URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Submission: On July 01 via api from DE — Scanned from DE

Summary

This website contacted 13 IPs in 4 countries across 12 domains to perform 125 HTTP transactions. The main IP is 2a04:4e42:400::740, located in United States and belongs to FASTLY, US. The main domain is www.forcepoint.com. The Cisco Umbrella rank of the primary domain is 281210.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on November 22nd 2023. Valid for: a year.
This is the only time www.forcepoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
105 2a04:4e42:400... 54113 (FASTLY)
5 104.17.25.14 13335 (CLOUDFLAR...)
3 2600:9000:235... 16509 (AMAZON-02)
1 104.18.142.119 13335 (CLOUDFLAR...)
1 1 68.67.153.60 29990 (ASN-APPNEX)
2 2 37.252.171.149 29990 (ASN-APPNEX)
1 2600:9000:206... 16509 (AMAZON-02)
2 104.18.80.204 13335 (CLOUDFLAR...)
2 104.19.175.188 13335 (CLOUDFLAR...)
2 159.89.102.253 14061 (DIGITALOC...)
1 2602:816:5001... 54113 (FASTLY)
1 2400:52e0:1a0... 200325 (BUNNYCDN)
1 162.247.243.29 54113 (FASTLY)
1 185.182.193.176 49981 (WORLDSTREAM)
125 13
Apex Domain
Subdomains
Transfer
105 forcepoint.com
www.forcepoint.com — Cisco Umbrella Rank: 281210
3 MB
5 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 268
96 KB
4 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 5239
forms-na1.hsforms.com — Cisco Umbrella Rank: 8151
16 KB
3 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1313
116 KB
2 simpleanalyticscdn.com
scripts.simpleanalyticscdn.com — Cisco Umbrella Rank: 79317
queue.simpleanalyticscdn.com — Cisco Umbrella Rank: 56557
5 KB
2 geolocation-db.com
geolocation-db.com — Cisco Umbrella Rank: 27103
511 B
2 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 527
2 KB
1 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 311
603 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 900
16 KB
1 ml-api.io
attr.ml-api.io — Cisco Umbrella Rank: 19018
281 B
1 ml-attr.com
s.ml-attr.com — Cisco Umbrella Rank: 16985
283 B
1 hsforms.net
js.hsforms.net — Cisco Umbrella Rank: 7892
156 KB
125 12
Domain Requested by
105 www.forcepoint.com www.forcepoint.com
5 cdnjs.cloudflare.com www.forcepoint.com
3 tags.tiqcdn.com www.forcepoint.com
tags.tiqcdn.com
2 geolocation-db.com cdnjs.cloudflare.com
2 forms-na1.hsforms.com www.forcepoint.com
2 forms.hsforms.com js.hsforms.net
2 secure.adnxs.com 2 redirects
1 queue.simpleanalyticscdn.com
1 bam.nr-data.net js-agent.newrelic.com
1 scripts.simpleanalyticscdn.com www.forcepoint.com
1 js-agent.newrelic.com www.forcepoint.com
1 attr.ml-api.io www.forcepoint.com
1 s.ml-attr.com 1 redirects
1 js.hsforms.net www.forcepoint.com
125 14
Subject Issuer Validity Valid
forcepoint.com
Sectigo RSA Organization Validation Secure Server CA
2023-11-22 -
2024-11-21
a year crt.sh
cdnjs.cloudflare.com
E1
2024-06-02 -
2024-08-31
3 months crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02
2024-03-19 -
2025-04-17
a year crt.sh
hsforms.net
WE1
2024-06-13 -
2024-09-11
3 months crt.sh
hsforms.com
WE1
2024-06-14 -
2024-09-12
3 months crt.sh
geolocation-db.com
R11
2024-06-10 -
2024-09-08
3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2024 Q1
2024-03-21 -
2025-04-22
a year crt.sh
scripts.simpleanalyticscdn.com
R3
2024-05-20 -
2024-08-18
3 months crt.sh
*.nr-data.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-29 -
2024-10-01
a year crt.sh
queue.simpleanalyticscdn.com
R10
2024-06-07 -
2024-09-05
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Frame ID: F6AFD41CCC6D67115D800623AEF26FD2
Requests: 146 HTTP requests in this frame

Screenshot

Page Title

URL shortener in a Microsoft Word file that leads to Remcos

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Page Statistics

125
Requests

99 %
HTTPS

36 %
IPv6

12
Domains

14
Subdomains

13
IPs

4
Countries

3127 kB
Transfer

6564 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID HTTP 302
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=2280562509482168976

