-svc
h3=":443"; ma=86400
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
text/javascript
last-modified
Tue, 12 Nov 2024 13:02:11 GMT
vary
Accept-Encoding
cache-control
public, max-age=300, s-maxage=1209600
timing-allow-origin
*
cf-ray
8e1fb3011c1e0cb8-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
2481
ce-version
11.5.306
server
cloudflare
6si.min.js
j.6sc.co/
68 KB
19 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.207 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-207.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
56df5bf2317bc2156b954c3fd2913afcce23eb4947c47f3ac401017dc4a0151d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
private, proxy-revalidate, max-age=10800
content-encoding
gzip
etag
"66fb91ae-111d7"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 18:12:18 GMT
accept-ranges
bytes
content-length
18830
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
last-modified
Tue, 01 Oct 2024 06:07:42 GMT
obtp.js
amplify.outbrain.com/cp/
30 KB
10 KB
Script
General
Full URL
https://amplify.outbrain.com/cp/obtp.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.199.49.127 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-199-49-127.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
da7fd15533dece70af68accd0eae75fc46e3ee044da41bdef69215d375af95c5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Cache-Control
max-age=1200
Content-Encoding
gzip
ETag
"a5f728b2b15c692a274e233ef348d0fd:1730623228.037657"
Connection
keep-alive
Expires
Wed, 13 Nov 2024 15:32:18 GMT
Accept-Ranges
bytes
X-CC
US
Content-Length
9305
X-RG
NA
Date
Wed, 13 Nov 2024 15:12:18 GMT
Content-Type
application/x-javascript
Last-Modified
Sun, 03 Nov 2024 08:37:25 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
25f2dd15-02c6-4e7a-bc8b-c5722b49624d
tag.simpli.fi/sifitag/
3 KB
2 KB
Script
General
Full URL
https://tag.simpli.fi/sifitag/25f2dd15-02c6-4e7a-bc8b-c5722b49624d
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.171.47.125 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
125.47.171.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
c6bcc71f8a9f5497ccc35e3aa16e00110504488fef71fffea99853274f9d7c86

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

x-request-id
GAeP16r5tBEZVNvV62vB
cache-control
max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-encoding
gzip
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
openresty
bat.js
bat.bing.com/
50 KB
15 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:2::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
gzip
etag
"028e0691d20db1:0"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 0C1CFFB2D2874B8BBC06A1192C7AF691 Ref B: BL2AA2030102037 Ref C: 2024-11-13T15:12:18Z
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
14570
date
Wed, 13 Nov 2024 15:12:17 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 22:47:44 GMT
vary
Accept-Encoding
RC41e16e9b16d1408cbf43b5b2e7378738-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
9 KB
2 KB
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC41e16e9b16d1408cbf43b5b2e7378738-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
b5434794dd48d15d9e0a31e0d6b9b64afb739c5835bd1972e84096d1e35f4ed1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:18 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
1844
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
358 B
509 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
7c502d550f5fe20eee417decbabf97452005f80d5ffe8933e2b0fe8cbcf33fe9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:18 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
229
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RCa4add8b607f6404fbd2aba7ee4b9abad-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
703 B
708 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RCa4add8b607f6404fbd2aba7ee4b9abad-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
0e558bfe20ca32463b1b3ba7fc2e06dac3850e7f816c5071599d3c150eeb65f1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:18 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
427
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
dest5.html
fortinet.demdex.net/ Frame 149D
0
0
Document
General
Full URL
https://fortinet.demdex.net/dest5.html?d_nsid=0
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.196.87.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-87-99.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.fortinet.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 13 Nov 2024 15:12:18 GMT
dcs
dcs-prod-va6-2-v068-090c7171d.edge-va6.demdex.com 2 ms
expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Mon, 11 Nov 2024 10:47:24 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
vary
accept-encoding
x-tid
o7WTyQGnSMc=
ibs:dpid=411&dpuuid=ZzTB0gAAAJARZQOH
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=19970388947444869440355377206328874018
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZzTB0gAAAJARZQOH
42 B
716 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZzTB0gAAAJARZQOH
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Server
44.197.70.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-197-70-51.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-va6-2-v068-02e651afb.edge-va6.demdex.com 2 ms
content-encoding
gzip
pragma
no-cache
x-content-type-options
nosniff
x-tid
Q1BmKgL6Qtc=
expires
Thu, 01 Jan 1970 00:00:00 UTC
content-length
59
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
image/gif

Redirect headers

Cache-Control
no-cache
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZzTB0gAAAJARZQOH
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Length
0
Date
Wed, 13 Nov 2024 15:12:18 GMT
Connection
keep-alive
Server
AMO-cookiemap/1.1
delivery
fortinet.tt.omtrdc.net/rest/v1/
351 B
842 B
XHR
General
Full URL
https://fortinet.tt.omtrdc.net/rest/v1/delivery?client=fortinet&sessionId=1e899172c021407ab885daf85a49b36c&version=2.10.0
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.37.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-37-206.data.adobedc.net
Software
jag /
Resource Hash
801e4325464c76fda11cc9d2ef9837d491cfb00183eca0d7cd36f491d019eb45
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
1d5d1955-f220-47ad-8196-c704055b6faa
cache-control
no-cache, no-store, max-age=0, no-transform, private
timing-allow-origin
*
content-encoding
gzip
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
access-control-allow-origin
https://www.fortinet.com
date
Wed, 13 Nov 2024 15:12:18 GMT
x-xss-protection
1; mode=block
content-type
application/json;charset=UTF-8
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
server
jag
00ad3119690e692fd6990245f9741ea8f1
wave.outbrain.com/mtWavesBundler/handler/
2 B
515 B
Script
General
Full URL
https://wave.outbrain.com/mtWavesBundler/handler/00ad3119690e692fd6990245f9741ea8f1
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.199.49.127 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-199-49-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
Cache-Control
max-age=60
ob-sent-time
1731493196862
Content-Encoding
gzip
ETag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Connection
keep-alive
Expires
Wed, 13 Nov 2024 15:13:18 GMT
Access-Control-Allow-Origin
*
X-CC
US
Content-Length
22
X-RG
NA
Date
Wed, 13 Nov 2024 15:12:18 GMT
Content-Type
text/html; charset=utf-8
Vary
Accept-Encoding
x-traceid
d0f6e3794fdb61f46f98b9556ef685e
topics
amplify.outbrain.com/
26 B
301 B
Fetch
General
Full URL
https://amplify.outbrain.com/topics
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.199.49.127 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-199-49-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Cache-Control
max-age=1200
Connection
keep-alive
Observe-Browsing-Topics
?1
Expires
Wed, 13 Nov 2024 15:32:18 GMT
Access-Control-Allow-Origin
*
X-CC
US
Content-Length
26
X-RG
NA
Date
Wed, 13 Nov 2024 15:12:18 GMT
Content-Type
text/html
unifiedPixel
tr.outbrain.com/
53 B
321 B
Fetch
General
Full URL
https://tr.outbrain.com/unifiedPixel?au=false&bust=0299795178270291&referrer=&cht=ot&marketerId=00ad3119690e692fd6990245f9741ea8f1&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&g=0&zone=all&obApiVersion=1.1&obtpVersion=2.0.5
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
70.42.32.95 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache
content-length
54
content-encoding
br
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
image/gif;
x-traceid
52c44fb1519db0068a83f59a19506c0d
cachedClickId
tr.outbrain.com/
35 B
293 B
Script
General
Full URL
https://tr.outbrain.com/cachedClickId?marketerId=00ad3119690e692fd6990245f9741ea8f1
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
70.42.32.95 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
39
content-encoding
br
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
application/javascript
x-traceid
baa3a686d9f42ae441be815903aec76d
www.fortinet.com.json
script.crazyegg.com/pages/data-scripts/0117/0786/site/
5 KB
2 KB
XHR
General
Full URL
https://script.crazyegg.com/pages/data-scripts/0117/0786/site/www.fortinet.com.json?t=1
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3b9f816048eba794278ecb39ff263ac3b7bc55c235b1c6c891c42b11f8435b8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-expose-headers
CE-Version
content-encoding
gzip
cf-cache-status
HIT
age
94157
alt-svc
h3=":443"; ma=86400
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
application/json
last-modified
Tue, 12 Nov 2024 13:02:11 GMT
vary
Accept-Encoding
cache-control
public, max-age=300, s-maxage=1209600
timing-allow-origin
*
cf-ray
8e1fb3020e7643fd-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
1568
ce-version
11.5.306
server
cloudflare
/
c.6sc.co/
7 B
330 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Access-Control-Max-Age
86400
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET,POST
Access-Control-Allow-Origin
https://www.fortinet.com
Content-Length
7
Date
Wed, 13 Nov 2024 15:12:18 GMT
Content-Type
text/html
Access-Control-Allow-Headers
*
/
ipv6.6sc.co/
21 B
314 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2e::17d1:48c5 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
841a39a0467da2371e471d6606d276adcb6c6f23339dd1d4fff7c4a6db23ca4e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
pragma
no-cache
6si-ipv6
2600:803:a88:3024::24
expires
Wed, 13 Nov 2024 15:12:18 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731510738261_399550033_884555720_105_614_11_39_219";dur=1
access-control-allow-origin
https://www.fortinet.com
content-length
21
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
text/html
vary
Origin
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A18%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22See%20how%20threat%20actors%20have%20abused%20Remcos%20to%20collect%20sensitive%20information%20from%20victims%20and%20remotely%20control%20their%20computers%20to%20perform%20further%20malicious%20acts.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Crat%22%2C%22title%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=ab08ebfe-e80d-4ace-8fd2-aeebfd13dcf2&v=1.1.29
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"60bb2e15-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:18 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
image/gif
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2013%20Nov%202024%2015%3A12%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%225eeecf22b2d12a77a14639dce97b7a36%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2013%20Nov%202024%2015%3A12%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2013%20Nov%202024%2015%3A12%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2013%20Nov%202024%2015%3A12%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%227381d1d7c753fe2d8e217c3fdc44c0f17418dcc4%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2013%20Nov%202024%2015%3A12%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22See%20how%20threat%20actors%20have%20abused%20Remcos%20to%20collect%20sensitive%20information%20from%20victims%20and%20remotely%20control%20their%20computers%20to%20perform%20further%20malicious%20acts.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Crat%22%2C%22title%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=ab08ebfe-e80d-4ace-8fd2-aeebfd13dcf2&v=1.1.29
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"5e502810-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:18 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
image/gif
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
17532650.js
bat.bing.com/p/action/
364 B
411 B
Script
General
Full URL
https://bat.bing.com/p/action/17532650.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:2::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cce2184ec089babc70ded47b8474c543f6a5ff013e4bfd9dbae8689489bb13ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
br
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: A6A658B9CB26471ABDA82B02C5C41238 Ref B: BL2AA2030102037 Ref C: 2024-11-13T15:12:18Z
x-cache
CONFIG_NOCACHE
date
Wed, 13 Nov 2024 15:12:17 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
js
www.googletagmanager.com/gtag/
322 KB
108 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
21038f3ced53774e4fffbfc58254119f35e8a1b9e0bfcb6dc39971d263d0ecf0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 13 Nov 2024 15:12:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
109440
x-xss-protection
0
server
Google Tag Manager
0
bat.bing.com/action/
0
360 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=17532650&tm=al001&Ver=2&mid=e2cc27e7-8a85-4a0f-b519-1636438673da&bo=1&sid=ac4eec00a1d111ef8a8d8dd4e10cb687&vid=ac4f34e0a1d111efb5909bbdfd62b203&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&kw=FortiGuard%20Labs%20Threat%20Research,rat&p=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&r=&lt=1111&pt=1731510736133,,,,,1,2,4,4,245,6,246,315,347,338,1095,1095,1111,,,&pn=0,0&evt=pageLoad&sv=1&cdb=AQET&rn=221951
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:2::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, must-revalidate
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 86B2D085FD0D4EE9AFDFDF1660091699 Ref B: BL2AA2030102037 Ref C: 2024-11-13T15:12:18Z
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Wed, 13 Nov 2024 15:12:17 GMT
c145caf9bd0f62535e3720b5d68c2190.js
script.crazyegg.com/pages/versioned/common-scripts/
105 KB
36 KB
Script
General
Full URL
https://script.crazyegg.com/pages/versioned/common-scripts/c145caf9bd0f62535e3720b5d68c2190.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfb50654266cd61ddc1f60811a6f517eddab6abeca093e5369fe0e61dacd32f3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
public, max-age=31536000, s-maxage=31536000
timing-allow-origin
*
content-encoding
gzip
cf-cache-status
HIT
age
94217
cf-ray
8e1fb3027dda0cb8-EWR
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
36518
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
text/javascript
last-modified
Mon, 21 Oct 2024 19:09:58 GMT
vary
Accept-Encoding
server
cloudflare
details
eps.6sc.co/v3/company/
764 B
664 B
XHR
General
Full URL
https://eps.6sc.co/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.231.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afe865822f884bb48.awsglobalaccelerator.com
Software
/
Resource Hash
b14dd8572d41acd561188da5417cef18c475b3621a03be38f12fe100ef84a795

Request headers

Authorization
Token 7381d1d7c753fe2d8e217c3fdc44c0f17418dcc4
X-6s-CustomID
WebTag1.0 5eeecf22b2d12a77a14639dce97b7a36
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-expose-headers
X-6si-Region
timing-allow-origin
https://6sense.com
content-encoding
gzip
x-6si-region
access-control-allow-credentials
true
access-control-allow-origin
https://www.fortinet.com
content-length
404
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
application/json
vary
Origin, Accept-Encoding
details
eps.6sc.co/v3/company/ Frame
0
0
Preflight
General
Full URL
https://eps.6sc.co/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.231.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afe865822f884bb48.awsglobalaccelerator.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-6s-customid
Access-Control-Request-Method
GET
Origin
https://www.fortinet.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,x-6s-customid
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.fortinet.com
access-control-expose-headers
X-6si-Region
access-control-max-age
1800
content-length
0
date
Wed, 13 Nov 2024 15:12:18 GMT
timing-allow-origin
https://6sense.com
x-6si-region
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=ipv6&q=%7B%22address%22%3A%222600%3A803%3Aa88%3A3024%3A%3A24%22%7D&isIframe=false&m=%7B%22description%22%3A%22See%20how%20threat%20actors%20have%20abused%20Remcos%20to%20collect%20sensitive%20information%20from%20victims%20and%20remotely%20control%20their%20computers%20to%20perform%20further%20malicious%20acts.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Crat%22%2C%22title%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=ab08ebfe-e80d-4ace-8fd2-aeebfd13dcf2&ipv6=2600%3A803%3Aa88%3A3024%3A%3A24&v=1.1.29
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"5e502810-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:18 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
image/gif
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
www.fortinet.com.json
script.crazyegg.com/pages/data-scripts/0117/0786/sampling/
46 B
278 B
XHR
General
Full URL
https://script.crazyegg.com/pages/data-scripts/0117/0786/sampling/www.fortinet.com.json?t=1
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/c145caf9bd0f62535e3720b5d68c2190.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a2816206ea0d9b29d21a55ff5a266058db372a3f87696a6a463bdc85cb1a949

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-expose-headers
CE-Version
content-encoding
gzip
cf-cache-status
HIT
age
94207
alt-svc
h3=":443"; ma=86400
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
application/json
last-modified
Tue, 12 Nov 2024 13:02:11 GMT
vary
Accept-Encoding
cache-control
public, max-age=300, s-maxage=1209600
timing-allow-origin
*
cf-ray
8e1fb303d8e543fd-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
65
ce-version
11.5.306
server
cloudflare
api.min.js
a.opmnstr.com/app/js/
47 KB
17 KB
Script
General
Full URL
https://a.opmnstr.com/app/js/api.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-NY1-885 /
Resource Hash
7c766428dac46814e1fec869d324282ea07cfe306868967aa8a372a3616ed4ed

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

perma-cache
HIT
cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding
br
etag
"672cd5de-bb7b"
cdn-fileserver
622
date
Wed, 13 Nov 2024 15:12:18 GMT
cdn-storageserver
NY-427
last-modified
Thu, 07 Nov 2024 14:59:42 GMT
content-type
application/javascript
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode
200
cdn-cachedat
11/10/2024 02:23:44
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
cdn-requesttime
0
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid
2e3ad7ea6309c13ceae525d559dbb603
cdn-pullzone
293267
cdn-proxyver
1.06
access-control-allow-origin
*
cdn-edgestorageid
885
server
BunnyCDN-NY1-885
cdn-requestcountrycode
US
collect
www.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-38BQ9XFDT4&gtm=45je4b70v9191763579za200&_p=1731510738572&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101823848~101925629~102077855&cid=2050926505.1731510739&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1731510738&sct=1&seg=0&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&dt=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2544
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.fortinet.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
text/plain
server
Golfe2
clock
tracking.crazyegg.com/
39 B
145 B
XHR
General
Full URL
https://tracking.crazyegg.com/clock?u=1170786&st=424000&t=1731510738709&tk=329ee1373036c5ddcda74cf257baa0a6
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/c145caf9bd0f62535e3720b5d68c2190.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.141.188.58 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-141-188-58.us-east-2.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
0584489ac2594564e89e62ce6643510eaeed8edbb3f74b45a6082d72a8acce78

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://www.fortinet.com/

Response headers

cache-control
no-store
access-control-allow-origin
*
content-length
39
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
text/plain
server
awselb/2.0
clock
tracking.crazyegg.com/ Frame
0
0
Preflight
General
Full URL
https://tracking.crazyegg.com/clock?u=1170786&st=424000&t=1731510738709&tk=329ee1373036c5ddcda74cf257baa0a6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.141.188.58 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-141-188-58.us-east-2.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.fortinet.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Authorization,Content-Type,Access-Control-Allow-Origin,Access-Control-Allow-Methods
access-control-allow-methods
*
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public, max-age=86400
date
Wed, 13 Nov 2024 15:12:18 GMT
server
awselb/2.0
vary
Access-Control-Request-Headers, Origin, Access-Control-Request-Method
v
v.eps.6sc.co/ Frame
0
0
Preflight
General
Full URL
https://v.eps.6sc.co/v
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.219.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-219-106.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.fortinet.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Wed, 13 Nov 2024 15:12:18 GMT
via
1.1 1461aa0cc0d6d2fb29baf25a00e64194.cloudfront.net (CloudFront)
x-amz-apigw-id
BMM5AFtIIAMEAeA=
x-amz-cf-id
1nW_HtFJ_2rbEgR8dZC322JtqWpWeVtoqADpAlU1MT9ZUtQ-7_xdNA==
x-amz-cf-pop
JFK52-P1
x-amzn-requestid
c4c18ffd-e176-4a52-9d53-30a460fd178d
x-cache
Miss from cloudfront
v
v.eps.6sc.co/
12 B
518 B
XHR
General
Full URL
https://v.eps.6sc.co/v
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.219.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-219-106.jfk52.r.cloudfront.net
Software
/
Resource Hash
512a4f403d30a587ad5ab0b9fa7b2fd4f078249ee03f9c23c445332838f6a436

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://www.fortinet.com/

Response headers

x-amz-apigw-id
BMM5BEeeoAMESDQ=
x-amzn-trace-id
Root=1-6734c1d2-2fb97766216cdd980a85b5ed;Parent=64ce9f151c224aee;Sampled=0;Lineage=1:56167173:0
access-control-allow-methods
OPTIONS,POST
x-amzn-requestid
c16299c5-c0ac-41ed-8a58-e63e941bd3c9
via
1.1 1461aa0cc0d6d2fb29baf25a00e64194.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
12
x-amz-cf-id
xrjMRZwvFJFalH9zuSBRhpKsWFXh1xil8PCeAYatSemOGk0-z-pN4A==
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/json
x-amz-cf-pop
JFK52-P1
access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=6sense-temp-analytics&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=https%3A%2F%2Feps.6sc.co&q=%7B%22name%22%3A%22https%3A%2F%2Feps.6sc.co%2Fv3%2Fcompany%2Fdetails%22%2C%22entryType%22%3A%22resource%22%2C%22startTime%22%3A2195.199999809265%2C%22duration%22%3A340.80000019073486%2C%22initiatorType%22%3A%22xmlhttprequest%22%2C%22deliveryType%22%3A%22%22%2C%22nextHopProtocol%22%3A%22%22%2C%22renderBlockingStatus%22%3A%22non-blocking%22%2C%22workerStart%22%3A0%2C%22redirectStart%22%3A0%2C%22redirectEnd%22%3A0%2C%22fetchStart%22%3A2195.199999809265%2C%22domainLookupStart%22%3A0%2C%22domainLookupEnd%22%3A0%2C%22connectStart%22%3A0%2C%22secureConnectionStart%22%3A0%2C%22connectEnd%22%3A0%2C%22requestStart%22%3A0%2C%22responseStart%22%3A0%2C%22firstInterimResponseStart%22%3A0%2C%22responseEnd%22%3A2536%2C%22transferSize%22%3A0%2C%22encodedBodySize%22%3A0%2C%22decodedBodySize%22%3A0%2C%22responseStatus%22%3A200%2C%22serverTiming%22%3A%5B%5D%2C%22metadata%22%3A%7B%22region%22%3A%22header-blocked%22%7D%7D&isIframe=false&m=%7B%22endpoint%22%3A%22epsilon.6sense.com%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=&d=1&v=1.1.29
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"60bb2e15-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:18 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
image/gif
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
api.min.css
a.omappapi.com/app/js/
10 KB
3 KB
Stylesheet
General
Full URL
https://a.omappapi.com/app/js/api.min.css
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-NY1-885 /
Resource Hash
d491f197645c391fa5f44c565d359352a3b1e714e8cb0c2e71ed0a21588d45bd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

perma-cache
HIT
cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding
br
etag
"672cd234-2644"
cdn-fileserver
749
date
Wed, 13 Nov 2024 15:12:18 GMT
cdn-storageserver
NY-353
last-modified
Thu, 07 Nov 2024 14:44:04 GMT
content-type
text/css
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode
200
cdn-cachedat
11/13/2024 15:11:12
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
cdn-requesttime
0
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid
7a5f829d96e8302cde1b3d5acd2e32d0
cdn-pullzone
293267
cdn-proxyver
1.06
access-control-allow-origin
*
cdn-edgestorageid
885
server
BunnyCDN-NY1-885
cdn-requestcountrycode
US
39852
api.omappapi.com/v2/embed/
165 B
593 B
XHR
General
Full URL
https://api.omappapi.com/v2/embed/39852?d=fortinet.com
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2908 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

x-user-agent
standard--
cf-cache-status
DYNAMIC
expires
Wed, 13 Nov 2024 15:12:30 GMT
x-cache
Error from cloudfront
x-amz-cf-id
lAm2YNw3xIa_KjX2QsURe7gh5d_ZtEXXXR4G9WihvfK7_0gMoYlKcg==
date
Wed, 13 Nov 2024 15:12:18 GMT
x-cache-config
0 0
content-type
application/json
vary
Accept-Encoding, User-Agent
access-control-allow-headers
X-CSRF-Token
cache-control
public, max-age=120, stale-while-revalidate=1800
via
1.1 1baed9857df8e3a07a6cd7cd51feb3f8.cloudfront.net (CloudFront)
cf-ray
8e1fb306483642e9-EWR
access-control-allow-origin
*
content-length
165
x-amz-cf-pop
EWR53-P1
server
cloudflare
tracking.js
trk.techtarget.com/
3 KB
2 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=0; includeSubDomains; preload
cache-control
public, max-age=1200
content-encoding
br
cf-cache-status
HIT
age
31845
via
1.1 google
cf-ray
8e1fb3064fa77288-EWR
expires
Wed, 13 Nov 2024 15:32:18 GMT
date
Wed, 13 Nov 2024 15:12:18 GMT
content-type
text/javascript
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
vary
Accept-Encoding
server
cloudflare
tag.js
abm-tracking.demandscience.com/
2 KB
2 KB
Script
General
Full URL
https://abm-tracking.demandscience.com/tag.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
1885fa140df271c97bf904d43f5385b84aa7458ff60cc20dae89ca4e9df959d9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Cache-Control
public, max-age=0
ETag
W/"879-19321dea034"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2169
Date
Wed, 13 Nov 2024 15:12:19 GMT
Content-Type
application/javascript; charset=UTF-8
X-Powered-By
Express
Server
nginx/1.18.0 (Ubuntu)
Last-Modified
Tue, 12 Nov 2024 19:34:18 GMT
wid.tracker.js
tmp.argusplatform.com/js/
8 KB
3 KB
Script
General
Full URL
https://tmp.argusplatform.com/js/wid.tracker.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b697c4c8e7c22fa7e18ccef66c1bda6610f19ec8c7d1c60fb3696db54ea5362e
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preloadmax-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preloadmax-age=31536000
cache-control
public, must-revalidate, max-age=30
x-dns-prefetch-control
off
content-encoding
br
etag
"28476869"
referrer-policy
same-origin
x-content-type-options
nosniff
x-cache
CONFIG_NOCACHE
date
Wed, 13 Nov 2024 15:12:19 GMT
x-xss-protection
1; mode=block
content-type
text/javascript
last-modified
Sat, 08 Jun 2024 11:51:22 GMT
vary
Accept-Encoding
x-azure-ref
20241113T151218Z-16f46f88f96ldt2jhC1TEBu5sc00000002a0000000005xtf
js
pixel.mathtag.com/event/
161 B
711 B
Script
General
Full URL
https://pixel.mathtag.com/event/js?mt_id=1629896&mt_adid=260855&mt_exem=&mt_excl=&v2=&v3=&s1=&s2=&s3=&v1=en:blog:threat-research:new-campaign-uses-remcos-rat-to-exploit-victims
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.140.211 Reston, United States, ASN30419 (PAEDAE-INC, US),
Reverse DNS
Software
MT3 1668 f41eadd master iad iad-pixel-x2 config_version:"3358" /
Resource Hash
98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457
Security Headers
Name Value
Strict-Transport-Security 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Strict-Transport-Security
31536000
Cache-Control
no-cache
Content-Encoding
gzip
Connection
close
Cross-Origin-Resource-Policy
cross-origin
Referrer-Policy
strict-origin
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
all
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date
Wed, 13 Nov 2024 15:12:18 GMT
X-XSS-Protection
0
Content-Type
text/javascript
Server
MT3 1668 f41eadd master iad iad-pixel-x2 config_version:"3358"
s59399700025766
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/
43 B
372 B
Image
General
Full URL
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s59399700025766?AQB=1&ndh=1&pf=1&t=13%2F10%2F2024%205%3A12%3A18%203%20600&sdid=3787D4BCF0F1C200-481E61EC55EB643C&mid=19592882991514515600317696975197894058&aamlh=7&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&cc=USD&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&v106=San%20Jose&v107=California&v108=United%20States&v126=NA&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.37.244 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-37-244.data.adobedc.net
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache, no-store, max-age=0, no-transform, private
pragma
no-cache
etag
3718391000147787776-4618519649506177105
x-content-type-options
nosniff
expires
Tue, 12 Nov 2024 15:12:19 GMT
access-control-allow-origin
*
p3p
CP="This is not a P3P policy"
content-length
43
date
Wed, 13 Nov 2024 15:12:19 GMT
x-xss-protection
1; mode=block
last-modified
Thu, 14 Nov 2024 15:12:19 GMT
vary
*
server
jag
content-type
image/gif;charset=utf-8
gif.gif
ibc-flow.techtarget.com/a/
0
0

gif.gif
ibc-flow.techtarget.com/a/ Frame
0
0
Preflight
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1731510738985&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://www.fortinet.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 13 Nov 2024 15:12:19 GMT
expires
Wed, 13 Nov 2024 15:12:19 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
AHmUCY09Ib9HqKW6NQpPl1dNnLiLh0FCr3hfRriqMNvizlxRSccPiIx4B7p4OxtHI_2iB-yBGeg
/
pixels.argusplatform.com/wh/track/
205 B
469 B
XHR
General
Full URL
https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1731510739707166422&event_type=page_request&timestamp=1731510739&page_title=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&page_url_referer=
Requested by
Host: tmp.argusplatform.com
URL: https://tmp.argusplatform.com/js/wid.tracker.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

request-context
appId=cid-v1:ead16ead-3a47-42dd-aec9-91a1bbb42ff5
strict-transport-security
max-age=31536000
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/json; charset=utf-8
x-azure-ref
20241113T151219Z-16744fb5bd5gjmnzhC1TEBvh2s00000000d00000000054k0
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A19%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A18%20GMT%22%2C%22timeSpent%22%3A%221010%22%2C%22totalTimeSpent%22%3A%221010%22%7D&isIframe=false&m=%7B%22description%22%3A%22See%20how%20threat%20actors%20have%20abused%20Remcos%20to%20collect%20sensitive%20information%20from%20victims%20and%20remotely%20control%20their%20computers%20to%20perform%20further%20malicious%20acts.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Crat%22%2C%22title%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=ab08ebfe-e80d-4ace-8fd2-aeebfd13dcf2&ipv6=2600%3A803%3Aa88%3A3024%3A%3A24&v=1.1.29
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"615ccf10-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:19 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
image/gif
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
fp.min.js
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/
33 KB
14 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
Requested by
Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ba1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-expose-headers
*
content-encoding
br
cf-cache-status
HIT
etag
W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
age
13750
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BPYLax%2B4hCeFJ%2FEDW9h5xzEkQwa8jYA3viXA9ZetCNajdlXMY96MAEk7j%2B%2F0pUoXRpVpUW2b3aGP5t6mBzduCz%2FljboDWmUvwDBDtj9TG7HodBuJHLHsa79L%2Be9mgI5Q2xE%2Bs%2FxnRRpittEM2Qw%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443"; ma=86400
x-cache
HIT, HIT
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220049-FRA, cache-lga21925-LGA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8e1fb309787a8c54-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
13749
server
cloudflare
x-jsd-version
3.4.2
site-visitors
intentstream.contanuity.com/api/
115 B
374 B
Fetch
General
Full URL
https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=fortinet_2712
Requested by
Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-226-187-177.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
930494fef37c0c702073ceeddd12da067bba2824f8eba39e1f9a3c5332bec6b6
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
x-pixel-auth
true
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=15724800; includeSubdomains
access-control-expose-headers
WWW-Authenticate,Server-Authorization
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
115
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/json; charset=utf-8
vary
origin
server
nginx
site-visitors
intentstream.contanuity.com/api/ Frame
0
0
Preflight
General
Full URL
https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=fortinet_2712
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-226-187-177.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
x-pixel-auth
Access-Control-Request-Method
GET
Origin
https://www.fortinet.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Accept,Authorization,Content-Type,If-None-Match,x-pixel-auth
access-control-allow-methods
GET
access-control-allow-origin
https://www.fortinet.com
access-control-expose-headers
WWW-Authenticate,Server-Authorization
access-control-max-age
86400
cache-control
no-cache
content-length
0
date
Wed, 13 Nov 2024 15:12:19 GMT
server
nginx
strict-transport-security
max-age=15724800; includeSubdomains
RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
2 KB
1 KB
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d8d035718c0398cf5747619ac3ab6841befefe89040395fe94376d50e1599d29
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
755
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RC7be3d22b2fd6487ca9390477738587fe-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
819 B
781 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC7be3d22b2fd6487ca9390477738587fe-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
7bfb525912849c73e691a90795cb2e3ce02a95afa8b21db37208591610d75849
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
501
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RC407b573180554ea6b11eecdc31ecbd3f-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
819 B
780 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC407b573180554ea6b11eecdc31ecbd3f-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
fba345f22ace7548de35132830525fadbfde71c86c8191fca1b24e6f7dab7eb7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
499
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RC8c594cd344f84ab89afc779d8f53fff4-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
1 KB
835 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC8c594cd344f84ab89afc779d8f53fff4-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
6f8ea4bfcb15d37d8476e99bd6f64d88cca6fc000b8fa4cf0e06855a4710096d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
554
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RC5915f5d7e33546579cd5fd510349ed90-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
722 B
739 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC5915f5d7e33546579cd5fd510349ed90-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
0a8b3c914545d7ab159c36e40602b0c360897355b29cd8967fc83cb3e489a2d3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
458
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RC1d92f04752ae42a38e54de48cb85adf4-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
661 B
672 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC1d92f04752ae42a38e54de48cb85adf4-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
3ae06367235ffbfe4f618e57467802343ea96fa0235b4f953b7c928b1674b702
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
391
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RCf940460311f349b5af69d075bdef61d4-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
368 B
515 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RCf940460311f349b5af69d075bdef61d4-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
cf4179f9a669a40a63939143f20729f61b798e084db5124f008170868315281c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
234
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
754 B
728 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d742917b312cdf1c37ee321034219943eee051857fbf60833c90e449c43392c9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
447
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RCbbd24be21a0f4115a18f29bb3fee2a7a-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
2 KB
994 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RCbbd24be21a0f4115a18f29bb3fee2a7a-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
81e93e51e78a978d2c4dc717fb236195baba3623fdf924b70513b300914730f6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
713
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
1021 B
880 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
72996417e47cfa9d2e1d6695c304cc0830d33f5350191ab9d092d93738db9b1c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
600
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RCcd84e40d19c24776bef77836ab2f8df6-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
819 B
781 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RCcd84e40d19c24776bef77836ab2f8df6-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
da777cb7cdc9dbdf45de521b6c9bcd8fd370e17db390438f64ea29def6efca82
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
501
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RC4daaa3cd330f4ee2934602a98dab7c5f-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
388 B
522 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC4daaa3cd330f4ee2934602a98dab7c5f-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
b8084072016d0b8e5ad1a96a2bd64333d325d0c3ac55f45112bfaf353743ec59
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
242
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RC5c60a51709a94068afbf065e1448b617-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
664 B
681 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC5c60a51709a94068afbf065e1448b617-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
f57569593403f502d6e83f7ca44d3371a7f6e9b0c409561f69c73f22eb63f700
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
401
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RCf30ab81c91bc4e9c9063a3e8818e020f-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
706 B
730 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RCf30ab81c91bc4e9c9063a3e8818e020f-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
25f6404b0bab974a632fc3d8adfe559b6c9e85e2b461f47a915ed2796901f035
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
449
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
2 KB
1005 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
3e75053eb73861e42602ca4075a48ad1a004f507ca9949210cfd09517114cc72
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
724
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
966 B
832 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2086::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
e9e270584c7610f3031d6db0eeaabb7c4de7f595726d66d2a07844758a9c7b27
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:12:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
551
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
p
i.simpli.fi/
798 B
761 B
Script
General
Full URL
https://i.simpli.fi/p?cid=339566&cb=sifi_att_42656._hp
Requested by
Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/25f2dd15-02c6-4e7a-bc8b-c5722b49624d
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.171.47.125 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
125.47.171.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
a03a6cf82bf473066514f09a6d60422cd66f62acfaacb079570dc16fe34bd549