125 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request url-shortener-microsoft-word-remcos-rat-trojan
www.forcepoint.com/blog/x-labs/
134 KB
46 KB
Document
General
Full URL
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
629649515666e3906b0dcb77fb2fa1696a4b83b630e2c569a7cd4a097dbe3af8
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com; img-src * data: *; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com *.hubspot.com *.hubspot.net *.demdex.net *.libsyn.com *.youtube.com; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
age
2211
cache-control
public, max-age=3600
content-encoding
gzip
content-language
en
content-length
40227
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com; img-src * data: *; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com *.hubspot.com *.hubspot.net *.demdex.net *.libsyn.com *.youtube.com; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
content-type
text/html; charset=utf-8
date
Mon, 01 Jul 2024 06:44:09 GMT
etag
W/"1719814037-0"
expires
Sun, 19 Nov 1978 05:00:00 GMT
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent
EU
http_x_geo_region
DE-BW
last-modified
Mon, 01 Jul 2024 06:07:17 GMT
link
</sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</misc/throbber-inactive.png>; rel=preload; as=image; type="image/png"; nopush,</misc/throbber-active.gif>; rel=preload; as=image; type="image/gif"; nopush,</misc/grippie.png>; rel=preload; as=image; type="image/png"; nopush,</misc/draggable.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree-bottom.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-ok.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-warning.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-error.png>; rel=preload; as=image; type="image/png"; nopush,</misc/help.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-expanded.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-collapsed.png>; rel=preload; as=image; type="image/png"; nopush,</misc/progress.gif>; rel=preload; as=image; type="image/gif"; nopush,</sites/all/libraries/chosen/chosen-sprite.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/libraries/chosen/chosen-sprite@2x.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png>; rel=preload; as=image; type="image/png"; nopush
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=18410000; includeSubDomains; preload
vary
Accept-Encoding, x-geo-country, Cookie, Cookie
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, HIT, MISS
x-cache-hits
0, 16, 0
x-content-type-options
nosniff
x-drupal-cache
MISS
x-frame-options
SAMEORIGIN
x-generator
Drupal 7 (http://drupal.org)
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-p5mqc
x-served-by
cache-chi-kigq8000039-CHI, cache-fra-etou8220028-FRA, cache-fra-eddf8230117-FRA
x-styx-req-id
2b1fba6e-3770-11ef-ac9d-ee9e1dde6fad
x-timer
S1719816250.640866,VS0,VE4
x-ua-compatible
IE=Edge,chrome=1
x-xss-protection
1
Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized//
18 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:17 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407811
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-prbvz
content-length
18868
x-served-by
cache-chi-kigq8000062-CHI, cache-fra-etou8220029-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816250.666093,VS0,VE4
etag
"667c16d7-49b4"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
cf2381d2-33bf-11ef-8f1c-1edbf4b9e77b
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
3, 412, 0
Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407826
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-p5mqc
content-length
18868
x-served-by
cache-chi-kigq8000080-CHI, cache-fra-etou8220023-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816250.666454,VS0,VE4
etag
"667c16d7-49b4"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c669bbfa-33bf-11ef-b6d0-ee9e1dde6fad
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 1819, 0
Hoves_Medium.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407826
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-llvxv
content-length
18688
x-served-by
cache-chi-klot8100097-CHI, cache-fra-etou8220123-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:44 GMT
server
nginx
x-timer
S1719816250.667038,VS0,VE5
etag
"667c16d8-4900"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c669d5a4-33bf-11ef-9fbf-ee120c8775da
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 1818, 0
Hoves_Regular.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407827
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-6m95f
content-length
18436
x-served-by
cache-chi-klot8100104-CHI, cache-fra-eddf8230135-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816250.667030,VS0,VE5
etag
"667c16d7-4804"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c669861f-33bf-11ef-af3d-7a520cdabf04
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 1815, 0
Hoves_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
19 KB
20 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407826
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-ncjj8
content-length
19656
x-served-by
cache-chi-klot8100074-CHI, cache-fra-etou8220119-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:44 GMT
server
nginx
x-timer
S1719816250.666776,VS0,VE5
etag
"667c16d8-4cc8"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c66a3f4f-33bf-11ef-ad75-f60ce2535107
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 1817, 0
Hoves_Light.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407827
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-z4chc
content-length
18600
x-served-by
cache-chi-kigq8000086-CHI, cache-fra-etou8220108-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816250.667041,VS0,VE4
etag
"667c16d7-48a8"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c66a02e5-33bf-11ef-8526-8245d19189a9
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 1503, 0
Hoves_Light_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
19 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407826
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-x24lf
content-length
19360
x-served-by
cache-chi-klot8100179-CHI, cache-fra-eddf8230097-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816250.667687,VS0,VE4
etag
"667c16d7-4ba0"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c66a4b2e-33bf-11ef-b55f-0a5f4b927256
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 1790, 0
Hoves_ExtraLight.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:27:03 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407827
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-4fsf9
content-length
17944
x-served-by
cache-chi-kigq8000066-CHI, cache-fra-eddf8230083-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:44 GMT
server
nginx
x-timer
S1719816250.667675,VS0,VE5
etag
"667c16d8-4618"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
c66a96f5-33bf-11ef-82b6-0e47c8ff5b51
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 1806, 0
throbber-inactive.png
www.forcepoint.com/misc/
140 B
513 B
Image
General
Full URL
https://www.forcepoint.com/misc/throbber-inactive.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img04-europe-west2
age
1925018
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=320 idim=15x13 ifmt=png ofsz=140 odim=15x13 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-stjgw
content-length
140
x-served-by
cache-chi-kigq8000107-CHI, cache-ams21025-AMS, cache-ams12782-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.704122,VS0,VE2
etag
"CYYfXWQxa+SPObSsE32Xk7Do+LMPmm8BZYCZJK1ZEUA"
vary
Accept
content-type
image/webp
x-styx-req-id
d2013ab4-0758-11ef-98b3-564b3e61d328
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:19:13 GMT
throbber-active.gif
www.forcepoint.com/misc/
1 KB
2 KB
Image
General
Full URL
https://www.forcepoint.com/misc/throbber-active.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4d58ffb4437135b1a4f7b8cbf01321ea85fe244416aed493ea942462f3d58c86
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img03-europe-west2
age
1136704
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=1233 idim=15x13 ifmt=gif ofsz=1233 odim=15x13 ofmt=gif ofrm=12
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-stjgw
content-length
1233
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-klot8100061-CHI, cache-ams21051-AMS, cache-ams12734-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.703991,VS0,VE2
etag
"cciM0uPCYoc09vCSqOmHV4nMniFUM15FCTn0mYxlwCQ"
vary
Accept
content-type
image/gif
x-styx-req-id
eecd9c97-074f-11ef-98b3-564b3e61d328
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 00:15:36 GMT
grippie.png
www.forcepoint.com/misc/
56 B
452 B
Image
General
Full URL
https://www.forcepoint.com/misc/grippie.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img05-europe-west2
age
4114030
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=106 idim=27x5 ifmt=png ofsz=56 odim=27x5 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-qk47f
content-length
56
x-served-by
cache-chi-klot8100115-CHI, cache-ams21049-AMS, cache-ams21073-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.704816,VS0,VE2
etag
"kt9RZLYHWjv58VxK34gY2gtJI3NheIs+DTYX4JV5AGA"
vary
Accept
content-type
image/webp
x-styx-req-id
76960fe1-0759-11ef-8e2f-ce1bcc5ca899
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
draggable.png
www.forcepoint.com/misc/
268 B
589 B
Image
General
Full URL
https://www.forcepoint.com/misc/draggable.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img04-europe-west2
age
1563212
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=268 idim=15x60 ifmt=png ofsz=268 odim=15x60 ofmt=png
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
268
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000056-CHI, cache-ams21037-AMS, cache-ams12734-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.704812,VS0,VE2
etag
"KWIpRFdw6XY1xKLUIvevvjFCVB7MVHDdktcCcAkddP0"
vary
Accept
content-type
image/png
x-styx-req-id
76898ab5-0759-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
tree.png
www.forcepoint.com/misc/
82 B
451 B
Image
General
Full URL
https://www.forcepoint.com/misc/tree.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img01-europe-west2
age
3567437
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=130 idim=80x81 ifmt=png ofsz=82 odim=80x81 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-x5bd7
content-length
82
x-served-by
cache-chi-kigq8000035-CHI, cache-ams21045-AMS, cache-ams21043-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.711972,VS0,VE2
etag
"Z35FTfoaAVemLhiXshryO4rkEzH1KA6bO8GIRsSVaO0"
vary
Accept
content-type
image/webp
x-styx-req-id
769d270e-0759-11ef-ae8b-0a204bd69ae8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
tree-bottom.png
www.forcepoint.com/misc/
78 B
550 B
Image
General
Full URL
https://www.forcepoint.com/misc/tree-bottom.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img08-europe-west2
age
1936102
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=129 idim=80x81 ifmt=png ofsz=78 odim=80x81 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-5wssg
content-length
78
x-served-by
cache-chi-klot8100109-CHI, cache-ams21021-AMS, cache-ams21028-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.711207,VS0,VE3
etag
"JyOt5s8au+dKwuKYWT9ybz2cVW6ZbelcJx3DlTABXvE"
vary
Accept
content-type
image/webp
x-styx-req-id
eef36650-074f-11ef-8b93-f2f52e1bfc3f
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 00:15:36 GMT
message-24-ok.png
www.forcepoint.com/misc/
902 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/misc/message-24-ok.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img06-europe-west2
age
2010430
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=1058 idim=24x24 ifmt=png ofsz=902 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-sp4l8
content-length
902
x-served-by
cache-chi-klot8100043-CHI, cache-ams21069-AMS, cache-ams12750-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.711259,VS0,VE2
etag
"60PoYDt+1vFXU4yAkaVKB1clxMNlUR3MuNzEGSZ9U9Y"
vary
Accept
content-type
image/webp
x-styx-req-id
e9d0538a-073e-11ef-a6dd-5e6873469e9c
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 22:13:46 GMT
message-24-warning.png
www.forcepoint.com/misc/
612 B
979 B
Image
General
Full URL
https://www.forcepoint.com/misc/message-24-warning.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img09-europe-west2
age
2030165
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=753 idim=24x24 ifmt=png ofsz=612 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-2snzw
content-length
612
x-served-by
cache-chi-klot8100163-CHI, cache-ams21073-AMS, cache-ams12751-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.713294,VS0,VE2
etag
"etN9kWF1zriHIse4xor9Tv/e40PLoR3lRGg8xe6tRQE"
vary
Accept
content-type
image/webp
x-styx-req-id
38c734ce-074c-11ef-bd21-e6711c542c27
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 23:49:02 GMT
message-24-error.png
www.forcepoint.com/misc/
614 B
983 B
Image
General
Full URL
https://www.forcepoint.com/misc/message-24-error.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img03-europe-west2
age
2722963
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=733 idim=24x24 ifmt=png ofsz=614 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-wwn9v
content-length
614
x-served-by
cache-chi-kigq8000043-CHI, cache-ams21054-AMS, cache-ams12747-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.711892,VS0,VE4
etag
"gVoMZ8dd1QgL/2SjIwn0GwzJENiBt143AYaoiF4Ws6M"
vary
Accept
content-type
image/webp
x-styx-req-id
76864225-0759-11ef-96e8-7ad7a55b083e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
help.png
www.forcepoint.com/misc/
192 B
515 B
Image
General
Full URL
https://www.forcepoint.com/misc/help.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img05-europe-west2
age
1919426
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=294 idim=16x16 ifmt=png ofsz=192 odim=16x16 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-nfg5w
content-length
192
x-served-by
cache-chi-klot8100132-CHI, cache-ams21052-AMS, cache-ams12742-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.710588,VS0,VE2
etag
"v6al66PXjd/2WqSfHyL2pCCxkfKAcJfvgCU3I6pbO+4"
vary
Accept
content-type
image/webp
x-styx-req-id
7684955d-0759-11ef-bfc9-82a8b8e523a0
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
menu-expanded.png
www.forcepoint.com/misc/
46 B
447 B
Image
General
Full URL
https://www.forcepoint.com/misc/menu-expanded.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 55, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img03-europe-west2
age
1741722
http_x_geo_region
DE-BW
x-cache
HIT, HIT, HIT, HIT
fastly-io-info
ifsz=106 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-rvvcb
content-length
46
x-served-by
cache-chi-klot8100163-CHI, cache-ams21032-AMS, cache-ams12749-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.714628,VS0,VE2
etag
"lnOeF6KlRRR5aM+MCm3C8DB9Vu1cySrSTIEOJY+eTS4"
vary
Accept
content-type
image/webp
x-styx-req-id
767b0174-0759-11ef-b67f-0ae317fe726a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
menu-collapsed.png
www.forcepoint.com/misc/
46 B
412 B
Image
General
Full URL
https://www.forcepoint.com/misc/menu-collapsed.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img01-europe-west2
age
2940462
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=105 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-x5bd7
content-length
46
x-served-by
cache-chi-kigq8000091-CHI, cache-ams21034-AMS, cache-ams21028-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.711188,VS0,VE6
etag
"HJgRuOhWhAFgOazVOW2HjRFb16cHmG+HSX+vLor86a0"
vary
Accept
content-type
image/webp
x-styx-req-id
75fa540b-0759-11ef-ae8b-0a204bd69ae8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:48 GMT
progress.gif
www.forcepoint.com/misc/
6 KB
6 KB
Image
General
Full URL
https://www.forcepoint.com/misc/progress.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
91997f03543fdd296c85e60feede1e3df0e950aca03698583ff2870869a2dc0b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img05-europe-west2
age
1397276
http_x_geo_region
DE-BW
x-cache
HIT, HIT, HIT, HIT
fastly-io-info
ifsz=5872 idim=20x40 ifmt=gif ofsz=5872 odim=20x40 ofmt=gif ofrm=20
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
5872
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-klot8100021-CHI, cache-ams21053-AMS, cache-ams21022-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.711176,VS0,VE3
etag
"KSQIcjJuPSqTVV6Yjqa330VSb5j46NEcKLjR3ejGL1A"
vary
Accept
content-type
image/gif
x-styx-req-id
769b8111-0759-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
chosen-sprite.png
www.forcepoint.com/sites/all/libraries/chosen/
430 B
741 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 5, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img07-europe-west2
age
2799875
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=538 idim=52x37 ifmt=png ofsz=430 odim=52x37 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
430
x-served-by
cache-chi-klot8100058-CHI, cache-ams21062-AMS, cache-ams12724-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.711892,VS0,VE3
etag
"pCuJ3WEDsPQPzkbIkY90U4TfuAo3yBgHEEN2IOPELGY"
vary
Accept
content-type
image/webp
x-styx-req-id
860e9f46-0742-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 22:39:37 GMT
chosen-sprite@2x.png
www.forcepoint.com/sites/all/libraries/chosen/
628 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 5, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img06-europe-west2
age
1996146
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=738 idim=104x74 ifmt=png ofsz=628 odim=104x74 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-969xc
content-length
628
x-served-by
cache-chi-klot8100088-CHI, cache-ams21032-AMS, cache-ams12759-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.710459,VS0,VE2
etag
"1954vZ3omyWtqZWjx3EPpQPU3ZMgJvFFfwvKeF5rhm0"
vary
Accept
content-type
image/webp
x-styx-req-id
7697473a-0759-11ef-8c7d-8e78efa3e15b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
ui-bg_flat_75_ffffff_40x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
44 B
529 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 5, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img07-europe-west2
age
2051704
http_x_geo_region
DE-BW
x-cache
MISS, HIT, HIT, HIT
fastly-io-info
ifsz=178 idim=40x100 ifmt=png ofsz=44 odim=40x100 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
44
x-served-by
cache-chi-kigq8000066-CHI, cache-ams21029-AMS, cache-ams12723-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.710453,VS0,VE3
etag
"O9SdHkbja5Mmzi4DWOWJdZgUQirITGa5uuAK5R/QoyM"
vary
Accept
content-type
image/webp
x-styx-req-id
e880855f-0768-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 03:14:23 GMT
ui-bg_highlight-soft_75_cccccc_1x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
54 B
562 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 0, 5, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img03-europe-west2
age
4140848
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=101 idim=1x100 ifmt=png ofsz=54 odim=1x100 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-z9kn6
content-length
54
x-served-by
cache-chi-kigq8000036-CHI, cache-ams21053-AMS, cache-ams12766-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.710404,VS0,VE9
etag
"SVL3LfYtpcUTzNEo8mHT+EoBDkNcvK2l7xiLlLE7P6w"
vary
Accept
content-type
image/webp
x-styx-req-id
79be48f5-07bc-11ef-b06b-3246cedab68e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:12:34 GMT
ui-bg_glass_75_e6e6e6_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
78 B
494 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 0, 5, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img01-europe-west2
age
1031783
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=110 idim=1x400 ifmt=png ofsz=78 odim=1x400 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-vj962
content-length
78
x-served-by
cache-chi-kigq8000098-CHI, cache-ams21026-AMS, cache-ams12763-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.710375,VS0,VE5
etag
"4s1MwOZKDfGEu/a/SFo57USn639l3MbW8dYbzZPyEag"
vary
Accept
content-type
image/webp
x-styx-req-id
79be7b6b-07bc-11ef-891e-fad2edf62dbb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:12:34 GMT
ui-bg_glass_75_dadada_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
84 B
429 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 0, 5, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img07-europe-west2
age
1557485
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=111 idim=1x400 ifmt=png ofsz=84 odim=1x400 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-m45gq
content-length
84
x-served-by
cache-chi-klot8100024-CHI, cache-ams21047-AMS, cache-ams21038-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.712261,VS0,VE2
etag
"msf+sm6St45S//5aPCnGaIqq4DmKLsS3uxv+ikcGyuY"
vary
Accept
content-type
image/webp
x-styx-req-id
df701124-0757-11ef-9cb5-de9f5536d504
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:12:26 GMT
css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 341, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
312344
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
2109
x-served-by
cache-chi-kigq8000159-CHI, cache-fra-etou8220141-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000159_CHI
last-modified
Tue, 05 Mar 2024 06:05:49 GMT
server
nginx
x-timer
S1719816250.685731,VS0,VE5
etag
W/"65e6b63d-1797"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e591bfd4-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
11 KB
3 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 1370, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407813
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-l79x9
content-length
2662
x-served-by
cache-chi-kigq8000165-CHI, cache-fra-eddf8230033-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000165_CHI
last-modified
Tue, 05 Mar 2024 06:05:43 GMT
server
nginx
x-timer
S1719816250.685712,VS0,VE5
etag
W/"65e6b637-2d9a"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d7fb4f8a-f1d7-11ee-a7b0-d6145dabcebb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:03 GMT
css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
789 B
827 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1553, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407827
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-z27mm
content-length
405
x-served-by
cache-chi-kigq8000114-CHI, cache-fra-eddf8230127-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:43 GMT
server
nginx
x-timer
S1719816250.686010,VS0,VE4
etag
W/"65e6b637-315"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d80591ea-f1d7-11ee-8a97-36bf4d504f37
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:03 GMT