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-encoding
gzip
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
openresty
favicon.ico
www.fortinet.com/etc/designs/fortinet-blog/
318 B
2 KB
Other
General
Full URL
https://www.fortinet.com/etc/designs/fortinet-blog/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1f18:1492:1701:a964:c08d:f5eb:b0c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"13e-565c628eb6a00-gzip"
Age
1093005
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
nTYR25JCZuKAH1qgsu4HK3-Rr7pAkkqm3nmu97F6mTdqdr6AkckE4A==
Date
Thu, 31 Oct 2024 23:36:46 GMT
Content-Type
image/vnd.microsoft.icon
Last-Modified
Thu, 22 Feb 2018 05:17:28 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=2000000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
133
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
IAD61-P2
Server
Apache
spx
dx.mountain.com/
23 KB
6 KB
Script
General
Full URL
https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&cb=43033058566334330term=value
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.238.149.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-238-149-65.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
b44fed24004978fb34daa08252ace479cea7ed79c92e8db941cecd95b21a1ec0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

transfer-encoding
chunked
content-encoding
gzip
x-envoy-upstream-service-time
1
expires
Thu, 01 Jan 1970 00:00:00 GMT
be
spx-prod
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/javascript;charset=utf-8
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
server
istio-envoy
uwt.js
static.ads-twitter.com/
57 KB
16 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.44.157 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

vary
Accept-Encoding,Host
cache-control
no-cache
content-encoding
gzip
etag
"4328e910de583ad53b3a7a76455af005+gzip+gzip"
accept-ranges
bytes
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length
15926
date
Wed, 13 Nov 2024 15:12:19 GMT
x-tw-cdn
FT
last-modified
Tue, 29 Oct 2024 01:22:31 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-iad-kiad7000145-IAD, cache-nyc-kteb1890053-NYC
x-amz-server-side-encryption
AES256
insight.min.js
snap.licdn.com/li.lms-analytics/
40 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:6::17df:d14d Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=81622
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
14628
date
Wed, 13 Nov 2024 15:12:19 GMT
last-modified
Thu, 22 Aug 2024 11:06:54 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
events.js
tags.srv.stackadapt.com/
22 KB
7 KB
Script
General
Full URL
https://tags.srv.stackadapt.com/events.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.251.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-251-75.compute-1.amazonaws.com
Software
/
Resource Hash
e8b637d82026d2410903dd3e07f8f4f8b46fee5cf332769f3e136d7079b5b65b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-allow-origin
*
cache-control
max-age=5
content-encoding
gzip
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
text/javascript
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/px?id=1773420&t=2
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2
Protocol
H2
Server
68.67.179.166 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
208.252.80.24; 208.252.80.24; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
1814d9a6-bd24-4252-bb13-fbfabc5c2572
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 13 Nov 2024 15:12:19 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4

Redirect headers

cache-control
no-store, no-cache, private
location
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
208.252.80.24; 208.252.80.24; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
d8ef38a3-7483-4d59-a87e-ed14dea822ca
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 13 Nov 2024 15:12:19 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
bounce
ib.adnxs.com/
Redirect Chain
  • https://ib.adnxs.com/seg?add=36113683
  • https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683
Protocol
H2
Server
68.67.160.132 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
208.252.80.24; 208.252.80.24; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
5af096c5-afa6-450d-a9fd-e22af4ff80aa
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 13 Nov 2024 15:12:20 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4

Redirect headers

cache-control
no-store, no-cache, private
location
https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
208.252.80.24; 208.252.80.24; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
46db16b9-83f4-4d30-9979-74d06595aa85
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 13 Nov 2024 15:12:20 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
iztag.js
tags.inzynk.io/0ulh3gex/
34 B
443 B
Script
General
Full URL
https://tags.inzynk.io/0ulh3gex/iztag.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f9:1800:12:dfa9:e200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c0b4a76926bdb1cd2207319f82aa00def513ba7d0cbaf57ea4a21b64866f0869

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-encoding
x-amz-version-id
15XT7F8rursoJ6jHrhKIXrYdXTZkWasY
etag
"595f7fa79bc22a7029d2751228622eb4"
age
84142
via
1.1 cc3dab704d6aa33fe47fd3b876e1228e.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
34
x-amz-cf-id
-Zy1MZOjNy9W-rMM_dBm6PmLnHbQRo-8ZkX_lx2qCtJApmYvvNGyoQ==
date
Tue, 12 Nov 2024 15:50:41 GMT
content-type
application/octet-stream
last-modified
Thu, 05 Sep 2024 13:11:02 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P10
x-amz-server-side-encryption
AES256
dcm
s.amazon-adsystem.com/
Redirect Chain
  • https://um.simpli.fi/smaato
  • https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=58D823FA4EF84E62B213BE5E83BC1996
  • https://s.amazon-adsystem.com/dcm?pid=6c6fd2c8-c9f3-4a37-9a77-029dc3cc98b3&id=06c56c6b25&gdpr=0&gdpr_consent=
  • https://s.amazon-adsystem.com/dcm?pid=6c6fd2c8-c9f3-4a37-9a77-029dc3cc98b3&id=06c56c6b25&gdpr=0&gdpr_consent=&dcc=t
43 B
855 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=6c6fd2c8-c9f3-4a37-9a77-029dc3cc98b3&id=06c56c6b25&gdpr=0&gdpr_consent=&dcc=t
Protocol
HTTP/1.1
Server
98.82.157.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-82-157-231.compute-1.amazonaws.com
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid
1WSWGMJ6MK6AB3K9M8XY
Content-Length
43
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Date
Wed, 13 Nov 2024 15:12:20 GMT
Content-Type
image/gif
Vary
Content-Type,Accept-Encoding,User-Agent
Server
Server

Redirect headers

Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Location
https://s.amazon-adsystem.com/dcm?pid=6c6fd2c8-c9f3-4a37-9a77-029dc3cc98b3&id=06c56c6b25&gdpr=0&gdpr_consent=&dcc=t
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid
X1D5YVM9JW19STB3BWGS
Content-Length
0
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Date
Wed, 13 Nov 2024 15:12:20 GMT
Vary
Content-Type,Accept-Encoding,User-Agent
Server
Server
RX-0062a4f5-281f-4e09-9e6e-9e266c332d9b-005
sync.targeting.unrulymedia.com/csync/
Redirect Chain
  • https://um.simpli.fi/nexxen
  • https://sync.1rx.io/usersync/simplifi/58D823FA4EF84E62B213BE5E83BC1996
  • https://sync.1rx.io/usersync/simplifi/58D823FA4EF84E62B213BE5E83BC1996?zcc=1&cb=1731510735972
  • https://sync.targeting.unrulymedia.com/csync/RX-0062a4f5-281f-4e09-9e6e-9e266c332d9b-005
43 B
378 B
Image
General
Full URL
https://sync.targeting.unrulymedia.com/csync/RX-0062a4f5-281f-4e09-9e6e-9e266c332d9b-005
Protocol
H2
Server
69.194.240.13 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
/
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
date
Wed, 13 Nov 2024 15:12:20 GMT
content-length
43

Redirect headers

expires
0
cache-control
no-store, no-cache, must-revalidate
location
https://sync.targeting.unrulymedia.com/csync/RX-0062a4f5-281f-4e09-9e6e-9e266c332d9b-005
date
Wed, 13 Nov 2024 15:12:03 GMT
pragma
no-cache
content-type
text/html
xuid
eb2.3lift.com/
Redirect Chain
  • https://um.simpli.fi/triplelift
  • https://eb2.3lift.com/xuid?mid=7969&xuid=58D823FA4EF84E62B213BE5E83BC1996&dongle=yf3
  • https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=58D823FA4EF84E62B213BE5E83BC1996&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
37 B
474 B
Image
General
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=58D823FA4EF84E62B213BE5E83BC1996&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif

Redirect headers

cache-control
no-cache, no-store, must-revalidate
location
/xuid?ld=1&mid=7969&xuid=58D823FA4EF84E62B213BE5E83BC1996&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date
Wed, 13 Nov 2024 15:12:20 GMT
sync
simplifi.partners.tremorhub.com/
Redirect Chain
  • https://um.simpli.fi/telaria_p
  • https://simplifi.partners.tremorhub.com/sync?UISF=58D823FA4EF84E62B213BE5E83BC1996
43 B
175 B
Image
General
Full URL
https://simplifi.partners.tremorhub.com/sync?UISF=58D823FA4EF84E62B213BE5E83BC1996
Protocol
H2
Server
2600:1f18:612b:4216:8b4:d7c1:7102:1a81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
server
nginx

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://simplifi.partners.tremorhub.com/sync?UISF=58D823FA4EF84E62B213BE5E83BC1996
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 12 Nov 2024 15:12:19 GMT
access-control-allow-origin
*
content-length
142
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain
  • https://um.simpli.fi/tapad
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=58D823FA4EF84E62B213BE5E83BC1996
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=58D823FA4EF84E62B213BE5E83BC1996
95 B
426 B
Image
General
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=58D823FA4EF84E62B213BE5E83BC1996
Protocol
H2
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
Jetty(11.0.13) /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
95
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/png
server
Jetty(11.0.13)

Redirect headers

strict-transport-security
max-age=31536000
location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=58D823FA4EF84E62B213BE5E83BC1996
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
0
date
Wed, 13 Nov 2024 15:12:20 GMT
server
Jetty(11.0.13)
empty.gif
um.simpli.fi/
Redirect Chain
  • https://um.simpli.fi/ad_advisor
  • https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=58D823FA4EF84E62B213BE5E83BC1996
  • https://d.agkn.com/pixel/10751/?che=1731510740151&ip=208.252.80.24&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D214360605065013991114
  • https://um.simpli.fi/aa_px?sk=214360605065013991114
  • https://um.simpli.fi/empty.gif
43 B
361 B
Image
General
Full URL
https://um.simpli.fi/empty.gif
Protocol
H2
Server
34.170.123.2 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
2.123.170.34.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
access-control-allow-origin
*
content-length
43
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
location
/empty.gif
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-length
142
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain
  • https://um.simpli.fi/intentiq
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=58D823FA4EF84E62B213BE5E83BC1996
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=58D823FA4EF84E62B213BE5E83BC1996&ckls=true&ci=5wum5GjkM8&nc=false&trid=1335681020
43 B
1 KB
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=58D823FA4EF84E62B213BE5E83BC1996&ckls=true&ci=5wum5GjkM8&nc=false&trid=1335681020
Protocol
H2
Server
2600:9000:247b:3200:1b:6b7d:2300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 29117767a034875a8b49afd641f25d82.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
content-length
43
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
ClqLDdoGHFLehXhjkLcmhZPzJXMSf-vK7DjwLZCWTaIrg3OQwMh4AQ==

Redirect headers

patent
https://www.almondnet.com/ip
cache-control
no-cache, no-store, must-revalidate
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=58D823FA4EF84E62B213BE5E83BC1996&ckls=true&ci=5wum5GjkM8&nc=false&trid=1335681020
pragma
no-cache
via
1.1 29117767a034875a8b49afd641f25d82.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
Jnch-ONePnoNvofhuiOPvFsoWp7ZdltvS1bFNL82K6VykJQNvLloNg==
Pug
image2.pubmatic.com/AdServer/
Redirect Chain
  • https://um.simpli.fi/pubmatic
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:58D823FA4EF84E62B213BE5E83BC1996
42 B
552 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:58D823FA4EF84E62B213BE5E83BC1996
Protocol
H2
Server
207.65.37.184 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-store, no-cache, private
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif; charset=utf-8
server
nginx

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:58D823FA4EF84E62B213BE5E83BC1996
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 12 Nov 2024 15:12:19 GMT
access-control-allow-origin
*
content-length
142
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
user-registering
ads.stickyadstv.com/
Redirect Chain
  • https://um.simpli.fi/freewheel
  • https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=58D823FA4EF84E62B213BE5E83BC1996
43 B
655 B
Image
General
Full URL
https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=58D823FA4EF84E62B213BE5E83BC1996
Protocol
HTTP/1.1
Server
63.251.28.211 Secaucus, United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache
Pragma
no-cache
x-sticky-vk
1731510740229046-140
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Date
Wed, 13 Nov 2024 15:12:20 GMT
Content-Type
image/gif
Server
nginx

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=58D823FA4EF84E62B213BE5E83BC1996
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 12 Nov 2024 15:12:19 GMT
access-control-allow-origin
*
content-length
142
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
engine
pbid.pro-market.net/
Redirect Chain
  • https://um.simpli.fi/dtnx
  • https://fei.pro-market.net/engine?du=24;csync=58D823FA4EF84E62B213BE5E83BC1996;mimetype=img;
  • https://fei.pro-market.net/engine?du=24;csync=58D823FA4EF84E62B213BE5E83BC1996;mimetype=img;sr
  • https://cms.analytics.yahoo.com/cms?partner_id=DATCS
  • https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS
  • https://pbid.pro-market.net/engine?du=81&mimetype=img&csync=y-T5lmfKBE2pTQYArgTwdzNCIx8jw.C_rWjNo-~A
43 B
420 B
Image
General
Full URL
https://pbid.pro-market.net/engine?du=81&mimetype=img&csync=y-T5lmfKBE2pTQYArgTwdzNCIx8jw.C_rWjNo-~A
Protocol
H2
Server
2600:1901:0:8eee:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
anserver
gapp4.c.datonics-gcp-01.internal
expires
Mon, 1 Jan 1990 0:0:0 GMT
access-control-allow-origin
*
alt-svc
clear
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
content-length
43
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
server
Apache-Coyote/1.1

Redirect headers

strict-transport-security
max-age=31536000
location
https://pbid.pro-market.net/engine?du=81&mimetype=img&csync=y-T5lmfKBE2pTQYArgTwdzNCIx8jw.C_rWjNo-~A
age
0
referrer-policy
no-referrer-when-downgrade
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
text/html
server
ATS
/
loadm.exelator.com/load/
Redirect Chain
  • https://um.simpli.fi/exelatem
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=58D823FA4EF84E62B213BE5E83BC1996&j=0
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=58D823FA4EF84E62B213BE5E83BC1996&j=0&xl8blockcheck=1
0
771 B
Image
General
Full URL
https://loadm.exelator.com/load/?p=204&g=2191&simid=58D823FA4EF84E62B213BE5E83BC1996&j=0&xl8blockcheck=1
Protocol
H2
Server
34.229.3.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-229-3-43.compute-1.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
date
Wed, 13 Nov 2024 15:12:20 GMT
x-powered-by
Undertow/1
server
nginx
access-control-allow-credentials
true

Redirect headers

cache-control
no-cache
location
https://loadm.exelator.com/load/?p=204&g=2191&simid=58D823FA4EF84E62B213BE5E83BC1996&j=0&xl8blockcheck=1
access-control-allow-credentials
true
content-length
0
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
x-powered-by
Undertow/1
server
nginx
sync
ups.analytics.yahoo.com/ups/55964/
Redirect Chain
  • https://um.simpli.fi/yahoo
  • https://ups.analytics.yahoo.com/ups/55964/sync?uid=58D823FA4EF84E62B213BE5E83BC1996
  • https://ups.analytics.yahoo.com/ups/55964/sync?uid=58D823FA4EF84E62B213BE5E83BC1996&verify=true
0
123 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/55964/sync?uid=58D823FA4EF84E62B213BE5E83BC1996&verify=true
Protocol
H2
Server
2001:4998:14:800::1001 , United States, ASN14777 (YAHOO, US),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date
Wed, 13 Nov 2024 15:12:20 GMT
age
0
content-type
text/html
server
ATS
referrer-policy
no-referrer-when-downgrade

Redirect headers

strict-transport-security
max-age=31536000
location
https://ups.analytics.yahoo.com/ups/55964/sync?uid=58D823FA4EF84E62B213BE5E83BC1996&verify=true
age
0
referrer-policy
no-referrer-when-downgrade
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
text/html
server
ATS
sync
sync.bfmio.com/
Redirect Chain
  • https://um.simpli.fi/beachfront
  • https://sync.bfmio.com/sync?pid=141&uid=58D823FA4EF84E62B213BE5E83BC1996
0
421 B
Image
General
Full URL
https://sync.bfmio.com/sync?pid=141&uid=58D823FA4EF84E62B213BE5E83BC1996
Protocol
HTTP/1.1
Server
3.218.41.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-218-41-45.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Date
Wed, 13 Nov 2024 15:12:19 GMT
Connection
keep-alive

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://sync.bfmio.com/sync?pid=141&uid=58D823FA4EF84E62B213BE5E83BC1996
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 12 Nov 2024 15:12:19 GMT
access-control-allow-origin
*
content-length
142
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
29931
stags.bluekai.com/site/
Redirect Chain
  • https://um.simpli.fi/bluekai
  • https://stags.bluekai.com/site/29931?id=58D823FA4EF84E62B213BE5E83BC1996
27 B
27 B
Image
General
Full URL
https://stags.bluekai.com/site/29931?id=58D823FA4EF84E62B213BE5E83BC1996
Protocol
HTTP/1.1
Server
23.39.37.118 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-39-37-118.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5607bc0b49036b5f13acf3f5767e0fb2fb947f5369bda253939e78e2b11f85b4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Connection
keep-alive
Expires
Wed, 13 Nov 2024 15:12:20 GMT
Content-Length
27
Date
Wed, 13 Nov 2024 15:12:20 GMT
AK-GRN
0.0b933617.1731510740.df242f
Content-Type
text/html

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://stags.bluekai.com/site/29931?id=58D823FA4EF84E62B213BE5E83BC1996
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 12 Nov 2024 15:12:19 GMT
access-control-allow-origin
*
content-length
142
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
tpid=58D823FA4EF84E62B213BE5E83BC1996
bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/
Redirect Chain
  • https://um.simpli.fi/crwdcntrl
  • https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=58D823FA4EF84E62B213BE5E83BC1996
  • https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=58D823FA4EF84E62B213BE5E83BC1996
49 B
263 B
Image
General
Full URL
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=58D823FA4EF84E62B213BE5E83BC1996
Protocol
H2
Server
35.175.35.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-175-35-80.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache
pragma
no-cache
expires
0
access-control-allow-origin
*
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
49
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
x-server
10.40.52.1
server
Jetty(9.4.38.v20210224)

Redirect headers

cache-control
no-cache
location
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=58D823FA4EF84E62B213BE5E83BC1996
pragma
no-cache
expires
0
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
0
date
Wed, 13 Nov 2024 15:12:20 GMT
x-server
10.40.6.109
server
Jetty(9.4.38.v20210224)
merge
ce.lijit.com/
Redirect Chain
  • https://um.simpli.fi/lj_match
  • https://ce.lijit.com/merge?pid=2&3pid=58D823FA4EF84E62B213BE5E83BC1996
  • https://ce.lijit.com/merge?pid=2&3pid=58D823FA4EF84E62B213BE5E83BC1996&dnr=1
43 B
511 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=2&3pid=58D823FA4EF84E62B213BE5E83BC1996&dnr=1
Protocol
H2
Server
54.166.218.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-166-218-157.compute-1.amazonaws.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma
no-cache
expires
Fri, 20 Mar 2009 00:00:00 GMT
content-length
43
p3p
CP="CUR ADM OUR NOR STA NID"
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
vary
Accept-Encoding

Redirect headers

cache-control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
location
https://ce.lijit.com/merge?pid=2&3pid=58D823FA4EF84E62B213BE5E83BC1996&dnr=1
pragma
no-cache
expires
Fri, 20 Mar 2009 00:00:00 GMT
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Wed, 13 Nov 2024 15:12:20 GMT
vary
Accept-Encoding
db_sync
px.ads.linkedin.com/
Redirect Chain
  • https://um.simpli.fi/liveramp_match
  • https://idsync.rlcdn.com/419566.gif?partner_uid=58D823FA4EF84E62B213BE5E83BC1996
  • https://idsync.rlcdn.com/1000.gif?memo=CO7NGRIrCicIARDuJBogNThEODIzRkE0RUY4NEU2MkIyMTNCRTVFODNCQzE5OTYQABoNCNSD07kGEgUI6AcQAEIASgA
  • https://pippio.com/api/sync?pid=5324&it=1&iv=723db2e5727567ce05d8da08249bb15f719dbb551995314fc56a318c0f1bc18c791426b5417dce21&_=2
  • https://px.ads.linkedin.com/db_sync?pid=10339&puuid=723db2e5727567ce05d8da08249bb15f719dbb551995314fc56a318c0f1bc18c791426b5417dce21&rand=04382946
0
143 B
Image
General
Full URL
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=723db2e5727567ce05d8da08249bb15f719dbb551995314fc56a318c0f1bc18c791426b5417dce21&rand=04382946
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 1B7D7B18B36944B2845F25328CEC1086 Ref B: PHL30EDGE0218 Ref C: 2024-11-13T15:12:20Z
x-li-fabric
prod-ltx1
x-li-uuid
AAYmzMKePElv02FxzB+KnQ==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Wed, 13 Nov 2024 15:12:20 GMT

Redirect headers

cache-control
no-cache, no-store
timing-allow-origin
*
location
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=723db2e5727567ce05d8da08249bb15f719dbb551995314fc56a318c0f1bc18c791426b5417dce21&rand=04382946
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length
0
date
Wed, 13 Nov 2024 15:12:20 GMT
/
www.google.com/pagead/1p-conversion/1026675585/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/1026675585/?random=1731510739555&cv=7&fst=1731510739555&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=1982491961&cv=7&fst=1731510739555&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLH...
  • https://www.google.com/pagead/1p-conversion/1026675585/?random=1982491961&cv=7&fst=1731510739555&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHD...
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-conversion/1026675585/?random=1982491961&cv=7&fst=1731510739555&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAgilxrEC&pscrd=IhMIg5rYlMzZiQMVKVRHAR06qx_MMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v&is_vtc=1&cid=CAQSGwCa7L7dyLzI3BXre_leai5kL-ubKa-t8WbwAw&random=3884899340
Protocol
H3
Server
2607:f8b0:4006:81f::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 13 Nov 2024 15:12:20 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
location
https://www.google.com/pagead/1p-conversion/1026675585/?random=1982491961&cv=7&fst=1731510739555&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAgilxrEC&pscrd=IhMIg5rYlMzZiQMVKVRHAR06qx_MMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v&is_vtc=1&cid=CAQSGwCa7L7dyLzI3BXre_leai5kL-ubKa-t8WbwAw&random=3884899340
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
42
date
Wed, 13 Nov 2024 15:12:20 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
spotx_match
um.simpli.fi/
0
272 B
Image
General
Full URL
https://um.simpli.fi/spotx_match
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.170.123.2 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
2.123.170.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-allow-methods
GET, POST, OPTIONS
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-origin
*
date
Wed, 13 Nov 2024 15:12:19 GMT
x-content-type-options
nosniff
setuid
ib.adnxs.com/
Redirect Chain
  • https://um.simpli.fi/an
  • https://ib.adnxs.com/setuid?entity=66&code=58D823FA4EF84E62B213BE5E83BC1996
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=66&code=58D823FA4EF84E62B213BE5E83BC1996
Protocol
H2
Server
68.67.160.132 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
208.252.80.24; 208.252.80.24; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
0b5b2c3a-205d-4211-8164-71989624e547
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 13 Nov 2024 15:12:20 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://ib.adnxs.com/setuid?entity=66&code=58D823FA4EF84E62B213BE5E83BC1996
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 12 Nov 2024 15:12:19 GMT
access-control-allow-origin
*
content-length
142
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
tap.php
pixel.rubiconproject.com/
Redirect Chain
  • https://um.simpli.fi/rb_match
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=58D823FA4EF84E62B213BE5E83BC1996&expires=365
42 B
1 KB
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=58D823FA4EF84E62B213BE5E83BC1996&expires=365
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
9e7742894a018a40b59a2ed2117c85b5
Pragma
no-cache
content-length
42
Content-Type
image/gif

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=58D823FA4EF84E62B213BE5E83BC1996&expires=365
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 12 Nov 2024 15:12:19 GMT
access-control-allow-origin
*
content-length
142
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://um.simpli.fi/ox_match
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=58D823FA4EF84E62B213BE5E83BC1996
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=58D823FA4EF84E62B213BE5E83BC1996
43 B
171 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=58D823FA4EF84E62B213BE5E83BC1996
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
private, max-age=0, no-cache
pragma
no-cache
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
p3p
CP="CUR ADM OUR NOR STA NID"
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
vary
Accept
server
OXGW/0.0.0

Redirect headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
location
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=58D823FA4EF84E62B213BE5E83BC1996
p3p
CP="CUR ADM OUR NOR STA NID"
content-length
0
date
Wed, 13 Nov 2024 15:12:19 GMT
server
OXGW/0.0.0
g_match
um.simpli.fi/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=
  • https://um.simpli.fi/g_match?id=&google_gid=CAESEH2uaJHf5A9UnZUYbjP0Xzo&google_cver=1
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=58D823FA4EF84E62B213BE5E83BC1996
  • https://um.simpli.fi/g_match?id=
0
320 B
Image
General
Full URL
https://um.simpli.fi/g_match?id=
Protocol
H2
Server
34.170.123.2 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
2.123.170.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
expires
Tue, 12 Nov 2024 15:12:20 GMT
access-control-allow-origin
*
date
Wed, 13 Nov 2024 15:12:20 GMT
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

cache-control
no-cache, must-revalidate
location
https://um.simpli.fi/g_match?id=
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
229
date
Wed, 13 Nov 2024 15:12:20 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims
abm-tracking.demandscience.com/page-tracking/fortinet_2712/
2 B
665 B
Script
General
Full URL
https://abm-tracking.demandscience.com/page-tracking/fortinet_2712/https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims?visitorId=0ac9c017dfdd772893a32ead8dfce3c5_1731510739844&&clientId=undefined&&cookieEnabled=true
Requested by
Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate
Pragma
no-cache
ETag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Connection
keep-alive
Access-Control-Allow-Methods
GET, POST, OPTIONS, PUT, PATCH, DELETE
Expires
-1
Access-Control-Allow-Origin
*
Content-Length
2
Date
Wed, 13 Nov 2024 15:12:19 GMT
Content-Type
application/json; charset=utf-8
X-Powered-By
Express
Server
nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
attribution_trigger
px.ads.linkedin.com/
2 B
764 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=7120%2C2159050%2C4628290%2C6313418&time=1731510739874&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
*
Referer
https://www.fortinet.com/

Response headers

x-li-pop
afd-prod-lva1-x
content-encoding
gzip
x-fs-uuid
000626ccc295488a4f39cfd7c0c9c814
x-msedge-ref
Ref A: 4378AE61DAC94EB886957B869A81A836 Ref B: PHL30EDGE0422 Ref C: 2024-11-13T15:12:20Z
x-li-fabric
prod-lva1
x-restli-protocol-version
1.0.0
access-control-allow-methods
GET, OPTIONS
x-li-uuid
AAYmzMKVSIpPOc/XwMnIFA==
x-li-proto
http/2
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/json
access-control-allow-headers
*
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290%2C6313418&time=1731510739874&li_adsId=db161ea0-4a6e-4b18-8718-59a666b33f4e&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fth...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290%2C6313418&time=1731510739874&li_adsId=db161ea0-4a6e-4b18-8718-59a666b33f4e&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fth...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%252C2159050%252C4628290%252C6313418%26time%3D1731510739874%26li_adsId%3Ddb16...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290%2C6313418&time=1731510739874&li_adsId=db161ea0-4a6e-4b18-8718-59a666b33f4e&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fth...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290%2C6313418&time=1731510739874&li_adsId=db161ea0-4a6e-4b18-8718-59a666b33f4e&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Ft...
0
485 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290%2C6313418&time=1731510739874&li_adsId=db161ea0-4a6e-4b18-8718-59a666b33f4e&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&cookiesTest=true&liSync=true&e_ipv6=AQLGuJ8tZ4JDywAAAZMmFSaUcm4CMpqtCRon0VsMAkSF-OCS1HYxo53ive5frEN2XReE7HU0GQ
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 90AF72A702AA45B3A8A04B882E5CBD10 Ref B: PHL30EDGE0121 Ref C: 2024-11-13T15:12:20Z
x-li-fabric
prod-ltx1
x-li-uuid
AAYmzMKhYw6siVo8SukhjA==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
application/javascript

Redirect headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290%2C6313418&time=1731510739874&li_adsId=db161ea0-4a6e-4b18-8718-59a666b33f4e&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&cookiesTest=true&liSync=true&e_ipv6=AQLGuJ8tZ4JDywAAAZMmFSaUcm4CMpqtCRon0VsMAkSF-OCS1HYxo53ive5frEN2XReE7HU0GQ
x-msedge-ref
Ref A: B22D03DCABD24B59BA5E00A5A2F66731 Ref B: PHL30EDGE0218 Ref C: 2024-11-13T15:12:20Z
x-li-fabric
prod-ltx1
x-li-uuid
AAYmzMKeYbXA9CgmSL5L5g==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Wed, 13 Nov 2024 15:12:20 GMT
gtm.js
www.googletagmanager.com/
192 KB
69 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M4NSPPXN
Requested by
Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2ad27005e8e532248d8ea6ff8adf38a4bb50d9f26f4745c6971beff60a9ef0e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Wed, 13 Nov 2024 15:12:19 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 13 Nov 2024 15:12:19 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
70478
x-xss-protection
0
server
Google Tag Manager
adsct
t.co/i/
43 B
628 B
Image
General
Full URL
https://t.co/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=cbfdf1ec-4664-497f-a03b-ca950ea69184&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c5d52de0-3880-4574-a452-fcffab763152&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.31
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=0
x-transaction-id
1689bdcfeb190f9d
cache-control
no-cache, no-store, max-age=0
x-connection-hash
0923856c175817b3ede02433b3b0ee62ee4857eebbb5f12cce0c3140b769f0d5
cf-cache-status
DYNAMIC
cf-ray
8e1fb30e6f8a4cb1-PHL
x-response-time
7
content-length
43
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif;charset=utf-8
perf
7402827104
server
cloudflare tsa_b
adsct
analytics.twitter.com/i/
43 B
239 B
Image
General
Full URL
https://analytics.twitter.com/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=cbfdf1ec-4664-497f-a03b-ca950ea69184&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c5d52de0-3880-4574-a452-fcffab763152&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.31
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=631138519
x-transaction-id
009adc82887f9018
cache-control
no-cache, no-store, max-age=0
x-connection-hash
590d615c1fb67791e74808ad931600f16fecb64e9187878e511f2ea2c3dd88fd
x-response-time
73
content-length
43
date
Wed, 13 Nov 2024 15:12:20 GMT
perf
7402827104
content-type
image/gif;charset=utf-8
server
tsa_b
adsct
t.co/i/
43 B
468 B
Image
General
Full URL
https://t.co/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=7648d215-d16a-4be1-bf8e-2335377a69b5&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c5d52de0-3880-4574-a452-fcffab763152&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.31
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=0
x-transaction-id
3072e14d0c74b3f9
cache-control
no-cache, no-store, max-age=0
x-connection-hash
1803b94ba78eb0cb16f3544a8350cdfe4480217c835592642a45796eb1a82ccb
cf-cache-status
DYNAMIC
cf-ray
8e1fb30e9faa4cb1-PHL
x-response-time
4
content-length
43
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif;charset=utf-8
perf
7402827104
server
cloudflare tsa_b
adsct
analytics.twitter.com/i/
43 B
214 B
Image
General
Full URL
https://analytics.twitter.com/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=7648d215-d16a-4be1-bf8e-2335377a69b5&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c5d52de0-3880-4574-a452-fcffab763152&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.31
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=631138519
x-transaction-id
275693c5105af037
cache-control
no-cache, no-store, max-age=0
x-connection-hash
590d615c1fb67791e74808ad931600f16fecb64e9187878e511f2ea2c3dd88fd
x-response-time
79
content-length
43
date
Wed, 13 Nov 2024 15:12:19 GMT
perf
7402827104
content-type
image/gif;charset=utf-8
server
tsa_b
new-campaign-uses-remcos-rat-to-exploit-victims;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4036147131945.669
10104846.fls.doubleclick.net/activityi;dc_pre=CNq23ZTM2YkDFYuKdwEdhXE8uQ;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/ Frame 7E66
Redirect Chain
  • https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims;dc_lat=;dc_rdi...
  • https://10104846.fls.doubleclick.net/activityi;dc_pre=CNq23ZTM2YkDFYuKdwEdhXE8uQ;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat...
0
0
Document
General
Full URL
https://10104846.fls.doubleclick.net/activityi;dc_pre=CNq23ZTM2YkDFYuKdwEdhXE8uQ;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4036147131945.669?
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.176.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
2171
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 13 Nov 2024 15:12:20 GMT
expires
Wed, 13 Nov 2024 15:12:20 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 13 Nov 2024 15:12:20 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10104846.fls.doubleclick.net/activityi;dc_pre=CNq23ZTM2YkDFYuKdwEdhXE8uQ;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4036147131945.669?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
fbevents.js
connect.facebook.net/en_US/
239 KB
61 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-v23xdvCb' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-v23xdvCb' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=30, rtx=0, c=23, mss=1232, tbw=5678, tp=10, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
cqhplflBozFu3U152+HzGUm9mbg63m0C4N51UHngjgUp9Fc0hGWxZg97agg7WehoPhUMVDLb6Z/jE/Kcb1+ztw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
cross-origin-opener-policy-report-only
restrict-properties;report-to="coop_report"
content-length
62107
x-xss-protection
0
origin-agent-cluster
?1
siteanalyze_6033413.js
siteimproveanalytics.com/js/
39 KB
12 KB
Script
General
Full URL
https://siteimproveanalytics.com/js/siteanalyze_6033413.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:a3ed , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a44bc40527e09426a4c58aa907fdf72074591ea0bcfee1e8c6b2c7056a9eb91