css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
14 KB
3 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1555, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407827
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-kk5rj
content-length
2632
x-served-by
cache-chi-klot8100179-CHI, cache-fra-eddf8230036-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100179_CHI
last-modified
Tue, 05 Mar 2024 06:05:45 GMT
server
nginx
x-timer
S1719816250.686047,VS0,VE5
etag
W/"65e6b639-3962"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d721e3ae-f1d7-11ee-b87b-f2654297ce89
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
512 B
512 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
2, 1551, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407827
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-m255z
content-length
230
x-served-by
cache-chi-kigq8000068-CHI, cache-fra-etou8220042-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000068_CHI
last-modified
Tue, 05 Mar 2024 06:05:46 GMT
server
nginx
x-timer
S1719816250.685992,VS0,VE4
etag
W/"65e6b63a-200"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d804a972-f1d7-11ee-976d-4e9dd3d547b2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:03 GMT
css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
3 KB
1 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 342, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407812
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
1172
x-served-by
cache-chi-kigq8000154-CHI, cache-fra-etou8220065-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000154_CHI
last-modified
Tue, 05 Mar 2024 06:05:52 GMT
server
nginx
x-timer
S1719816250.702556,VS0,VE5
etag
W/"65e6b640-c8c"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e591a2ff-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
506 B
618 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 343, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407812
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-fn6sp
content-length
175
x-served-by
cache-chi-kigq8000153-CHI, cache-fra-etou8220116-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000153_CHI
last-modified
Tue, 05 Mar 2024 06:05:53 GMT
server
nginx
x-timer
S1719816250.702572,VS0,VE5
etag
W/"65e6b641-1fa"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e596f71a-f1d7-11ee-89fc-2e39b17a00a2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
454 B
573 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 331, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407812
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-97hrc
content-length
221
x-served-by
cache-chi-klot8100165-CHI, cache-fra-etou8220130-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100165_CHI
last-modified
Tue, 05 Mar 2024 06:05:54 GMT
server
nginx
x-timer
S1719816250.703433,VS0,VE5
etag
W/"65e6b642-1c6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e59403e9-f1d7-11ee-9c8c-7a18807b770d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
502 B
651 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1196, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407812
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
252
x-served-by
cache-chi-klot8100023-CHI, cache-fra-eddf8230057-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100023_CHI
last-modified
Tue, 05 Mar 2024 06:05:55 GMT
server
nginx
x-timer
S1719816250.705999,VS0,VE13
etag
W/"65e6b643-1f6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e592fe3d-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
5 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 184, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407746
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
2091
x-served-by
cache-chi-klot8100098-CHI, cache-fra-etou8220066-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:05:56 GMT
server
nginx
x-timer
S1719816250.703433,VS0,VE5
etag
W/"65e6b644-1218"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e5943fb9-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
128 B
462 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1451, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407827
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-j9qgk
content-length
118
x-served-by
cache-chi-kigq8000036-CHI, cache-fra-eddf8230055-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000036_CHI
last-modified
Tue, 05 Mar 2024 06:05:47 GMT
server
nginx
x-timer
S1719816250.704000,VS0,VE5
etag
W/"65e6b63b-80"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e599bfb1-f1d7-11ee-8caf-72f948985f1d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
203 B
409 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 340, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407812
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
137
x-served-by
cache-chi-klot8100122-CHI, cache-fra-etou8220150-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100122_CHI
last-modified
Tue, 05 Mar 2024 06:05:56 GMT
server
nginx
x-timer
S1719816250.704676,VS0,VE4
etag
W/"65e6b644-cb"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e59b82f5-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
99 B
400 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
21, 343, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407812
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
100
x-served-by
cache-chi-klot8100084-CHI, cache-fra-etou8220147-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:58 GMT
server
nginx
x-timer
S1719816250.705264,VS0,VE4
etag
W/"65e6b646-63"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e593f98b-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
493 KB
118 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 1563, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407827
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-2j9t5
content-length
120174
x-served-by
cache-chi-kigq8000100-CHI, cache-fra-etou8220150-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000100_CHI
last-modified
Tue, 05 Mar 2024 06:05:48 GMT
server
nginx
x-timer
S1719816250.705630,VS0,VE4
etag
W/"65e6b63c-7b4f7"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d80a6483-f1d7-11ee-aed0-566d988ffce8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:04 GMT
css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
2 MB
300 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8117b5d7ba159bfb0cf341d96a566b4b06c466a0038eca2273a8533b1536e019
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sat, 21 Jun 2025 13:27:13 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407812
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-56d7969b4f-nzfgb
content-length
307198
x-served-by
cache-chi-kigq8000037-CHI, cache-fra-eddf8230069-FRA, cache-fra-eddf8230117-FRA
last-modified
Thu, 20 Jun 2024 13:27:07 GMT
server
nginx
x-timer
S1719816250.703369,VS0,VE5
etag
W/"66742e2b-1f7287"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
ce42fc2e-2f08-11ef-b403-3a4931867672
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
11, 26, 0
css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ee27e3cdc69e172aac4b82b3f20d30a2e9b8fc56e7154475292f0ce338b8a5a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1189, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407746
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
1421
x-served-by
cache-chi-kigq8000092-CHI, cache-fra-eddf8230025-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000092_CHI
last-modified
Tue, 05 Mar 2024 06:05:59 GMT
server
nginx
x-timer
S1719816250.716400,VS0,VE5
etag
W/"65e6b647-19a6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e5937e66-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
forcepoint.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/forcepoint.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
4, 902, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407827
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-cr9cd
content-length
783
x-served-by
cache-chi-klot8100172-CHI, cache-fra-eddf8230106-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816250.703268,VS0,VE5
etag
W/"667c16d7-6ad"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
c6a01b99-33bf-11ef-a454-563f282b1988
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Jun 2025 13:27:03 GMT
about_us_0.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/about_us_0.svg?itok=3xrS9jXe
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
6, 706, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407826
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-8gp4k
content-length
866
x-served-by
cache-chi-kigq8000108-CHI, cache-fra-etou8220154-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000108_CHI
last-modified
Wed, 18 Oct 2023 11:53:36 GMT
server
nginx
x-timer
S1719816250.703251,VS0,VE5
etag
W/"652fc740-76e"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d8a73d5e-f1d7-11ee-96a4-d2ef4ea261cb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:05 GMT
our_approach_0.svg
www.forcepoint.com/sites/default/files/
3 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/our_approach_0.svg?itok=XjvgKmGS
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 701, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407825
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
1012
x-served-by
cache-chi-klot8100045-CHI, cache-fra-eddf8230075-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100045_CHI
last-modified
Wed, 18 Oct 2023 11:53:58 GMT
server
nginx
x-timer
S1719816250.705594,VS0,VE4
etag
W/"652fc756-a97"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d725995a-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
our_customers_0.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/our_customers_0.svg?itok=pljm0BZO
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
7, 614, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407825
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-z27mm
content-length
913
x-served-by
cache-chi-kigq8000075-CHI, cache-fra-etou8220064-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000075_CHI
last-modified
Wed, 18 Oct 2023 11:54:19 GMT
server
nginx
x-timer
S1719816250.704111,VS0,VE4
etag
W/"652fc76b-9af"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db834eb6-f1d7-11ee-8a97-36bf4d504f37
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon_12.svg
www.forcepoint.com/sites/default/files/
1 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon_12.svg?itok=mLSyqP7-
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
7, 702, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407825
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-l79x9
content-length
725
x-served-by
cache-chi-kigq8000075-CHI, cache-fra-etou8220141-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000075_CHI
last-modified
Mon, 18 Mar 2024 16:01:42 GMT
server
nginx
x-timer
S1719816250.713263,VS0,VE5
etag
W/"65f86566-5ed"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db750a4b-f1d7-11ee-a7b0-d6145dabcebb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon-hover_12.svg
www.forcepoint.com/sites/default/files/
1 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon-hover_12.svg?itok=lvMOGlA6
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
7, 700, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407825