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"a40813329b017a9369f4c5bd8b5d182e"
age
37
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=52RQTnV%2FjuQDULuKCRCxjMEHCoQlC3k%2FyuHGL70QA58wVguIYLdW6hPxl9njCU8mrn9fodF62qWHDcFakzGsxKC97ZF2xG7CrwRJYkKA1FCbt1hFsszRkXa2BlxI0vupO0ZuQsFuJWLLbdF4RbLf6jp%2BiVYYG48%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=21791&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4144&recv_bytes=4189&delivery_rate=133989&cwnd=12000&unsent_bytes=0&cid=3d202912e3fcb794&ts=60&x=1", cfHdrFlush;dur=0
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
application/javascript; charset=utf-8
last-modified
Tue, 29 Oct 2024 20:11:40 GMT
vary
Accept-Encoding
x-amz-id-2
ekoWlz30xPceIuVLy+sJAgdnD2brVdiav0hndwg1Iyu0pc2SPLrAUtYgCqKK3+oJNfLuJppv5no=
cache-control
max-age=86400, no-transform
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
YPV10XEMGS9D7PD1
cf-ray
8e1fb30f7f8441e7-EWR
accept-ranges
bytes
content-length
11710
server
cloudflare
adsct
t.co/i/
43 B
164 B
Image
General
Full URL
https://t.co/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=0dedaf08-8a3d-4e50-8104-02fff65ec403&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c5d52de0-3880-4574-a452-fcffab763152&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.31
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=0
x-transaction-id
35fabbb86aba24e5
cache-control
no-cache, no-store, max-age=0
x-connection-hash
4efc52058a77eee0114bb95f82bce05604971c15a04bdfafa36e6e234f7e65ee
cf-cache-status
DYNAMIC
cf-ray
8e1fb30eefe04cb1-PHL
x-response-time
6
content-length
43
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif;charset=utf-8
perf
7402827104
server
cloudflare tsa_b
adsct
analytics.twitter.com/i/
43 B
395 B
Image
General
Full URL
https://analytics.twitter.com/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=0dedaf08-8a3d-4e50-8104-02fff65ec403&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c5d52de0-3880-4574-a452-fcffab763152&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.31
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=631138519
x-transaction-id
3bb136029f997001
cache-control
no-cache, no-store, max-age=0
x-connection-hash
590d615c1fb67791e74808ad931600f16fecb64e9187878e511f2ea2c3dd88fd
x-response-time
70
content-length
43
date
Wed, 13 Nov 2024 15:12:19 GMT
perf
7402827104
content-type
image/gif;charset=utf-8
server
tsa_b
sa.css
tags.srv.stackadapt.com/
65 B
203 B
Stylesheet
General
Full URL
https://tags.srv.stackadapt.com/sa.css
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.251.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-251-75.compute-1.amazonaws.com
Software
/
Resource Hash
6a55f65c22ab35a8243f6c26495b55dc81e863a099b175b771b3aadc7b3f46be

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-allow-origin
*
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
65
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
text/css
sa.jpeg
tags.srv.stackadapt.com/
0
2 KB
Fetch
General
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.251.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-251-75.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-allow-origin
*
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
651
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/jpeg
is
44.212.189.233/
32 B
437 B
Fetch
General
Full URL
https://44.212.189.233/is?cb=1731510739997
Requested by
Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&cb=43033058566334330term=value
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.212.189.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-212-189-233.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
56545befdf38d8ebd6d73c09b898c6911ef2684434bc1364f7c4c2a8db1f6c1c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

x-envoy-upstream-service-time
1
connection
close
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
x-application-context
application:prod:8080
content-length
32
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
text/plain;charset=utf-8
server
istio-envoy
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header
tracking
tracking.contanuity.com/
2 B
769 B
Script
General
Full URL
https://tracking.contanuity.com/tracking?visitorId=0ac9c017dfdd772893a32ead8dfce3c5_1731510739844&&clientId=undefined&&cookieEnabled=true
Requested by
Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.203.236.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-203-236-163.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate
Pragma
no-cache
ETag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Connection
keep-alive
Access-Control-Allow-Methods
GET, POST, OPTIONS, PUT, PATCH, DELETE
Expires
-1
Access-Control-Allow-Origin
*
Content-Length
2
Date
Wed, 13 Nov 2024 15:12:20 GMT
Content-Type
application/json; charset=utf-8
X-Powered-By
Express
Server
nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
/
webtracker.argusplatform.com/wh/track/
205 B
469 B
XHR
General
Full URL
https://webtracker.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1731510739707166422&event_type=page_request&timestamp=1731510740&page_title=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&page_url_referer=
Requested by
Host: tmp.argusplatform.com
URL: https://tmp.argusplatform.com/js/wid.tracker.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

request-context
appId=cid-v1:ead16ead-3a47-42dd-aec9-91a1bbb42ff5
strict-transport-security
max-age=31536000
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Wed, 13 Nov 2024 15:12:21 GMT
content-type
application/json; charset=utf-8
x-azure-ref
20241113T151220Z-174f7845968t42glhC1EWRa36w00000007wg000000009pwd
saq_pxl
tags.srv.stackadapt.com/
138 B
333 B
XHR
General
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=NZlTqtu9vowXrexrDZrWUA&is_js=true&landing_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&t=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&tip=mL-Q2Q8ObzbFdOglkPd-S9LFL-bFuJndVjGdJL53MKg&host=https%3A%2F%2Fwww.fortinet.com&sa_conv_data_css_value=%270-202593fd-4e89-532f-5167-a85516dbed03%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9202593fd4e89532f5167a85516dbed03d0fc5018&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIMKb0x4pfje0aypqNOina6wGe9TqoC3TACkjC8sOQAMgEAEYAyDTg9O5BjABOgRCK7SgQgRhsaUK.70Ezbc76WxSVDox8nkTO5OpX%252BjpuUul8%252F4iE%252B95S4xs&sa-user-id-v2=s%253AICWT_U6JUy9RZ6hVFtvtA9D8UBg.89Pl3ljTVBT%252BFcxXGEGQ%252FnYVaYFDyFYX1lZoTtA19yc&sa-user-id=s%253A0-202593fd-4e89-532f-5167-a85516dbed03.cf9A%252Bb7ZfhZnRBPSy6bxA0DauqyZSbjyQ52YuRMyvyU
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.251.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-251-75.compute-1.amazonaws.com
Software
/
Resource Hash
e1132f3948b84a67d82e91f47f44d9d8dbbbe4b8c86bcbcf1c0774bb73ccfbc0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-allow-methods
GET
access-control-allow-origin
https://www.fortinet.com
content-length
138
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
text/plain; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
*
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A20%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A19%20GMT%22%2C%22timeSpent%22%3A%221007%22%2C%22totalTimeSpent%22%3A%222017%22%7D&isIframe=false&m=%7B%22description%22%3A%22See%20how%20threat%20actors%20have%20abused%20Remcos%20to%20collect%20sensitive%20information%20from%20victims%20and%20remotely%20control%20their%20computers%20to%20perform%20further%20malicious%20acts.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Crat%22%2C%22title%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=ab08ebfe-e80d-4ace-8fd2-aeebfd13dcf2&ipv6=2600%3A803%3Aa88%3A3024%3A%3A24&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f020a0-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:20 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
tag.aspx
ml314.com/
38 KB
39 KB
Script
General
Full URL
https://ml314.com/tag.aspx?1310
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=6sDw2Q==, md5=YyYW/xWCXwMKqzORpY7wQg==
etag
"632616ff15825f030aab3391a58ef042"
age
2682
x-goog-stored-content-encoding
identity
x-cache-hit
hit
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
39162
date
Wed, 13 Nov 2024 14:27:38 GMT
last-modified
Wed, 24 Jul 2024 19:30:50 GMT
content-type
application/javascript
x-guploader-uploadid
AHmUCY0WAE4XjEVcRcZdmhd9b1PyAFoMj8yVWupGp17JRROGLqCH4xZEZs_ly80IJX1na3LPMv0
cache-control
public,max-age=3600
x-goog-storage-class
STANDARD
via
1.1 google
cache-id
LGA-12baf686
accept-ranges
bytes
x-goog-generation
1721849450340665
content-length
39162
server
UploadServer
sa.jpeg
tags.srv.stackadapt.com/
0
0
Fetch
General
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.251.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-251-75.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-allow-origin
*
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
651
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/jpeg
177020962864941
connect.facebook.net/signals/config/
68 KB
13 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/177020962864941?v=2.9.176&r=stable&domain=www.fortinet.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
21e1e9c369a99c9d0666d9c115a107d9df16a8a44119fd650fee9f52802269bd
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-NuwoSh8T' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-NuwoSh8T' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=68, mss=1232, tbw=71566, tp=66, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
f7/RmzqEWKm5TN/H1Rz0KlQS9h+otuUaWH3GEvkOVmSpS+UK0zRUozjBn5BMC+uTPngOQ6CuMfhHfnw0/k/pCA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
13472
x-xss-protection
0
origin-agent-cluster
?1
image.aspx
6033413.global.siteimproveanalytics.io/
34 B
149 B
Image
General
Full URL
https://6033413.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&title=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&res=1600x1200&accountid=6033413&rt=4384&prev=5be3e3ec-6614-16b7-cf86-9e47dab9e67d&luid=9038efaa-1a7d-28a8-430b-8f567bf63f0e&rnd=69954
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.203.153 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-203-153.compute-1.amazonaws.com
Software
/
Resource Hash
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

expires
Wed, 13 Nov 2024 15:12:20 UTC
cache-control
max-age=0
content-length
34
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
saq_pxl
tags.srv.stackadapt.com/
138 B
333 B
XHR
General
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=kcdPQbWRrikzOaW0iSiObg&is_js=true&landing_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&t=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&tip=mL-Q2Q8ObzbFdOglkPd-S9LFL-bFuJndVjGdJL53MKg&host=https%3A%2F%2Fwww.fortinet.com&sa_conv_data_css_value=%270-202593fd-4e89-532f-5167-a85516dbed03%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9202593fd4e89532f5167a85516dbed03d0fc5018&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIMKb0x4pfje0aypqNOina6wGe9TqoC3TACkjC8sOQAMgEAEYAyDTg9O5BjABOgRCK7SgQgRhsaUK.70Ezbc76WxSVDox8nkTO5OpX%252BjpuUul8%252F4iE%252B95S4xs&sa-user-id-v2=s%253AICWT_U6JUy9RZ6hVFtvtA9D8UBg.89Pl3ljTVBT%252BFcxXGEGQ%252FnYVaYFDyFYX1lZoTtA19yc&sa-user-id=s%253A0-202593fd-4e89-532f-5167-a85516dbed03.cf9A%252Bb7ZfhZnRBPSy6bxA0DauqyZSbjyQ52YuRMyvyU
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.251.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-251-75.compute-1.amazonaws.com
Software
/
Resource Hash
1ebf4765c39e042319d8cc3f4070ef97c89b6e18a3f28bcec0bb7e58a9042a8f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-allow-methods
GET
access-control-allow-origin
https://www.fortinet.com
content-length
138
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
text/plain; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
*
/
www.facebook.com/tr/
0
19 B
Image
General
Full URL
https://www.facebook.com/tr/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&rl=&if=false&ts=1731510740580&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1731510740578.353769812550599498&ler=empty&cdl=API_unavailable&it=1731510740509&coo=false&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=21, rtx=0, c=23, mss=1232, tbw=5725, tp=11, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
197 B
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&rl=&if=false&ts=1731510740580&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1731510740578.353769812550599498&ler=empty&cdl=API_unavailable&it=1731510740509&coo=false&rqm=FGET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7436782002305436903"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xf77e856888256f1c","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"3":["1473595392721544"]},"debug_reporting":true,"debug_key":"3461889840863967343"}
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/png
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7436782002305436903", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-debug
za2K/lMREAQC5nyVfG0E1NyfUreAcmo1fKtRJwUoxr36f2YlrJdeIAkHpXsEX/UHuW6IE9S/i/Z3/PPO+m+osw==
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=22, rtx=0, c=23, mss=1232, tbw=6093, tp=14, tpl=0, uplat=88, ullat=0
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
utsync.ashx
ml314.com/
641 B
1 KB
Script
General
Full URL
https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=54820&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pv=1731510740628_q8vgu17h9&bl=en-us&cb=1309409&return=&ht=&d=&dc=&si=1731510740628_q8vgu17h9&cid=&s=1600x1200&rp=&v=2.7.4.212
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?1310
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
c1ba332c1c476b99b15fde5005ff7881b7dc8f930b0daa85b47ddefaf9d2115b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 google
expires
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
application/javascript
server
Google Frontend
ibs:dpid=22052&dpuuid=3648398715617542195&redir=
dpm.demdex.net/
42 B
716 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3648398715617542195&redir=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.197.70.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-197-70-51.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-va6-1-v068-0f9ed70aa.edge-va6.demdex.com 3 ms
content-encoding
gzip
pragma
no-cache
x-content-type-options
nosniff
x-tid
tgk50MDUSpo=
expires
Thu, 01 Jan 1970 00:00:00 UTC
content-length
59
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
csync.ashx
ml314.com/
Redirect Chain
  • https://idsync.rlcdn.com/395886.gif?partner_uid=3648398715617542195
  • https://ml314.com/csync.ashx?fp=ba83b506a8a851606647747a525c087bb753ef7c94cf7c5b561b7efbbc3da039f4cb09cee1a4f8eb&person_id=3648398715617542195&eid=50082
43 B
56 B
Image
General
Full URL
https://ml314.com/csync.ashx?fp=ba83b506a8a851606647747a525c087bb753ef7c94cf7c5b561b7efbbc3da039f4cb09cee1a4f8eb&person_id=3648398715617542195&eid=50082
Protocol
H3
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

via
1.1 google
expires
Thu, 14 Nov 2024 15:12:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
server
Google Frontend

Redirect headers

cache-control
no-cache, no-store
timing-allow-origin
*
location
https://ml314.com/csync.ashx?fp=ba83b506a8a851606647747a525c087bb753ef7c94cf7c5b561b7efbbc3da039f4cb09cee1a4f8eb&person_id=3648398715617542195&eid=50082
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length
0
date
Wed, 13 Nov 2024 15:12:20 GMT
utsync.ashx
ml314.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1
  • https://ml314.com/utsync.ashx?eid=53819&et=0&fp=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&gdpr=0&gdpr_consent=
43 B
61 B
Image
General
Full URL
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&gdpr=0&gdpr_consent=
Protocol
H3
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 google
expires
0,Thu, 14 Nov 2024 15:12:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
server
Google Frontend

Redirect headers

location
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&gdpr=0&gdpr_consent=
content-length
241
date
Wed, 13 Nov 2024 15:12:20 GMT
server
Kestrel
csync.ashx
ml314.com/
Redirect Chain
  • https://ib.adnxs.com/getuid?https://ml314.com/csync.ashx%3Ffp=$UID%26person_id=3648398715617542195%26eid=2
  • https://ml314.com/csync.ashx?fp=5958286857444545603&person_id=3648398715617542195&eid=2
43 B
56 B
Image
General
Full URL
https://ml314.com/csync.ashx?fp=5958286857444545603&person_id=3648398715617542195&eid=2
Protocol
H3
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

via
1.1 google
expires
Thu, 14 Nov 2024 15:12:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
server
Google Frontend

Redirect headers

cache-control
no-store, no-cache, private
location
https://ml314.com/csync.ashx?fp=5958286857444545603&person_id=3648398715617542195&eid=2
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
208.252.80.24; 208.252.80.24; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
2d59ecac-c88f-4c68-8063-55ae0d5d0874
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 13 Nov 2024 15:12:20 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
match
ps.eyeota.net/
Redirect Chain
  • https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
  • https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
  • https://ml314.com/utsync.ashx?eid=50052&et=0&fp=21ZTqxwgMxP-0O8B3nU-FMZkdzBhDCSOmlJVFs1Ve42w&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_p...
  • https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
70 B
440 B
Image
General
Full URL
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Protocol
HTTP/1.1
Server
34.197.192.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-192-192.compute-1.amazonaws.com
Software
/
Resource Hash
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

Content-Length
70
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date
Wed, 13 Nov 2024 15:12:21 GMT
Content-Type
image/gif

Redirect headers

cache-control
no-cache, no-store, must-revalidate
location
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
pragma
no-cache
via
1.1 google
expires
0,Thu, 14 Nov 2024 15:12:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
content-length
43
date
Wed, 13 Nov 2024 15:12:20 GMT
content-type
image/gif
x-cloud-trace-context
263f998ae757c2b467c7dcd3e2eaad50
server
Google Frontend
usersync
tracking.contanuity.com/
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=0ac9c017dfdd772893a32ead8dfce3c5_1731510739844
  • https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=0ac9c017dfdd772893a32ead8dfce3c5_1731510739844&_bee_ppp=1
  • https://tracking.contanuity.com/usersync?bwcookie=AADZFE7OaYQAABTFJInqAg
0
0

/
px.ads.linkedin.com/wa/
0
197 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
*
Content-Type
text/plain;charset=UTF-8

Response headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 729E9C7B3DFF4C3482F8016396A47E33 Ref B: PHL30EDGE0218 Ref C: 2024-11-13T15:12:20Z
x-li-fabric
prod-ltx1
access-control-allow-credentials
true
x-li-uuid
AAYmzMKjNCbVE+eYHTx2mg==
x-li-proto
http/2
access-control-allow-origin
https://www.fortinet.com
x-cache
CONFIG_NOCACHE
date
Wed, 13 Nov 2024 15:12:20 GMT
vary
Origin
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A21%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A20%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223017%22%7D&isIframe=false&m=%7B%22description%22%3A%22See%20how%20threat%20actors%20have%20abused%20Remcos%20to%20collect%20sensitive%20information%20from%20victims%20and%20remotely%20control%20their%20computers%20to%20perform%20further%20malicious%20acts.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Crat%22%2C%22title%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=ab08ebfe-e80d-4ace-8fd2-aeebfd13dcf2&ipv6=2600%3A803%3Aa88%3A3024%3A%3A24&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"5e502810-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:21 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:21 GMT
content-type
image/gif
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
st
px.mountain.com/
2 KB
1 KB
Script
General
Full URL
https://px.mountain.com/st?ga_tracking_id=G-38BQ9XFDT4&ga_client_id=2050926505.1731510739&shpt=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22One%20of%20the%20required%20properties%20not%20evaluated%20(mntnis%2C%20ga_tracking_id%2C%20ga_client_id%2C%20shpt).%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221731510738%22%7D%5D%2C%22ga_tracking_id%22%3A%22G-38BQ9XFDT4%22%2C%22ga_client_id%22%3A%222050926505.1731510739%22%2C%22shpt%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221731510738.1%22%2C%22adobe_analytics%22%3A%7B%7D%2C%22mntnis%22%3A%22XmXXeOVgCyKlJCWmN7XygwRS5cSxS3qW%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A9%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1731510738.1&available_ga=%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221731510738%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&cb=43033058566334330term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cmediamath%3Dtrue%2Cga4%3Dtrue%2Cappnexus%3Dtrue
Requested by
Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&cb=43033058566334330term=value
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.235.191.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-235-191-156.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
6e9bbae711adae334e252ba5292c6ff7be8d734b7ef388236bc2066d2a1e80f7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

transfer-encoding
chunked
content-encoding
gzip
x-envoy-upstream-service-time
1
connection
close
access-control-allow-origin
*
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
date
Wed, 13 Nov 2024 15:12:22 GMT
content-type
application/javascript;charset=utf-8
server
istio-envoy
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A22%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A21%20GMT%22%2C%22timeSpent%22%3A%221007%22%2C%22totalTimeSpent%22%3A%224024%22%7D&isIframe=false&m=%7B%22description%22%3A%22See%20how%20threat%20actors%20have%20abused%20Remcos%20to%20collect%20sensitive%20information%20from%20victims%20and%20remotely%20control%20their%20computers%20to%20perform%20further%20malicious%20acts.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Crat%22%2C%22title%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=ab08ebfe-e80d-4ace-8fd2-aeebfd13dcf2&ipv6=2600%3A803%3Aa88%3A3024%3A%3A24&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f02dad-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:22 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:22 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
gs
gs.mountain.com/
144 B
733 B
Script
General
Full URL
https://gs.mountain.com/gs
Requested by
Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-38BQ9XFDT4&ga_client_id=2050926505.1731510739&shpt=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22One%20of%20the%20required%20properties%20not%20evaluated%20(mntnis%2C%20ga_tracking_id%2C%20ga_client_id%2C%20shpt).%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221731510738%22%7D%5D%2C%22ga_tracking_id%22%3A%22G-38BQ9XFDT4%22%2C%22ga_client_id%22%3A%222050926505.1731510739%22%2C%22shpt%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221731510738.1%22%2C%22adobe_analytics%22%3A%7B%7D%2C%22mntnis%22%3A%22XmXXeOVgCyKlJCWmN7XygwRS5cSxS3qW%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A9%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1731510738.1&available_ga=%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221731510738%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&cb=43033058566334330term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cmediamath%3Dtrue%2Cga4%3Dtrue%2Cappnexus%3Dtrue
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.12.117.226 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-12-117-226.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
1dba6fb2f65444dc4de26d029e4fafaecb332306bec4480b645e3a915351f63e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
public, max-age=31536000
x-envoy-upstream-service-time
1
connection
close
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
x-application-context
application:prod:8080
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
date
Wed, 13 Nov 2024 15:12:22 GMT
content-length
144
content-type
application/javascript;charset=utf-8
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
istio-envoy
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header
st
px.mountain.com/
6 KB
2 KB
Script
General
Full URL
https://px.mountain.com/st?ga_tracking_id=G-38BQ9XFDT4&ga_client_id=2050926505.1731510739&shpt=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22One%20of%20the%20required%20properties%20not%20evaluated%20(mntnis%2C%20ga_tracking_id%2C%20ga_client_id%2C%20shpt).%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221731510738%22%7D%5D%2C%22ga_tracking_id%22%3A%22G-38BQ9XFDT4%22%2C%22ga_client_id%22%3A%222050926505.1731510739%22%2C%22shpt%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221731510738.1%22%2C%22adobe_analytics%22%3A%7B%7D%2C%22mntnis%22%3A%22XmXXeOVgCyKlJCWmN7XygwRS5cSxS3qW%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A9%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1731510738.1&available_ga=%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221731510738%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cmediamath%3Dtrue%2Cga4%3Dtrue%2Cappnexus%3Dtrue&cb=1731510742457893&shguid=0b7741a8-1059-3c8e-a086-767e5ab1eccb&shgts=1731510742907
Requested by
Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-38BQ9XFDT4&ga_client_id=2050926505.1731510739&shpt=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22One%20of%20the%20required%20properties%20not%20evaluated%20(mntnis%2C%20ga_tracking_id%2C%20ga_client_id%2C%20shpt).%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221731510738%22%7D%5D%2C%22ga_tracking_id%22%3A%22G-38BQ9XFDT4%22%2C%22ga_client_id%22%3A%222050926505.1731510739%22%2C%22shpt%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221731510738.1%22%2C%22adobe_analytics%22%3A%7B%7D%2C%22mntnis%22%3A%22XmXXeOVgCyKlJCWmN7XygwRS5cSxS3qW%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A9%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1731510738.1&available_ga=%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221731510738%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&cb=43033058566334330term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cmediamath%3Dtrue%2Cga4%3Dtrue%2Cappnexus%3Dtrue
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.235.191.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-235-191-156.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
5c672a0eb83ebd9310b8cd0e8d3bc5c14af6cc83e932cef5c000908c0671ba0a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

transfer-encoding
chunked
content-encoding
gzip
x-envoy-upstream-service-time
17
connection
close
access-control-allow-origin
*
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
date
Wed, 13 Nov 2024 15:12:23 GMT
content-type
application/javascript;charset=utf-8
server
istio-envoy
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A23%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A22%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225025%22%7D&isIframe=false&m=%7B%22description%22%3A%22See%20how%20threat%20actors%20have%20abused%20Remcos%20to%20collect%20sensitive%20information%20from%20victims%20and%20remotely%20control%20their%20computers%20to%20perform%20further%20malicious%20acts.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Crat%22%2C%22title%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=ab08ebfe-e80d-4ace-8fd2-aeebfd13dcf2&ipv6=2600%3A803%3Aa88%3A3024%3A%3A24&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"615ccf10-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:23 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:23 GMT
content-type
image/gif
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
tdsync
px.steelhousemedia.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=aecb4b52-a1d1-11ef-9110-13dab07cf320&gdpr=&gdpr_consent=
  • https://px.steelhousemedia.com/tdsync?tdid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&shguid=aecb4b52-a1d1-11ef-9110-13dab07cf320
0
319 B
Image
General
Full URL
https://px.steelhousemedia.com/tdsync?tdid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&shguid=aecb4b52-a1d1-11ef-9110-13dab07cf320
Protocol
HTTP/1.1
Server
44.225.29.129 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-225-29-129.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

x-envoy-upstream-service-time
54
connection
close
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-length
0
date
Wed, 13 Nov 2024 15:12:23 GMT
server
istio-envoy
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header

Redirect headers

location
https://px.steelhousemedia.com/tdsync?tdid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&shguid=aecb4b52-a1d1-11ef-9110-13dab07cf320
content-length
277
date
Wed, 13 Nov 2024 15:12:23 GMT
server
Kestrel
generic
match.adsrvr.org/track/cmf/
Redirect Chain
  • https://insight.adsrvr.org/track/evnt/?adv=6s0zaeu&ct=0:0bi0elf&fmt=3
  • https://dpm.demdex.net/ibs:dpid=903&dpuuid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=YzU3YjRhMjAtZGNmYS00YmM3LWIzZGYtMWU1ZWY2M2NmNWQ5&gdpr=0&gdpr_consent=&ttd_tdid=c57b4a20-dcfa-4bc7-b3df-1e5ef...
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&google_gid=CAESEFOxE__-4EuleQD3EVrFoPU&google_cver=1
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=5958286857444545603&ttd_tdid=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9&partner_url=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dtapad
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3D040b98bc-28d1-4c8c-8153-818d09b18300%252Chttps%2525...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=5958286857444545603&pt=040b98bc-28d1-4c8c-8153-818d09b18300%2Chttps%253A%252F%252Fmatch.adsrvr.org%252Ftrack%252Fcmf%...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad
70 B
497 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad
Protocol
H2
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-length
70
date
Wed, 13 Nov 2024 15:12:23 GMT
content-type
image/gif
server
Kestrel

Redirect headers

strict-transport-security
max-age=31536000
location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
0
date
Wed, 13 Nov 2024 15:12:23 GMT
server
Jetty(11.0.13)
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A24%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A23%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%226025%22%7D&isIframe=false&m=%7B%22description%22%3A%22See%20how%20threat%20actors%20have%20abused%20Remcos%20to%20collect%20sensitive%20information%20from%20victims%20and%20remotely%20control%20their%20computers%20to%20perform%20further%20malicious%20acts.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Crat%22%2C%22title%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=ab08ebfe-e80d-4ace-8fd2-aeebfd13dcf2&ipv6=2600%3A803%3Aa88%3A3024%3A%3A24&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f02dad-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:24 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:24 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A25%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A24%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%227026%22%7D&isIframe=false&m=%7B%22description%22%3A%22See%20how%20threat%20actors%20have%20abused%20Remcos%20to%20collect%20sensitive%20information%20from%20victims%20and%20remotely%20control%20their%20computers%20to%20perform%20further%20malicious%20acts.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Crat%22%2C%22title%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=ab08ebfe-e80d-4ace-8fd2-aeebfd13dcf2&ipv6=2600%3A803%3Aa88%3A3024%3A%3A24&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"615ccf10-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:25 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:25 GMT
content-type
image/gif
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A26%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A25%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%228026%22%7D&isIframe=false&m=%7B%22description%22%3A%22See%20how%20threat%20actors%20have%20abused%20Remcos%20to%20collect%20sensitive%20information%20from%20victims%20and%20remotely%20control%20their%20computers%20to%20perform%20further%20malicious%20acts.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Crat%22%2C%22title%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=ab08ebfe-e80d-4ace-8fd2-aeebfd13dcf2&ipv6=2600%3A803%3Aa88%3A3024%3A%3A24&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"60bb2e15-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:26 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:26 GMT
content-type
image/gif
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=e4f10cce-bf12-476f-8f7c-3bd6cbd7332d&session=fcd2e623-1379-4ff5-8687-0cf813912f6b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A27%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2013%20Nov%202024%2015%3A12%3A26%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%229027%22%7D&isIframe=false&m=%7B%22description%22%3A%22See%20how%20threat%20actors%20have%20abused%20Remcos%20to%20collect%20sensitive%20information%20from%20victims%20and%20remotely%20control%20their%20computers%20to%20perform%20further%20malicious%20acts.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Crat%22%2C%22title%22%3A%22New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&pageViewId=ab08ebfe-e80d-4ace-8fd2-aeebfd13dcf2&ipv6=2600%3A803%3Aa88%3A3024%3A%3A24&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.3.196 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-196-3-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"60bb2e15-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 15:12:27 GMT
accept-ranges
bytes
content-length
43
date
Wed, 13 Nov 2024 15:12:27 GMT
content-type
image/gif
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ibc-flow.techtarget.com
URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1731510738985&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&version=2.4
Domain
tracking.contanuity.com
URL
https://tracking.contanuity.com/usersync?bwcookie=AADZFE7OaYQAABTFJInqAg

Verdicts & Comments Add Verdict or Comment

162 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 function| OptanonWrapper object| fortinet_blog object| EasyAutocomplete object| search_config boolean| blogFilter string| documentsQuery function| htmlEncode function| hideAutoComplete function| sitesearch_init function| sitesearch_search_callback function| sitesearch_countall_callback function| sitesearch_do_search function| sitesearch_do_force_search function| sitesearch_spellcheck_callback function| sitesearch_do_spellcheck function| sitesearch_do_suggest_search function| sitesearch_query_searchresult_callback function| sitesearch_do_query_searchresult function| sitesearch_click_page_callback function| sitesearch_click_page function| search_action function| sitesearch_search_fortiguard function| count_facets_type function| shuffle_facets function| setImmediate function| clearImmediate function| $ function| jQuery object| OtTrustedType string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| Optanon object| OneTrust function| e object| visitor object| adobe function| Visitor object| s_c_il number| s_c_in object| __target_telemetry object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate object| _satellite boolean| __satelliteLoaded number| timer_e object| _6si function| obApi object| uetq function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_ActivityMap function| apiObj boolean| CE_USER_SCRIPT object| CE2 string| CE_USER_SITE_DATA_URL string| CE_USER_DATA_URL function| UET function| UET_init function| UET_push object| ueto_6147a583eb object| sifi_att_42656 string| CE_USER_COMMON_SCRIPT_URL string| CE_USER_THIRDPARTY_SCRIPT_URL boolean| _storagePopulated object| webpackChunkCE2 object| CE2BH function| CE_URL_FINGERPRINT object| CE_API object| google_tag_manager object| google_tag_data function| gtag function| onYouTubeIframeAPIReady object| gaGlobal object| targetGlobalSettings object| webpackChunkom_api_js object| _omapp function| OptinMonsterApp boolean| om_loaded object| om45602_39852 object| _omq function| omq object| techtargetic function| appendScriptTag string| currentWebsiteUrl string| link object| TAG_INFO string| wid_baseUrl object| wid_cmds object| cookieScriptWindow object| cookieScripts string| cookieScriptDomain boolean| cookieScriptShowBadge string| cookieScriptCurrentUrl string| pagePath string| ftntCampaign function| updateCampaignCookie function| ftntInjectCookieScript function| ftntCookieScriptCreateCookie function| ftntCookieScriptReadCookie object| s_i_fortinetincproduction string| WID_VISITOR_ID string| WID_EVENT_TYPES string| WID_PAGE_TITLE string| WID_PAGE_URL number| WID_INTERVAL number| WID_IDLE_INTERVAL function| addListenerMulti function| wid_initAgain function| wid_handleAnchorClick function| wid_bundleParams function| wid_handleApiRequest function| wid_fallBackApiRequest function| wid_handleButtonClick function| wid_findParentByTagName function| wid_getCurrentUnixTimestamp function| wid_getCookie function| wid_setCookie function| wid_deleteCookie function| wid_generateRandomGuid function| wid_zeroFill function| wid_str_pad function| wid_rand object| FingerprintJS object| t object| td function| twq string| _linkedin_data_partner_id string| _linkedin_partner_id string| _linkedin_partner_id_2 string| _linkedin_partner_id_3 object| _linkedin_data_partner_ids function| saq function| _saq function| lintrk boolean| _already_called_lintrk object| regeneratorRuntime object| twttr string| axel number| a function| fbq function| _fbq string| dcm_cid object| xhr object| res object| saCookies string| current_window_url_param object| _sz object| _ml object| Sixsct object| ORIBILI string| avail_ga_sorted object| irongate object| mntn