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-kk5rj
content-length
737
x-served-by
cache-chi-kigq8000131-CHI, cache-fra-eddf8230026-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000131_CHI
last-modified
Mon, 18 Mar 2024 16:01:47 GMT
server
nginx
x-timer
S1719816250.712738,VS0,VE5
etag
W/"65f8656b-5fb"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db770500-f1d7-11ee-b87b-f2654297ce89
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon_0.svg
www.forcepoint.com/sites/default/files/
1 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon_0.svg?itok=eKi29PlI
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 700, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407825
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-z27mm
content-length
725
x-served-by
cache-chi-kigq8000060-CHI, cache-fra-etou8220025-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Wed, 18 Oct 2023 11:35:43 GMT
server
nginx
x-timer
S1719816250.712632,VS0,VE5
etag
W/"652fc30f-5ed"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db7b0db8-f1d7-11ee-8a97-36bf4d504f37
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon-hover_0.svg
www.forcepoint.com/sites/default/files/
1 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon-hover_0.svg?itok=ecRnPBsZ
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
6, 701, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407825
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-6v4d5
content-length
737
x-served-by
cache-chi-kigq8000145-CHI, cache-fra-eddf8230132-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000145_CHI
last-modified
Wed, 18 Oct 2023 11:35:50 GMT
server
nginx
x-timer
S1719816250.714014,VS0,VE5
etag
W/"652fc316-5fb"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d8a93da4-f1d7-11ee-b900-62d8d57276c4
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:05 GMT
cyber_edu_icon.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/cyber_edu_icon.svg?itok=XXkKE01K
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 701, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407825
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
813
x-served-by
cache-chi-klot8100039-CHI, cache-fra-etou8220137-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100039_CHI
last-modified
Wed, 18 Oct 2023 12:02:27 GMT
server
nginx
x-timer
S1719816250.712616,VS0,VE5
etag
W/"652fc953-9a9"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d721c0d1-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
cyber_edu_icon-hover.svg
www.forcepoint.com/sites/default/files/
3 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/cyber_edu_icon-hover.svg?itok=ymKcsOZ4
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2528d731c4e61e67f78982f202d1de7e6f7a234117b4d9c98325c27e33c6e1d3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 696, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407826
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-5zbrs
content-length
869
x-served-by
cache-chi-kigq8000147-CHI, cache-fra-etou8220138-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Wed, 18 Oct 2023 12:02:37 GMT
server
nginx
x-timer
S1719816250.712536,VS0,VE6
etag
W/"652fc95d-b0c"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
dc5b370e-f1d7-11ee-bbb7-623f168e5bfe
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:11 GMT
remcos.jpg
www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/
47 KB
48 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/remcos.jpg?itok=XWFEbG-M&timestamp=1719232019
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b486e01022c2460a86538a67510d4f39ce41e9dd5050a3d9578ec6f4c054f8ec
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
vpop-etou8240194
age
580591
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=49888 idim=1180x346 ifmt=jpeg ofsz=48148 odim=1180x346 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-lk559
content-length
48148
x-served-by
cache-chi-klot8100155-CHI, cache-ams2100130-AMS, cache-ams2100135-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.713462,VS0,VE2
etag
"F2ZaRqJk0daflRfM97xFkdxMqC80bQbsMHZ6zAMLKSA"
vary
Accept
content-type
image/webp
x-styx-req-id
869891a0-322d-11ef-be6b-420e4ed0c032
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:27:38 GMT
url_shortener_ms_file_xlabs_i_1-v2.jpg
www.forcepoint.com/sites/default/files/
17 KB
17 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_1-v2.jpg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fe7d3ca3e17134925638b03cba3263b8da913e73bf270bf48fda841b2c8ad761
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img05-europe-west3
age
581193
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=105667 idim=800x953 ifmt=jpeg ofsz=17382 odim=800x953 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-prbvz
content-length
17382
x-served-by
cache-chi-kigq8000073-CHI, cache-ams2100102-AMS, cache-ams21031-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.712175,VS0,VE2
etag
"7SVxGRTsRsD5DU30HaPYBDN93bomOXFsQX/LHmWXXdk"
vary
Accept
content-type
image/webp
x-styx-req-id
1fd6a34a-322c-11ef-9a99-1edbf4b9e77b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:36 GMT
url_shortener_ms_file_xlabs_i_2.png
www.forcepoint.com/sites/default/files/
315 KB
316 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_2.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6aa75e0e135df761bc11a0e1231af1ef27a5b7fe5985714865f35781286b42e9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img05-europe-west3
age
581192
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=445150 idim=1444x609 ifmt=png ofsz=322528 odim=1444x609 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-ncjj8
content-length
322528
x-served-by
cache-chi-klot8100131-CHI, cache-ams2100098-AMS, cache-ams21035-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.714450,VS0,VE2
etag
"d5h+klWK/c7FrFheTTDNPoHf9RZz9vZzXQ3zYK0Ag68"
vary
Accept
content-type
image/webp
x-styx-req-id
20160127-322c-11ef-ad75-f60ce2535107
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_3.png
www.forcepoint.com/sites/default/files/
39 KB
40 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_3.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fdc11521f5009cca4ba4c329f0ab9a94273191d33239245d16f484ccbbff23d1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img02-europe-west3
age
581192
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=88530 idim=605x658 ifmt=png ofsz=40326 odim=605x658 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-prbvz
content-length
40326
x-served-by
cache-chi-klot8100150-CHI, cache-ams2100117-AMS, cache-ams2100096-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.714420,VS0,VE2
etag
"wXvHW4YabVL2AfDEgggP0bxYC3oJAyiFtk9V5vhiAkA"
vary
Accept
content-type
image/webp
x-styx-req-id
2020a90c-322c-11ef-9a99-1edbf4b9e77b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_4.png
www.forcepoint.com/sites/default/files/
199 KB
200 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_4.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
365e944c8e49f6e24235dabb2633d0f154ef6a8ef077a8abfe29a6847ae1153a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img05-europe-west3
age
581193
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=267689 idim=828x522 ifmt=png ofsz=203952 odim=828x522 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-llvxv
content-length
203952
x-served-by
cache-chi-klot8100172-CHI, cache-ams21051-AMS, cache-ams2100145-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.714885,VS0,VE3
etag
"SnfZyKFrn7g7K10KsEnCFXqiSGvmtQKty6oQjAwzi0c"
vary
Accept
content-type
image/webp
x-styx-req-id
20232f76-322c-11ef-b79f-ee120c8775da
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_5.png
www.forcepoint.com/sites/default/files/
162 KB
163 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_5.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
74a6ba58527ccbbde80b52bb6b23dd5671a4a72199fe789324786d15d6fa9a24
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img03-europe-west3
age
581192
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=204427 idim=948x411 ifmt=png ofsz=166150 odim=948x411 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-w9nrv
content-length
166150
x-served-by
cache-chi-kigq8000044-CHI, cache-ams2100100-AMS, cache-ams2100130-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.715599,VS0,VE2
etag
"zshYMnvqesS4N24wNRT5g8dW6vY2dr7FffVrMqSETho"
vary
Accept
content-type
image/webp
x-styx-req-id
2028ab18-322c-11ef-b993-de70e4427182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_6.png
www.forcepoint.com/sites/default/files/
44 KB
45 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_6.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
afe5695ceec4f19c701784c442de76dc711f61482071b8f860bb1608380bc8b5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
vpop-etou8240194
age
581192
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=114045 idim=948x353 ifmt=png ofsz=45538 odim=948x353 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-ct69k
content-length
45538
x-served-by
cache-chi-kigq8000039-CHI, cache-ams21072-AMS, cache-ams2100142-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.716468,VS0,VE2
etag
"cfBum3WxXrzMpjRlESCQfwdNZNbNjYvADjmedfK8LSY"
vary
Accept
content-type
image/webp
x-styx-req-id
202315e3-322c-11ef-b7ec-065f8a95e18c
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_7.png
www.forcepoint.com/sites/default/files/
39 KB
39 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_7.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f1b6cef797b1f839c2db70c44e77b6e0551cba4e22c5f7b056fcb805468b613
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
vpop-etou8240193
age
581192
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=76711 idim=951x328 ifmt=png ofsz=39984 odim=951x328 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-h68wv
content-length
39984
x-served-by
cache-chi-kigq8000106-CHI, cache-ams21035-AMS, cache-ams2100133-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.712063,VS0,VE2
etag
"E0nTLGQVejF9I+JPXrT1rl0nue8wOAsvX/88MxUWfMA"
vary
Accept
content-type
image/webp
x-styx-req-id
20231e69-322c-11ef-bacb-5e8344290807
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_8.png
www.forcepoint.com/sites/default/files/
78 KB
79 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_8.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3d71af35f2b359f1b23e69e6fb08b67a73db8dc5907a7bf83d87b62849ed3b3b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
vpop-etou8240195
age
581192
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=86768 idim=582x326 ifmt=png ofsz=79904 odim=582x326 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-cxdcg
content-length
79904
x-served-by
cache-chi-kigq8000054-CHI, cache-ams2100142-AMS, cache-ams21065-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.721016,VS0,VE2
etag
"pyh1leYjmlkDOtqryhGPE54Gdl84kP1cIsSdvOa0k2s"
vary
Accept
content-type
image/webp
x-styx-req-id
2023264e-322c-11ef-942b-6a153845af30
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_9.png
www.forcepoint.com/sites/default/files/
172 KB
172 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_9.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
273da5f5372f7eca262d218c1b3a1b0a7055dad4843e7cf485cf7804d8aa0ca4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
vpop-etou8240196
age
581192
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=229302 idim=599x257 ifmt=png ofsz=176152 odim=599x257 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-ct69k
content-length
176152
x-served-by
cache-chi-kigq8000135-CHI, cache-ams21036-AMS, cache-ams21041-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.721005,VS0,VE2
etag
"ZK5vWPTQmrVXDpfN+aL9muvdsTJFaAMd2cFPGDZN0XU"
vary
Accept
content-type
image/webp
x-styx-req-id
202381ce-322c-11ef-b7ec-065f8a95e18c
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_10.png
www.forcepoint.com/sites/default/files/
23 KB
23 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_10.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
353db1686dfd23728735c8f83a8382b37b37f1243ca1ee2ef2f7241341f2e1e4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
vpop-etou8240193
age
581192
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=36167 idim=601x130 ifmt=png ofsz=23266 odim=601x130 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-6m95f
content-length
23266
x-served-by
cache-chi-kigq8000077-CHI, cache-ams2100100-AMS, cache-ams21063-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.721664,VS0,VE1
etag
"3jDUa28hecKxwsIzbF9aV2EMfqR31hpAKs4GbOWIzdg"
vary
Accept
content-type
image/webp
x-styx-req-id
2022f9d5-322c-11ef-a182-7a520cdabf04
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_11.png
www.forcepoint.com/sites/default/files/
275 KB
275 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_11.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
87649ba070f4b18de6d9d8824f7a347d4842b913451fddde49bfdb163ae2e12a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
vpop-etou8240196
age
581357
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS, HIT
fastly-io-info
ifsz=370812 idim=1081x482 ifmt=png ofsz=281090 odim=1081x482 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-w9nrv
content-length
281090
x-served-by
cache-chi-kigq8000041-CHI, cache-ams21039-AMS, cache-ams21060-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.721673,VS0,VE2
etag
"mKkjbVo+60hxqOwHSsXW7Wu5LTZXMJM8lUvdQ2LlD+c"
vary
Accept
content-type
image/webp
x-styx-req-id
be186572-322b-11ef-b993-de70e4427182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:14:52 GMT
url_shortener_ms_file_xlabs_i_12.png
www.forcepoint.com/sites/default/files/
122 KB
122 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_12.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
dd7fe585c74e77b78c21455683a55283fe4f723875c825a1c676e1347ba54ab3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img04-europe-west3
age
581192
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=164157 idim=1222x566 ifmt=png ofsz=124494 odim=1222x566 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-4fsf9
content-length
124494
x-served-by
cache-chi-kigq8000028-CHI, cache-ams2100108-AMS, cache-ams21022-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.727059,VS0,VE3
etag
"Pan41FY3BfR+w1lgx1T/Brapl4HMlottlLd0zQX6CsE"
vary
Accept
content-type
image/webp
x-styx-req-id
2029ccf5-322c-11ef-82b6-0e47c8ff5b51
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
url_shortener_ms_file_xlabs_i_13.png
www.forcepoint.com/sites/default/files/
128 KB
129 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/url_shortener_ms_file_xlabs_i_13.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1a551853bab605782355fae523df4ddad8f3ec86be2e9654278282b154490cc2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img03-europe-west3
age
581192
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=173257 idim=1053x393 ifmt=png ofsz=131538 odim=1053x393 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-p5mqc
content-length
131538
x-served-by
cache-chi-klot8100114-CHI, cache-ams2100087-AMS, cache-ams21042-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.725667,VS0,VE6
etag
"quOqBzZpzPns+RRLjsT8g5NYuunGnoCnvSYXOxKX9J8"
vary
Accept
content-type
image/webp
x-styx-req-id
20281448-322c-11ef-a649-ee9e1dde6fad
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 13:17:37 GMT
placeholder_image.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
34 B
541 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/placeholder_image.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 1, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img08-europe-west2
age
1563209
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=1272 idim=20x20 ifmt=png ofsz=34 odim=20x20 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-5j69z
content-length
34
x-served-by
cache-chi-kigq8000157-CHI, cache-ams21040-AMS, cache-ams21022-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.726374,VS0,VE3
etag
"1Cw1g26qcqy/qXiETpkqMbr8ayhbr57dIxJ0jC+RrrE"
vary
Accept
content-type
image/webp
x-styx-req-id
28491965-0742-11ef-8b9d-16ab02f7e8e2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 22:36:59 GMT
xlabs_html_masquerading_hero.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/
23 KB
24 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/xlabs_html_masquerading_hero.jpg?itok=2gIxoLip&timestamp=1716422629
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
59976a805bd708c7009f31a3cd7a86357c53b1f2331d2f2997d0db350b9bb32b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 1, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
vpop-etou8240193
age
1557940
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=23903 idim=570x270 ifmt=jpeg ofsz=23903 odim=570x270 ofmt=jpeg
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-67997c6b59-7tkcr
content-length
23903
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000068-CHI, cache-ams21028-AMS, cache-ams2100131-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.724968,VS0,VE8
etag
"OvNJbKbS9BsYY3A+jpX6UDbrLPde7v94aCOY6aCmyTM"
vary
Accept
content-type
image/jpeg
x-styx-req-id
54323768-2277-11ef-b2a9-de862396ff34
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 05 Jun 2025 13:35:38 GMT
metamorfo.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/
20 KB
20 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/metamorfo.jpg?itok=2hdrV4LI&timestamp=1715862746
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
61cbf8a09d67fc91bd97e439ecb5b880e5b0ea421fdcb9190d5da2f4c8890aa5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 51, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
vpop-etou8240195
age
1204717
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=20480 idim=570x270 ifmt=jpeg ofsz=20480 odim=570x270 ofmt=jpeg
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-55987d54bd-sbxbq
content-length
20480
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-klot8100163-CHI, cache-ams2100144-AMS, cache-ams21073-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.725262,VS0,VE2
etag
"o5gUs/gM/6PF8KxB8xS2CI2m8z/tJNSW4KmOVrptZOs"
vary
Accept
content-type
image/jpeg
x-styx-req-id
5e8c7cd3-2c80-11ef-a275-5e4d677334db
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 18 Jun 2025 08:05:32 GMT
photoshop_ai_header-green.jpg
www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/
6 KB
6 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/photoshop_ai_header-green.jpg?itok=8hLu2US7
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
06253733aa87841e74e8076ca1a74c6b8a5eed79057c8dc2812e8f622cbdd45e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
vpop-etou8240195
age
498246
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=5882 idim=199x111 ifmt=jpeg ofsz=5882 odim=199x111 ofmt=jpeg
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-h68wv
content-length
5882
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000025-CHI, cache-ams21040-AMS, cache-ams2100086-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.726703,VS0,VE1
etag
"Y6htgqRKYVV6fCxh29+UgVVRJbGoqqD03HeXx0cVYxs"
vary
Accept
content-type
image/jpeg
x-styx-req-id
404d8316-32ed-11ef-bacb-5e8344290807
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 26 Jun 2025 12:20:03 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/
88 KB
28 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
912335
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
28035
last-modified
Wed, 08 Mar 2023 16:05:42 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"6408b256-6d83"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8n18IuiLeZ7AMJ777zJb2XXSRvdE292WqhXo5hWfY186TIOblidNXRf3emrQhPz%2BY%2Fc5LUG9r8bPwHaWu7PqkTkuU3I%2BScT5BB1KhNz%2Fi%2F3Gu2NqTtjKHUoa%2BRfW11yfrBIXppyI"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89c46d08cc3e2bf2-FRA
expires
Sat, 21 Jun 2025 06:44:09 GMT
jquery-migrate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.4.1/
13 KB
5 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.4.1/jquery-migrate.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
20460
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4374
last-modified
Fri, 24 Feb 2023 02:37:49 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"63f822fd-1116"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ukhSAfw1mIpnvc%2Bgd%2B7Tvl%2Fj%2BbDVtG07QLNvArWyBEIaRZJbz65NpjJS7aEb%2BOF71CN7F1OH%2BnQYlRfa5t1J33HUad11ZEiQFvUSMYLnegxFO9gc4dBS0hrc5OwVWrw1QifKRUBw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89c46d08cc402bf2-FRA
expires
Sat, 21 Jun 2025 06:44:09 GMT
jquery-ui.min.js
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/
249 KB
56 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
919940
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
56990
last-modified
Fri, 29 Jul 2022 20:40:53 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"62e445d5-de9e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JKqP10EtgoINGTxRVWPZw3MH%2B%2Ba7zm690pzSvCidV9fMerV8qdOuGk9w9j%2BPvqiqACt%2F0O848a92OAnt5MDD8oQD1fnqaZNHgh3j3e181KtCPxtJ%2B3ZX6MflVkO6fO9bESXYA6ST"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89c46d08cc362bf2-FRA
expires
Sat, 21 Jun 2025 06:44:09 GMT
jquery.cookie.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/
1 KB
1 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
912310
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
591
last-modified
Mon, 04 May 2020 16:11:45 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec1-514"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jKUpUglBcBVdFOcVC1gVQaTjwWWcvfFZYOBXuhJgsJ6zNnki2cFlm%2FOSx2hGnVcuERfOJ4jlCl2URk4uM8y4GUJ7wIY2NlD1a3Mbg%2Bmve921iYERX5YehapOw03TMgGvP760LK5Y"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89c46d08cc372bf2-FRA
expires
Sat, 21 Jun 2025 06:44:09 GMT
jquery.form.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.form/4.3.0/
17 KB
6 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.form/4.3.0/jquery.form.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3242362
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5719
last-modified
Sun, 07 Jun 2020 05:05:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5edc7595-42c6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qrzvj15XZDEpVi%2FdwsNcycu3SSAsx4Ipt%2BZVv3h6iFM3ulPuJDIBVsczVqounNqNvPFIxmluuQ2KvcYLf0j%2FZdZcYdVBMYbUoG%2FxEmb%2B3%2BWh29hxl%2FN7uFjM1mc6BJnTm7RPMmHa"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89c46d08cc3b2bf2-FRA
expires
Sat, 21 Jun 2025 06:44:09 GMT
utag.sync.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/
17 KB
5 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:7600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9a363427efaa6cd56ae165653d1070e96c6b804c99253d1cde1488da66f7af69