127 Cookies

Domain/Path Name / Value
www.fortinet.com/ Name: cookiesession1
Value: 678A3E591F6312F20E05D9F671C652E5
.fortinet.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Wed+Nov+13+2024+05%3A12%3A17+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=6.10.0&hosts=&consentId=a246f6ae-8b0e-4206-b36e-ef95abd5075a&interactionCount=0&landingPath=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.fortinet.com/ Name: at_check
Value: true
.demdex.net/ Name: demdex
Value: 19970388947444869440355377206328874018
.fortinet.com/ Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg
Value: 1
www.fortinet.com/ Name: _gd_visitor
Value: e4f10cce-bf12-476f-8f7c-3bd6cbd7332d
www.fortinet.com/ Name: _gd_session
Value: fcd2e623-1379-4ff5-8687-0cf813912f6b
.simpli.fi/ Name: suid
Value: 58D823FA4EF84E62B213BE5E83BC1996
.dpm.demdex.net/ Name: dpm
Value: 19970388947444869440355377206328874018
.fortinet.com/ Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg
Value: 179643557%7CMCIDTS%7C20041%7CMCMID%7C19592882991514515600317696975197894058%7CMCAAMLH-1732115537%7C7%7CMCAAMB-1732115537%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1731517938s%7CNONE%7CMCSYNCSOP%7C411-20048%7CvVersion%7C5.5.0
.fortinet.com/ Name: _uetsid
Value: ac4eec00a1d111ef8a8d8dd4e10cb687
.fortinet.com/ Name: _uetvid
Value: ac4f34e0a1d111efb5909bbdfd62b203
.bing.com/ Name: MUID
Value: 000866178C836475379273218D8265F9
.bat.bing.com/ Name: MR
Value: 0
.fortinet.com/ Name: mbox
Value: session#1e899172c021407ab885daf85a49b36c#1731512599|PC#1e899172c021407ab885daf85a49b36c.35_0#1794755539
.fortinet.com/ Name: mboxEdgeCluster
Value: 35
www.fortinet.com/ Name: dicbo_id
Value: %7B%22dicbo_fetch%22%3A1731510738447%7D
.fortinet.com/ Name: _ga_38BQ9XFDT4
Value: GS1.1.1731510738.1.0.1731510738.0.0.0
.fortinet.com/ Name: _ga
Value: GA1.1.2050926505.1731510739
.fortinet.com/ Name: cebs
Value: 1
www.fortinet.com/ Name: _omappvp
Value: vTXQLN2vfEppmlYfHoC0iZKkEqid0aE9aazDilDAETNQRy618Vh6be7Y57bmC3WKXvRm188YDYLpOe44oH0tGQhEOq26x4wA
www.fortinet.com/ Name: _omappvs
Value: 1731510738809
.fortinet.com/ Name: gpv_pn
Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims
.fortinet.com/ Name: s_getNewRepeat
Value: 1731510738838-New
.fortinet.com/ Name: s_cc
Value: true
.techtarget.com/ Name: __cf_bm
Value: tOiP8TRCQnIMap00T7l2BKRJQ4VMJDS9HhkFKWeZoYQ-1731510738-1.0.1.1-Y95muP52pCcNmQ0oS26DF3_vYKsX_3Y.G0ltv4UjElJzOFYocvrD.aYc7j..sADQPFAymLSbc_QqQWI_nYNvpg
.www.fortinet.com/ Name: WID_VISITOR_ID
Value: 1731510739707166422
.fortinet.com/ Name: _ce.clock_data
Value: 35%2C208.252.80.24%2C1%2Ce70c069864ec1ceef7523c2cc9b41fcd%2CChrome%2CUS
.fortinet.com/ Name: cebsp_
Value: 1
.fortinet.com/ Name: _ce.s
Value: v~a8082614c8b8a0ae693fa596b982292e6df07c78~lcw~1731510739095~vir~new~lva~1731510738692~vpv~0~v11.cs~424000~v11.s~acca2360-a1d1-11ef-9622-9f3aaefe1769~lcw~1731510739097
www.fortinet.com/ Name: AWSALB
Value: oMrU65E4q9rkWfnOtrCBj5+3xyRUFwZFxv/7fRpXalrF4J5uWap3A0tM0oQpCaL2D5gleq7/TMgj9nT/V1YWpVfYtbVXUUwr52ZTeTTRSkMMhBtLVBCrYo08LQ0uYG9sHaRy3AXUrhYYyp3PiPo5e4DFCKuguiL3Wk+ZBAOArfbwBzvaLeH++scR3MnpwXpBKwQ05ECU7p1UnAcPqFJaNuW9kSMQwoau
www.fortinet.com/ Name: AWSALBCORS
Value: NKXCvhwb97L7xT3ONAczlmiQXigpuKT/gMst4WH+RvxUxEgbWU8oKDePpIQvCksbuXeDMUuVFIU5mXIw7RGljvBDlS8frD5XW5eapwD9kQrBv0JeliSyChFjitRfxcuwLpNRWCgvZOR1jnUuPKNaSqxTY8nxfEOVCqny46tzLtr0prBAjPHFe1omtCe4KuUiMP8uJwHBBIBb6+da2ba1ZWOTjwrfMxsG
.simpli.fi/ Name: uid_syncd_secure
Value: true
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
tags.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-202593fd-4e89-532f-5167-a85516dbed03.cf9A%2Bb7ZfhZnRBPSy6bxA0DauqyZSbjyQ52YuRMyvyU
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-202593fd-4e89-532f-5167-a85516dbed03.cf9A%2Bb7ZfhZnRBPSy6bxA0DauqyZSbjyQ52YuRMyvyU
tags.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AICWT_U6JUy9RZ6hVFtvtA9D8UBg.89Pl3ljTVBT%2BFcxXGEGQ%2FnYVaYFDyFYX1lZoTtA19yc
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AICWT_U6JUy9RZ6hVFtvtA9D8UBg.89Pl3ljTVBT%2BFcxXGEGQ%2FnYVaYFDyFYX1lZoTtA19yc
tags.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIMKb0x4pfje0aypqNOina6wGe9TqoC3TACkjC8sOQAMgEAEYAyDTg9O5BjABOgRCK7SgQgRhsaUK.70Ezbc76WxSVDox8nkTO5OpX%2BjpuUul8%2F4iE%2B95S4xs
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIMKb0x4pfje0aypqNOina6wGe9TqoC3TACkjC8sOQAMgEAEYAyDTg9O5BjABOgRCK7SgQgRhsaUK.70Ezbc76WxSVDox8nkTO5OpX%2BjpuUul8%2F4iE%2B95S4xs
www.fortinet.com/ Name: sa-user-id
Value: s%253A0-202593fd-4e89-532f-5167-a85516dbed03.cf9A%252Bb7ZfhZnRBPSy6bxA0DauqyZSbjyQ52YuRMyvyU
www.fortinet.com/ Name: sa-user-id-v2
Value: s%253AICWT_U6JUy9RZ6hVFtvtA9D8UBg.89Pl3ljTVBT%252BFcxXGEGQ%252FnYVaYFDyFYX1lZoTtA19yc
www.fortinet.com/ Name: sa-user-id-v3
Value: s%253AAQAKIMKb0x4pfje0aypqNOina6wGe9TqoC3TACkjC8sOQAMgEAEYAyDTg9O5BjABOgRCK7SgQgRhsaUK.70Ezbc76WxSVDox8nkTO5OpX%252BjpuUul8%252F4iE%252B95S4xs
.adnxs.com/ Name: XANDR_PANID
Value: tYvjU35hnPbIbiFeajPMuzxM8zdiyBQCeDT6nFAi2Q0nPAUKi5MlwDm5WREWEiI1eNpQwCl5o9gW8Gm1iEBjTjrNC94TxkVLMVxlUWlHTKM.
.adnxs.com/ Name: uuid2
Value: 5958286857444545603
abm-tracking.demandscience.com/ Name: userId
Value: 0ac9c017dfdd772893a32ead8dfce3c5_1731510739844
.adnxs.com/ Name: anj
Value: dTM7k!M4.FE:2jUF']wIg2GUiMK(9W!A#Ev.TOK`YT5U?QgGs=dWxG8k_mlcjbpyPjbh.ZfS(Wbjc[0ik_HlsifGmM=*Z2<GdD0[%p[s>%q)3R5MiJt
.smaato.net/ Name: SCM
Value: 06c56c6b25
.smaato.net/ Name: SCMaps
Value: 06c56c6b25
.smaato.net/ Name: SCM1001136
Value: 06c56c6b25
.3lift.com/ Name: tluidp
Value: 1610634372014346883532
.3lift.com/ Name: tluid
Value: 1610634372014346883532
.agkn.com/ Name: ab
Value: 0001%3AUIugD%2FMwvLpiJfsUmpMCHfxfru6bSO4R
.intentiq.com/ Name: IQver
Value: 1.9
.intentiq.com/ Name: intentIQ
Value: 5wum5GjkM8
.linkedin.com/ Name: li_sugr
Value: 0fcf1cce-1024-4281-a01a-acc30c25ea7a
.linkedin.com/ Name: bcookie
Value: "v=2&2bab73a9-e520-43be-8235-d30f7febdcfb"
.linkedin.com/ Name: lidc
Value: "b=TGST02:s=T:r=T:a=T:p=T:g=3405:u=1:x=1:i=1731510740:t=1731597140:v=2:sig=AQHRCoTn3z27h7hpuVirTogmVvET197B"
.ads.stickyadstv.com/ Name: UID
Value: fedc64129d96c67be03055c61c25c5bd
.ads.stickyadstv.com/ Name: uid-bp-26865
Value: 58D823FA4EF84E62B213BE5E83BC1996
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-0062a4f5-281f-4e09-9e6e-9e266c332d9b-005%22%7D
.tapad.com/ Name: TapAd_TS
Value: 1731510740207
.tapad.com/ Name: TapAd_DID
Value: 040b98bc-28d1-4c8c-8153-818d09b18300
.bfmio.com/ Name: __141_cid
Value: 58D823FA4EF84E62B213BE5E83BC1996
.bfmio.com/ Name: __io_cid
Value: 66238c2a32e9d6ca6d1197846135687b6c2a530a
.doubleclick.net/ Name: IDE
Value: AHWqTUnNLN-JWXPve_tbGnh0HxdjWisuoL5Bs4APjNFdKgub9jsOjYkZdlZOLbbB2Dw
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.exelator.com/ Name: EE
Value: "d16de392d92a266ab872b0911642c234"
.rlcdn.com/ Name: rlas3
Value: 6p2A4wIliHjK1JSgBoSjx7b6PRITpldY9tAtALNsf60=
.openx.net/ Name: i
Value: 291cc8d4-8710-48ff-aae4-a2e87603c7a5|1731510740
.intentiq.com/ Name: IQMID
Value: 3506196504#1731510740264
.intentiq.com/ Name: IQPData
Value: 3506196504#1731510740246#0#1731510740246
.intentiq.com/ Name: intentIQCDate
Value: 1731510740263
.intentiq.com/ Name: ASDT
Value: 0
.intentiq.com/ Name: CSDT
Value: UEQ6MTAwNDNfMCZVVTFLYmd1
.crwdcntrl.net/ Name: _cc_cc
Value: ctst
.lijit.com/ Name: ljt_reader
Value: JqRQAQZH_RxuMny_TQahmOrQ
.t.co/ Name: muc_ads
Value: 48246afc-e5d4-4874-8e58-10a957cc729b
.t.co/ Name: __cf_bm
Value: iUrcpYHG2kxrK2HENYuWYQ8WMc7O2MTVtDxWplu8sS4-1731510740-1.0.1.1-HFWNWGU9IIcidfO3TigiKecr4l5.5OGEZD9a7GriWHI9huPHdk2E7hW3B33QygTGVMrTBBnYmCFmNX6VExiJzg
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:58D823FA4EF84E62B213BE5E83BC1996&KRTB&23486-uid:58D823FA4EF84E62B213BE5E83BC1996&KRTB&23489-uid:58D823FA4EF84E62B213BE5E83BC1996&KRTB&23539-uid:58D823FA4EF84E62B213BE5E83BC1996
.pubmatic.com/ Name: PugT
Value: 1731510740
.yahoo.com/ Name: A3
Value: d=AQABBNTBNGcCEBcH0JA5krUMXAAGfN0oVl4FEgEBAQETNmc-Z9xH0iMA_eMAAA&S=AQAAAmHZgTxgQL1GfqQYbTRKwlU
.rubiconproject.com/ Name: khaos
Value: M3G0SDUZ-1Q-180B
.rubiconproject.com/ Name: khaos_p
Value: M3G0SDUZ-1Q-180B
.rubiconproject.com/ Name: receive-cookie-deprecation
Value: 1
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQSHF0Cwl1djSKMXSKNHIzCwxycLcKMnA0tDQzMQo2cjYZHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDYYEl%252BUWb6otDgxUUpaQyLSopPBZ%252BczA0AdmQpgA%253D%253D"
.pro-market.net/ Name: anHistory
Value: "1vflclesk98g+2+!#7')%V#^x*"
.lijit.com/ Name: _ljtrtb_2
Value: 58D823FA4EF84E62B213BE5E83BC1996
.agkn.com/ Name: u
Value: C|0AAAAAAAALsd-VAAAAAAA
.amazon-adsystem.com/ Name: ad-id
Value: A2r2bIOocE8euXLR36v4E3E
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
www.fortinet.com/ Name: aa_cc
Value: US
www.fortinet.com/ Name: aa_cn
Value: United%20States
.twitter.com/ Name: personalization_id
Value: "v1_QslhvzkJac8JhTtbYcaHDg=="
www.fortinet.com/ Name: 6scexist
Value: true
.linkedin.com/ Name: UserMatchHistory
Value: AQLUS3kdhakXHgAAAZMmFSXtuFijqIEGO8Lj9i22uViyOh1eMNdZwW6vFiaiYM6GZdxiVz_uxt9qOA
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQKeZZb8U900XQAAAZMmFSXtAD6CKz6fYRVdJZiHZdgwy0mlTLPKySDQNeTCpEM8Fxp3ijKcQQJzJzo-38AoMQ
.doubleclick.net/ Name: ar_debug
Value: 1
.fortinet.com/ Name: nmstat
Value: 5be3e3ec-6614-16b7-cf86-9e47dab9e67d
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-0062a4f5-281f-4e09-9e6e-9e266c332d9b-005%22%7D
.pippio.com/ Name: did
Value: N-J7_ruMSxgfJm6e
.pippio.com/ Name: didts
Value: 1731510740
.pippio.com/ Name: nnls
Value:
.pippio.com/ Name: pxrc
Value: CNSD07kGEgYIgr0rEAA=
.fortinet.com/ Name: _fbp
Value: fb.1.1731510740578.353769812550599498
.analytics.yahoo.com/ Name: IDSYNC
Value: "176k~2lt3:19ba~2lt3"
.pro-market.net/ Name: anProfile
Value: "1vflclesk98g+1+1f=1+1g=1+1j=57:1+rs=s+rt=260008030A8830240000000000000024+s2=(smwa8k)+vm=24-58D823FA4EF84E62B213BE5E83BC1996:81-y-T5lmfKBE2pTQYArgTwdzNCIx8jw.C_rWjNo-%7EA"
.www.linkedin.com/ Name: bscookie
Value: "v=1&20241113151220a50e05a2-27c8-4d5e-881d-d74baf51fa81AQEFmUH7ViSCdE_G_i4VxxBgnzm8KpdH"
.linkedin.com/ Name: __cf_bm
Value: A7zI13ueMe98lD0xkzMawJ1gJkqdo2cFqHeQxSO3iWo-1731510740-1.0.1.1-ZWUhWXp2rS6YNx311XBTUJlT36UHmltUlQmXVyi6ehfwhJBvXLRN0CKFzbYM36uSHyCppOCII6u_G0PKhP9Niw
.ml314.com/ Name: pi
Value: 3648398715617542195
.ml314.com/ Name: tp
Value: 4%253B11%252F13%252F2024%2B15%253A12%253A20
tracking.contanuity.com/ Name: userId
Value: 0ac9c017dfdd772893a32ead8dfce3c5_1731510739844
tracking.contanuity.com/ Name: clientId
Value: undefined
.rlcdn.com/ Name: pxrc
Value: CNSD07kGEgUI6AcQABIFCOhHEAASBQjbThAA
.adsrvr.org/ Name: TDID
Value: c57b4a20-dcfa-4bc7-b3df-1e5ef63cf5d9
.eyeota.net/ Name: mako_uid
Value: 19326152796-3b190000010a4352
.eyeota.net/ Name: SERVERID
Value: 17234~DM
.bidr.io/ Name: bito
Value: AADZFE7OaYQAABTFJInqAg
.bidr.io/ Name: bitoIsSecure
Value: ok
.ml314.com/ Name: u
Value: aHR0cHM6Ly93d3cuZm9ydGluZXQuY29tLw%3D%3D
.mountain.com/ Name: guid
Value: aecb4b52-a1d1-11ef-9110-13dab07cf320
.px.mountain.com/ Name: tt
Value: "H4sIAAAAAAAAAKtW8guKNzYyNjaLNzK3NFayMtBRgnItjC2UrAzNjQ1NDQ3MTYyNDQx1lMqUrIx0kLSA1RjUAgCXPb77RgAAAA=="
.mountain.com/ Name: rt
Value: "MzIzMzY6MTczMTUxMDc0Mw=="
.rubiconproject.com/ Name: audit_p
Value: 1|YVS6/LBnqiPul5C5ugPEv1WqPD8yBCWBhfGGSvkolLDtSRNyoMFDqLlewjtpVM3MPaz8LeE3CbEwHTRO1/p4iGfsp8ABdinMMf+s+oisr/7h3uH/Q5KUb3jo4TKHTattbPj1cDXHmWL2rW+y8T/wNIK7NDsgMoI/deodiyl5GGjz2vDHqR/c6KfkLNxlFhbb
.rubiconproject.com/ Name: audit
Value: 1|YVS6/LBnqiPul5C5ugPEv1WqPD8yBCWBhfGGSvkolLDtSRNyoMFDqLlewjtpVM3MPaz8LeE3CbEwHTRO1/p4iGfsp8ABdinMMf+s+oisr/7h3uH/Q5KUb3jo4TKHTattbPj1cDXHmWL2rW+y8T/wNIK7NDsgMoI/deodiyl5GGjz2vDHqR/c6KfkLNxlFhbb
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 2!7647
.adsrvr.org/ Name: TDCPM
Value: CAESFgoHZDB0cm8xahILCPKs86Xz_8E9EAUSEgoDYWFtEgsI-Oj63bnNtj0QBRIWCgdydWJpY29uEgsIssqcvvP_wT0QBRIVCgZnb29nbGUSCwis_8-_8__BPRAFEhcKCGFwcG5leHVzEgsI2oiVwPP_wT0QBRIUCgV0YXBhZBILCMCulcDz_8E9EAUYBTgBQgQiAggB