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
f7XlDKALolka7PsLnulZvA_cVYX85BNV
content-encoding
br
via
1.1 d2c570942164f5ee69dab53f43b0f1d2.cloudfront.net (CloudFront)
date
Mon, 01 Jul 2024 06:41:18 GMT
last-modified
Thu, 13 Jun 2024 14:02:24 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
172
x-amz-server-side-encryption
AES256
etag
W/"a7ad28ce871f50adcd1baf2802161690"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
0KQIAwq9GfJK6o55J7dWAgu1wcCGoheWNplBYy1Ga1emVKm9poY8hg==
v2.js
js.hsforms.net/forms/
482 KB
156 KB
Script
General
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.142.119 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
age
237
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=89c4673eec81a034-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.5387/bundles/project-v2.js
date
Mon, 01 Jul 2024 06:44:09 GMT
x-amz-version-id
mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-content-type-options
nosniff
cf-cache-status
HIT
via
1.1 c0b0d7167cc2eb52d8d154aa7fc03a0a.cloudfront.net (CloudFront)
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
377f911d-0a85-4517-9a70-872d1cddb9a0
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
377f911d-0a85-4517-9a70-872d1cddb9a0
last-modified
Thu, 06 Jun 2024 13:36:59 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lc1f0OUx5obtYyZUookmi1faA5VoTBZZ5Z%2FJ76hOKctI0pxP%2Foi43o6BJD00AKQLXTRKh4oxAKMJd8fluaZnForw0kpcStAQu8ckL0GMlPlL98T%2BufyyuK%2BEfCDvQ6z5"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-fvpqg
cf-ray
89c46d08cd3bbb97-FRA
x-amz-cf-id
r92nK7S28vimoSc3CRyMWOyy-AzXyIlWPPlLA9_DPRGsSxlSEg7Cog==
js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
11 KB
5 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f443007354af04e5d9f0aea2ce21303442752753ce63ab035a6c76d4f06d5d52
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1273, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407811
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-m255z
content-length
4874
x-served-by
cache-chi-kigq8000024-CHI, cache-fra-etou8220151-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000024_CHI
last-modified
Tue, 05 Mar 2024 06:05:59 GMT
server
nginx
x-timer
S1719816250.726072,VS0,VE4
etag
W/"65e6b647-2a50"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e593445d-f1d7-11ee-976d-4e9dd3d547b2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
13 KB
5 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff79200e9d0486ad1207f01f3c5918eea0771ded9b1681694da8caaae4c74c1a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1632, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407831
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-fddpv
content-length
4854
x-served-by
cache-chi-kigq8000072-CHI, cache-fra-eddf8230115-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000072_CHI
last-modified
Tue, 05 Mar 2024 06:05:49 GMT
server
nginx
x-timer
S1719816250.724623,VS0,VE4
etag
W/"65e6b63d-343a"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d721c50f-f1d7-11ee-a6cf-faab7e7aaaa3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
547 B
749 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
634b615987ef6bc5cf11ff7eb78673aebf61e436dc7a56de0f4b4aa543ccb577
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 839, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407812
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-srsz5
content-length
294
x-served-by
cache-chi-klot8100132-CHI, cache-fra-etou8220155-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100132_CHI
last-modified
Tue, 05 Mar 2024 06:06:00 GMT
server
nginx
x-timer
S1719816250.727490,VS0,VE6
etag
W/"65e6b648-223"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e597477d-f1d7-11ee-83a9-32c190c1efda
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
27 KB
8 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
033ea4cefced423a11d0cc62afb56c3b09c16913abe8a891fc578b2f2327a101
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 1279, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407831
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
7981
x-served-by
cache-chi-kigq8000113-CHI, cache-fra-etou8220066-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000113_CHI
last-modified
Tue, 05 Mar 2024 06:05:55 GMT
server
nginx
x-timer
S1719816250.725136,VS0,VE5
etag
W/"65e6b643-6d75"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd156f92-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
22 KB
8 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b2da29ed5ab13ba88c22a51b412428640f8b495c40e0225d712d16eb6ea8351e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1096, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407747
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
7765
x-served-by
cache-chi-kigq8000098-CHI, cache-fra-eddf8230071-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000098_CHI
last-modified
Tue, 05 Mar 2024 06:06:01 GMT
server
nginx
x-timer
S1719816250.724495,VS0,VE6
etag
W/"65e6b649-59a3"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e59287d2-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
730 B
755 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
67138202cdb85739d98743e8226b60fbef18366ce3da88902bee16dacd0f0959
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 899, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407832
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ph6zp
content-length
381
x-served-by
cache-chi-klot8100120-CHI, cache-fra-etou8220105-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100120_CHI
last-modified
Tue, 05 Mar 2024 06:05:56 GMT
server
nginx
x-timer
S1719816250.724432,VS0,VE5
etag
W/"65e6b644-2da"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd343a59-f1d7-11ee-89af-8edf77054182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__udVKtMVyYcbvVHDJ0nPML4nntXexNWL2oMqAdYSCgWM__DGF7DhDt4X72RMZfC0gLtM1DzR4cKNX-xUUTDHAODaQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
27 KB
10 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__udVKtMVyYcbvVHDJ0nPML4nntXexNWL2oMqAdYSCgWM__DGF7DhDt4X72RMZfC0gLtM1DzR4cKNX-xUUTDHAODaQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c3af792cf17fc9da7b301e6ec8a24dcec9e7b4d3ef83622c2417329f658e8848
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 17 Apr 2025 13:54:31 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407811
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-dfscd
content-length
10066
x-served-by
cache-chi-klot8100144-CHI, cache-fra-eddf8230027-FRA, cache-fra-eddf8230117-FRA
last-modified
Tue, 16 Apr 2024 13:54:18 GMT
server
nginx
x-timer
S1719816250.726238,VS0,VE5
etag
W/"661e830a-6bc3"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d99a5f32-fbf8-11ee-84c5-c204ae6b7bc4
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1220, 0
js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
710 B
619 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1f81387d932ab97c0ddff8edfc8e1ca4e37201b3cfb5d3911bc25a04e4087ae7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 909, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407831
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ph6zp
content-length
306
x-served-by
cache-chi-klot8100117-CHI, cache-fra-etou8220152-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100117_CHI
last-modified
Tue, 05 Mar 2024 06:05:57 GMT
server
nginx
x-timer
S1719816250.724403,VS0,VE4
etag
W/"65e6b645-2c6"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd2ddb29-f1d7-11ee-89af-8edf77054182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
798 B
829 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0af941ad21ab4dc704f04bdf8d21825869cfe27eb61b3a37e295f70697c48c88
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1245, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407811
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-srsz5
content-length
428
x-served-by
cache-chi-klot8100128-CHI, cache-fra-eddf8230056-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:06:02 GMT
server
nginx
x-timer
S1719816250.725725,VS0,VE10
etag
W/"65e6b64a-31e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e59612e5-f1d7-11ee-83a9-32c190c1efda
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
981 B
744 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
33df7d1430b49b83528e5df930e1da6d9bf492fb32b37ff2b9fd4d97834a0abd
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1302, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407826
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-kk5rj
content-length
452
x-served-by
cache-chi-klot8100097-CHI, cache-fra-eddf8230050-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100097_CHI
last-modified
Tue, 05 Mar 2024 06:06:03 GMT
server
nginx
x-timer
S1719816250.724269,VS0,VE4
etag
W/"65e6b64b-3d5"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e5927087-f1d7-11ee-b87b-f2654297ce89
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
3 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9e815610f978cad8bc6a72832b206c68e17bf6799cd0c937b2b3c30014243f73
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
2, 1623, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407830
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-5zbrs
content-length
1539
x-served-by
cache-chi-klot8100066-CHI, cache-fra-etou8220025-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100066_CHI
last-modified
Tue, 19 Mar 2024 19:19:24 GMT
server
nginx
x-timer
S1719816250.726844,VS0,VE5
etag
W/"65f9e53c-d5a"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd2cb700-f1d7-11ee-bbb7-623f168e5bfe
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
32 KB
14 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6806cdcdd3c7f06950968eeebc5ed11dc261adde18cfefd541532fcf5e59ddff
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1264, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407811
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-h68w5
content-length
14177
x-served-by
cache-chi-klot8100139-CHI, cache-fra-eddf8230145-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100139_CHI
last-modified
Tue, 05 Mar 2024 06:06:03 GMT
server
nginx
x-timer
S1719816250.725583,VS0,VE5
etag
W/"65e6b64b-81b7"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e592268a-f1d7-11ee-9fa0-220fea7644ee
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__awDE3dco34o6B5V5PT-wcPX9t75VGt6sjYxNLg-Ibew__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
6 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__awDE3dco34o6B5V5PT-wcPX9t75VGt6sjYxNLg-Ibew__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c654220d555e70fb63334836085ed53e9a9d2982e79824664fba6d89e6dc490e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 17 Apr 2025 13:54:31 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407830
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-c4v2w
content-length
2104
x-served-by
cache-chi-klot8100167-CHI, cache-fra-etou8220057-FRA, cache-fra-eddf8230117-FRA
last-modified
Tue, 16 Apr 2024 13:54:19 GMT
server
nginx
x-timer
S1719816250.725016,VS0,VE5
etag
W/"661e830b-183e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d99b81fb-fbf8-11ee-9c93-fae8d33dc845
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1624, 0
js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
4 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
61deedef5519831c5ba93b5ea4ccbe1d3a6a544c37709704271d05871caf1a02
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Wed, 21 May 2025 14:41:43 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407718
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-7d5d4db597-t449s
content-length
1194
x-served-by
cache-chi-kigq8000035-CHI, cache-fra-eddf8230056-FRA, cache-fra-eddf8230117-FRA
last-modified
Tue, 05 Mar 2024 06:06:26 GMT
server
nginx
x-timer
S1719816250.724197,VS0,VE4
etag
W/"65e6b662-f33"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
13b2b807-16b7-11ef-ab5f-328758f3d7f2
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 254, 0
js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
4 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7a06dd94021db644db9732192dd8c6b062b80d3f99488e35ce495e82f0ccf961
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 787, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407747
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-srsz5
content-length
1541
x-served-by
cache-chi-klot8100156-CHI, cache-fra-eddf8230134-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100156_CHI
last-modified
Tue, 05 Mar 2024 06:06:04 GMT
server
nginx
x-timer
S1719816250.728775,VS0,VE8
etag
W/"65e6b64c-f24"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e594d3d7-f1d7-11ee-83a9-32c190c1efda
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
4 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fd08b09bb992ad9d8eb1fa512716a782939ee1df7c7b10ebecef57bc7b023626
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 523, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407747
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
1260
x-served-by
cache-chi-kigq8000118-CHI, cache-fra-eddf8230107-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000118_CHI
last-modified
Tue, 05 Mar 2024 06:06:05 GMT
server
nginx
x-timer
S1719816250.727507,VS0,VE6
etag
W/"65e6b64d-ebd"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
ea32fd72-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:34 GMT
js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
5 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a167f660daaa2f0abba7204685eb46f7127b490d936f10747a2f8c5daba26b83
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 1363, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407827
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-2j9t5
content-length
1853
x-served-by
cache-chi-klot8100113-CHI, cache-fra-eddf8230156-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100113_CHI
last-modified
Tue, 05 Mar 2024 06:05:50 GMT
server
nginx
x-timer
S1719816250.726309,VS0,VE5
etag
W/"65e6b63e-1377"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
ddfed7c4-f1d7-11ee-aed0-566d988ffce8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:13 GMT
js__RKHlmU6t0RLUncGnTujiufoFCC5MbSOoksjftmO9T3k__zuc6_saw4GugjJbkXjhIWvD6QUdji5PLzz5KMmYf8SA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
6 KB
3 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__RKHlmU6t0RLUncGnTujiufoFCC5MbSOoksjftmO9T3k__zuc6_saw4GugjJbkXjhIWvD6QUdji5PLzz5KMmYf8SA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
706bcb95e6eec4ff78ac6d9647ad0e0e7163134b73c45f0fc5b801ca529127d2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 17 Apr 2025 13:54:51 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407812
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-6494bdc54b-252xz
content-length
2348
x-served-by
cache-chi-kigq8000179-CHI, cache-fra-etou8220030-FRA, cache-fra-eddf8230117-FRA
last-modified
Tue, 16 Apr 2024 13:54:32 GMT
server
nginx
x-timer
S1719816250.726888,VS0,VE5
etag
W/"661e8318-1965"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e54bdec9-fbf8-11ee-9577-c280e6ba379a
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 651, 0
js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
2 KB
1 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ac12f243172f3c8376a67f24942257093fd70d0c10212a58bf8df60f372be24e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
9, 1300, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407830
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
762
x-served-by
cache-chi-kigq8000175-CHI, cache-fra-eddf8230041-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:59 GMT
server
nginx
x-timer
S1719816250.728176,VS0,VE5
etag
W/"65e6b647-76d"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
de004b55-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:14 GMT
js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__YDKn5kOzd1mgJhYu7UkUXBFTO-WC5n-FhasqlgTZXKY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
10 KB
4 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__YDKn5kOzd1mgJhYu7UkUXBFTO-WC5n-FhasqlgTZXKY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0eb42d32c51e79e9d48a5694328c0ce8889f58a2c25bf13f239a8d818226a96a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 17 Apr 2025 13:54:51 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407812
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-c4v2w
content-length
3791
x-served-by
cache-chi-kigq8000049-CHI, cache-fra-eddf8230084-FRA, cache-fra-eddf8230117-FRA
last-modified
Tue, 16 Apr 2024 13:54:33 GMT
server
nginx
x-timer
S1719816250.727738,VS0,VE4
etag
W/"661e8319-262c"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e54d52df-fbf8-11ee-9c93-fae8d33dc845
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
7, 788, 0
js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
1017 B
836 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2db23bd96dca0757b0f0d309acb62fe766c08348c86c195ed79658f7f7b456c3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1575, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407827
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-2j9t5
content-length
566
x-served-by
cache-chi-kigq8000115-CHI, cache-fra-eddf8230091-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000115_CHI
last-modified
Tue, 05 Mar 2024 06:05:51 GMT
server
nginx
x-timer
S1719816250.724427,VS0,VE4
etag
W/"65e6b63f-3f9"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d721917e-f1d7-11ee-aed0-566d988ffce8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
2 KB
978 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3180fea88eaa47e87effdffd92cc7f52249a701909b6b617b2d0c55b7a0e7c98
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
2, 930, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407831
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-h68w5
content-length
629
x-served-by
cache-chi-kigq8000137-CHI, cache-fra-etou8220058-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000137_CHI
last-modified
Tue, 05 Mar 2024 06:06:01 GMT
server
nginx
x-timer
S1719816250.723922,VS0,VE6
etag
W/"65e6b649-61e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
ddd9505b-f1d7-11ee-9fa0-220fea7644ee
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:13 GMT
js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__AT6c7sCefn259J383Kk5L3xgymjOI5hghQofGOoaazQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
21 KB
7 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__AT6c7sCefn259J383Kk5L3xgymjOI5hghQofGOoaazQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7dfeb329f73421a0c80e8a067d3e1d67c916c84746f94cb9826c06bc58516d1f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 27 Jun 2025 13:26:32 GMT
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407830
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-ct69k
content-length
6820
x-served-by
cache-chi-klot8100110-CHI, cache-fra-eddf8230090-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:26:03 GMT
server
nginx
x-timer
S1719816250.723854,VS0,VE6
etag
W/"667c16eb-55f3"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
b45e7b01-33bf-11ef-a5ff-065f8a95e18c
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
6, 1640, 0
js__5JgaXR8D2C00E22GhU2eB1lVAKgbz2L03t9_2mjtbvU__jsf8gUmjQabawiet5xN7FARmhje4S0BRk0UtxOVEzLY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
1 KB
951 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__5JgaXR8D2C00E22GhU2eB1lVAKgbz2L03t9_2mjtbvU__jsf8gUmjQabawiet5xN7FARmhje4S0BRk0UtxOVEzLY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76d9063e5a28081ce23c52ce4c500f8a39674afbedf24aad5f304df8f00a84df
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 866, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407811
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-2j9t5
content-length
495
x-served-by
cache-chi-kigq8000088-CHI, cache-fra-eddf8230076-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000088_CHI
last-modified
Tue, 05 Mar 2024 06:06:09 GMT
server
nginx
x-timer
S1719816250.723792,VS0,VE5
etag
W/"65e6b651-40c"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e594266c-f1d7-11ee-aed0-566d988ffce8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__bunscNd0XY0JtFyEPHN8vrG4QmOdFsldeaRN0v3VA9M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
79 KB
27 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__bunscNd0XY0JtFyEPHN8vrG4QmOdFsldeaRN0v3VA9M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2da781a6191588a46eeb8e47e2d5c4fd2d49a2eceeb1e6e061dbac289e63dc7c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 98, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407718
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
26917
x-served-by
cache-chi-klot8100116-CHI, cache-fra-etou8220069-FRA, cache-fra-eddf8230117-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100116_CHI
last-modified
Mon, 18 Mar 2024 14:45:01 GMT
server
nginx
x-timer
S1719816250.723759,VS0,VE5
etag
W/"65f8536d-13c91"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e5945f6d-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
/
attr.ml-api.io/
Redirect Chain
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=2280562509482168976
4 B
281 B
Image
General
Full URL
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=2280562509482168976
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Server
2600:9000:206f:c200:5:7a81:86c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 01 Jul 2024 06:44:10 GMT
via
1.1 f2fa38e6635ded6d22a69d089217bc90.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
content-type
application/json
alt-svc
h3=":443"; ma=86400
content-length
4
apigw-requestid
aOF5Kh_VIAMEZ_Q=
x-amz-cf-id
WSHy26ipn8S-5cWJftftdqNdfeh8IAXVMRT5tz_tyzwR4vAkIs-9Ow==