9 Console Messages

Source Level URL
Text
rendering warning URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0B0A00374000000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A010A10374000000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network error URL: https://api.omappapi.com/v2/embed/39852?d=fortinet.com
Message:
Failed to load resource: the server responded with a status of 401 ()
javascript error URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Message:
Access to XMLHttpRequest at 'https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1731510738985&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&version=2.4' from origin 'https://www.fortinet.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1731510738985&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&version=2.4
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1731510739707166422&event_type=page_request&timestamp=1731510739&page_title=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&page_url_referer=
Message:
Failed to load resource: the server responded with a status of 401 ()
rendering warning URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A080A00374000000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network error URL: https://stags.bluekai.com/site/29931?id=58D823FA4EF84E62B213BE5E83BC1996
Message:
Failed to load resource: the server responded with a status of 500 (Internal Server Error)
network error URL: https://webtracker.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1731510739707166422&event_type=page_request&timestamp=1731510740&page_title=New%20Campaign%20Uses%20Remcos%20RAT%20to%20Exploit%20Victims%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&page_url_referer=
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10104846.fls.doubleclick.net
6033413.global.siteimproveanalytics.io
a.omappapi.com
a.opmnstr.com
aa.agkn.com
abm-tracking.demandscience.com
ads.stickyadstv.com
amplify.outbrain.com
analytics.twitter.com
api.omappapi.com
assets.adobedtm.com
b.6sc.co
bat.bing.com
bcp.crwdcntrl.net
c.6sc.co
cdn.cookielaw.org
cdn.jsdelivr.net
ce.lijit.com
cm.everesttech.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
d.agkn.com
dpm.demdex.net
dx.mountain.com
eb2.3lift.com
eps.6sc.co
fei.pro-market.net
fortinet.demdex.net
fortinet.tt.omtrdc.net
geolocation.onetrust.com
googleads.g.doubleclick.net
gs.mountain.com
i.simpli.fi
ib.adnxs.com
ibc-flow.techtarget.com
idsync.rlcdn.com
image2.pubmatic.com
insight.adsrvr.org
intentstream.contanuity.com
ipv6.6sc.co
j.6sc.co
loadm.exelator.com
match.adsrvr.org
metrics.fortinet.com
ml314.com
pbid.pro-market.net
pippio.com
pixel.mathtag.com
pixel.rubiconproject.com
pixel.tapad.com
pixels.argusplatform.com
ps.eyeota.net
px.ads.linkedin.com
px.mountain.com
px.steelhousemedia.com
px4.ads.linkedin.com
s.ad.smaato.net
s.amazon-adsystem.com
script.crazyegg.com
secure.adnxs.com
simplifi.partners.tremorhub.com
siteimproveanalytics.com
snap.licdn.com
stags.bluekai.com
static.ads-twitter.com
sync.1rx.io
sync.bfmio.com
sync.intentiq.com
sync.targeting.unrulymedia.com
t.co
tag.simpli.fi
tags.inzynk.io
tags.srv.stackadapt.com
tmp.argusplatform.com
tr.outbrain.com
tracking.contanuity.com
tracking.crazyegg.com
trk.techtarget.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
v.eps.6sc.co
wave.outbrain.com
webtracker.argusplatform.com
www.facebook.com
www.fortinet.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
ibc-flow.techtarget.com
tracking.contanuity.com
100.25.94.54
104.244.42.67
107.178.254.65
108.138.128.44
13.107.42.14
142.250.176.198
142.250.80.34
142.251.35.162
151.101.44.157
162.159.140.229
18.173.219.106
2001:4998:14:800::1001
2001:4998:1c:800::1000
207.65.37.184
23.196.3.196
23.196.3.207
23.199.49.127
23.39.37.118
2600:141b:1c00:2086::1e80
2600:141b:1c00:2e::17d1:48c5
2600:141b:1c00:6::17df:d14d
2600:1901:0:8eee::
2600:1f18:1492:1701:a964:c08d:f5eb:b0c
2600:1f18:612b:4216:8b4:d7c1:7102:1a81
2600:9000:21f9:1800:12:dfa9:e200:93a1
2600:9000:21f9:a000:19:fc2c:a140:93a1
2600:9000:247b:3200:1b:6b7d:2300:93a1
2600:9000:2840:ac00:1b:5138:8a40:93a1
2606:4700:3030::ac43:a3ed
2606:4700:3108::ac42:2908
2606:4700:4400::6812:2089
2606:4700:4400::ac40:92d7
2606:4700::6812:1347
2606:4700::6812:572a
2606:4700::6812:ba1f
2606:4700::6813:9408
2607:f8b0:4006:80a::2008
2607:f8b0:4006:80c::2002
2607:f8b0:4006:816::200e
2607:f8b0:4006:81f::2004
2620:1ec:21::14
2620:1ec:33:2::10
2620:1ec:bdf::40
2a02:6ea0:c454::1
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
3.141.188.58
3.218.41.45
3.220.203.153
34.111.113.62
34.111.208.231
34.117.77.79
34.170.123.2
34.171.47.125
34.196.87.99
34.197.192.192
34.229.3.43
34.238.149.65
34.98.64.218
35.175.35.80
35.244.154.8
35.71.139.29
44.197.70.51
44.212.189.233
44.225.29.129
44.226.187.177
44.235.191.156
52.12.117.226
52.223.40.198
52.32.164.86
52.44.251.75
54.166.218.157
54.203.236.163
63.140.37.206
63.140.37.244
63.251.28.211
68.67.160.132
68.67.179.166
69.173.151.100
69.194.240.13
70.42.32.95
74.121.140.211
98.82.157.231
99.83.231.3
0584489ac2594564e89e62ce6643510eaeed8edbb3f74b45a6082d72a8acce78
0a2816206ea0d9b29d21a55ff5a266058db372a3f87696a6a463bdc85cb1a949
0a8b3c914545d7ab159c36e40602b0c360897355b29cd8967fc83cb3e489a2d3
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0cd344605a83e699d26efaf3206c882e108d1197292e2f3b4c327a24ed53e613
0cf246d6cd139b795a60b01f5d66885f3a685b2433222bd698371d429418d5ea
0e558bfe20ca32463b1b3ba7fc2e06dac3850e7f816c5071599d3c150eeb65f1
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
16fb72ffe51980a00e52edf9a001b7d560b2bdbd1a56e04366a70b674204c359
1885fa140df271c97bf904d43f5385b84aa7458ff60cc20dae89ca4e9df959d9
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
1dba6fb2f65444dc4de26d029e4fafaecb332306bec4480b645e3a915351f63e
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1ebf4765c39e042319d8cc3f4070ef97c89b6e18a3f28bcec0bb7e58a9042a8f
21038f3ced53774e4fffbfc58254119f35e8a1b9e0bfcb6dc39971d263d0ecf0
21e1e9c369a99c9d0666d9c115a107d9df16a8a44119fd650fee9f52802269bd
23ca5578686d651deed4508b104fe16de675ab296becda560dc17d741f090af1
259bd74127f3150b5dbe1c2f9da49d1dbeeecce06bd0152f333839f448722ae2
25f6404b0bab974a632fc3d8adfe559b6c9e85e2b461f47a915ed2796901f035
2a250e2f225e48cf583d54a0a42d623c700847de17323bf23ea372e5d9e89cb2
2ad27005e8e532248d8ea6ff8adf38a4bb50d9f26f4745c6971beff60a9ef0e5
2bc3f32248814e53fb0792922dae3d54ebbeb6c7be7d95d20df0e2fa6a69ae67
2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30e3ee538441256091bfe54048cdb9883bd4509a9e6e4b68827771ddb1cf4207
32b4931413d5ce2afcf4ef52b12d39c3d6dd7247bd73c3a160c734b67c1a4c95
3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
38a4d98e8a644d2a59d5f709452915bec15b125de944590af7fcaeb06b2472ca
3923bff4786ef686d8dd4376b99c73c72b93e302b1dfb68243c7b620c4c27b99
3ae06367235ffbfe4f618e57467802343ea96fa0235b4f953b7c928b1674b702
3cafe408bf18e918d7daac870762a97244d03a73aca8ed7fe6a17141dfe34dad
3e75053eb73861e42602ca4075a48ad1a004f507ca9949210cfd09517114cc72
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4874fa9fd13dc1a03d79114835648fcad2a4ea5f9e53a72a19f7a1c2f002de34
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
512a4f403d30a587ad5ab0b9fa7b2fd4f078249ee03f9c23c445332838f6a436
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
5607bc0b49036b5f13acf3f5767e0fb2fb947f5369bda253939e78e2b11f85b4
56545befdf38d8ebd6d73c09b898c6911ef2684434bc1364f7c4c2a8db1f6c1c
56df5bf2317bc2156b954c3fd2913afcce23eb4947c47f3ac401017dc4a0151d
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
5a44bc40527e09426a4c58aa907fdf72074591ea0bcfee1e8c6b2c7056a9eb91
5a922a2c59c77d6ae5ce67413c452540ffe00b468d240ab6928531bab15fce2b
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
5c672a0eb83ebd9310b8cd0e8d3bc5c14af6cc83e932cef5c000908c0671ba0a
5f13d75795dbc9a02d514d38afb282a463efe4698b22c820a040b17c132a6127
619a66b171139705014abb66652b93ba67dba872d941be3aa7372ceb08201dbb
6a55f65c22ab35a8243f6c26495b55dc81e863a099b175b771b3aadc7b3f46be
6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552
6e9bbae711adae334e252ba5292c6ff7be8d734b7ef388236bc2066d2a1e80f7
6f8ea4bfcb15d37d8476e99bd6f64d88cca6fc000b8fa4cf0e06855a4710096d
72996417e47cfa9d2e1d6695c304cc0830d33f5350191ab9d092d93738db9b1c
75e1826a8d1cd5059e09ca0c508d8da3228ecf159fd01316ec34eaef57543357
789e8ae2f43db57070e47d9ab0ec5ba687cd2e3525084d152b001cb17e36d03c
7ad0607daba7c0ddecacb3c696099e761076f147549440a7b3c4baa8f67ddaac
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
7bfb525912849c73e691a90795cb2e3ce02a95afa8b21db37208591610d75849
7c502d550f5fe20eee417decbabf97452005f80d5ffe8933e2b0fe8cbcf33fe9
7c766428dac46814e1fec869d324282ea07cfe306868967aa8a372a3616ed4ed
7d8bd939933062935977eeb7af4d11047164be70e17407be8c754458ae19ba4e
7db8d077fc21c20f1449a2603d524e423cfa25d7df6d5fd845a8e5e883aa227e
801e4325464c76fda11cc9d2ef9837d491cfb00183eca0d7cd36f491d019eb45
81e93e51e78a978d2c4dc717fb236195baba3623fdf924b70513b300914730f6
841a39a0467da2371e471d6606d276adcb6c6f23339dd1d4fff7c4a6db23ca4e
8597ad2e8b2fc6e05e60562da3d66e3b15f1c046ff172983d21912bdf189f10b
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
8cbd18186b68edee7ccf8f12acfd296f3752d51cd0ebc04dff271e9d601d744d
8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
910ab43f73b6073142379650feb6de6f77744c9a418754fab9e8c71b12065c10
930494fef37c0c702073ceeddd12da067bba2824f8eba39e1f9a3c5332bec6b6
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
9ce9e23b2f0aff01f3a20cde4e99e014e306dfb3c420bee920ea9e0f323a6ccc
a03a6cf82bf473066514f09a6d60422cd66f62acfaacb079570dc16fe34bd549
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1050b6624dd64bb43f5b8c093c1363ab2fdc3b0698ee486df2e7d897d2c6ef6
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a5fedaddf8960351b7dcb1bf9b4a2ce58b28a336901d7eebe92b92c9aeb185f8
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b14dd8572d41acd561188da5417cef18c475b3621a03be38f12fe100ef84a795
b3b9f816048eba794278ecb39ff263ac3b7bc55c235b1c6c891c42b11f8435b8
b44fed24004978fb34daa08252ace479cea7ed79c92e8db941cecd95b21a1ec0
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
b5434794dd48d15d9e0a31e0d6b9b64afb739c5835bd1972e84096d1e35f4ed1
b697c4c8e7c22fa7e18ccef66c1bda6610f19ec8c7d1c60fb3696db54ea5362e
b726aa772c609165b5815643b26bb2e91d5d55d337a1cd073a0b9b943d77e869
b8084072016d0b8e5ad1a96a2bd64333d325d0c3ac55f45112bfaf353743ec59
b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bfb50654266cd61ddc1f60811a6f517eddab6abeca093e5369fe0e61dacd32f3
c0b4a76926bdb1cd2207319f82aa00def513ba7d0cbaf57ea4a21b64866f0869
c1ba332c1c476b99b15fde5005ff7881b7dc8f930b0daa85b47ddefaf9d2115b
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c3b557d8a9405227edbfd04c2f2f199168deceb2806059a02abba860054615a5
c44f719750dd68af8862cbcfa4ab17d67bf462fa44992e5043f073af63c72984
c5e2f3bd6de83dae9307b2eb56380edaef01582a4ca721583ce3c745b15c2388
c6bcc71f8a9f5497ccc35e3aa16e00110504488fef71fffea99853274f9d7c86
c93c62ebfd2a7f0e95f77ea558c53c2536ba327c1a28ad4870f2d518476500b6
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cce2184ec089babc70ded47b8474c543f6a5ff013e4bfd9dbae8689489bb13ba
ced16fb84941eb1582822542d082b1911b669ac0c125c3ba47d55e3521a1514c
cf4179f9a669a40a63939143f20729f61b798e084db5124f008170868315281c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50
d12d6916f244b407ef03c8a770d16da6a3aa60adef4d3ad50c6341c32fe841cc
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d491f197645c391fa5f44c565d359352a3b1e714e8cb0c2e71ed0a21588d45bd
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60
d742917b312cdf1c37ee321034219943eee051857fbf60833c90e449c43392c9
d8d035718c0398cf5747619ac3ab6841befefe89040395fe94376d50e1599d29
da777cb7cdc9dbdf45de521b6c9bcd8fd370e17db390438f64ea29def6efca82
da7fd15533dece70af68accd0eae75fc46e3ee044da41bdef69215d375af95c5
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e1132f3948b84a67d82e91f47f44d9d8dbbbe4b8c86bcbcf1c0774bb73ccfbc0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8b637d82026d2410903dd3e07f8f4f8b46fee5cf332769f3e136d7079b5b65b
e9e270584c7610f3031d6db0eeaabb7c4de7f595726d66d2a07844758a9c7b27
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2489dc61786cfcc0a7d81d9ef195c9ad53620928e746388f507f59f76cbb258
f57569593403f502d6e83f7ca44d3371a7f6e9b0c409561f69c73f22eb63f700
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
fba345f22ace7548de35132830525fadbfde71c86c8191fca1b24e6f7dab7eb7
fc0de94620ef9ccacfa68e0c7fef1dd6ad73f7920acd47cc1009713af6f1b703
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a