Redirect headers

pragma
no-cache
date
Mon, 01 Jul 2024 06:44:10 GMT
an-x-request-uuid
f29317f2-820a-4626-82f5-79f924023963
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=2280562509482168976
x-proxy-origin
80.255.10.202; 80.255.10.202; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
utag.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/
434 KB
111 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:7600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e87016d2d889ede0cfc1d5c8f1b69dfaf7d461f89ea0eda0bb9f0e3a081ca57d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
zr4gwCy6_8xEUw51.SYGeQ_pSFhNdynW
content-encoding
br
via
1.1 d2c570942164f5ee69dab53f43b0f1d2.cloudfront.net (CloudFront)
date
Mon, 01 Jul 2024 06:43:56 GMT
last-modified
Thu, 13 Jun 2024 14:02:24 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
14
x-amz-server-side-encryption
AES256
etag
W/"44468fa32fdb667ec6e335ac4a3e7d81"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
03uW_k17nOHEOWXMxDu86Z3SwezhoRfn7wKT76mADCpzi2aNLYDjfA==
truncated
/
166 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
450 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
141 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
187 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
660 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
372 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
372 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
248 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
chevron-right-xxs.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/
213 B
471 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/chevron-right-xxs.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
eb06d9c1faf512de924b0840e5ff2cea13ea5154e84b9a2edb23c3ee94602bd7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
3, 626, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407830
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-4l4rv
content-length
174
x-served-by
cache-chi-kigq8000176-CHI, cache-fra-eddf8230157-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:46 GMT
server
nginx
x-timer
S1719816250.917519,VS0,VE4
etag
W/"667c16da-d5"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
c47c6d75-33bf-11ef-a478-a28498a186e3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Jun 2025 13:27:00 GMT
truncated
/
636 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
636 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
636 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
banner-woman.jpg
www.forcepoint.com/sites/default/files/
12 KB
13 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/banner-woman.jpg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img10-europe-west2
age
2074076
http_x_geo_region
DE-BW
x-cache
MISS, HIT, MISS, HIT
fastly-io-info
ifsz=139269 idim=591x426 ifmt=jpeg ofsz=12712 odim=591x426 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-6zx56
content-length
12712
x-served-by
cache-chi-klot8100073-CHI, cache-ams21065-AMS, cache-ams12723-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.923243,VS0,VE2
etag
"N0lQYBtHe5ciagpRVpui8m2mvIrccgSXz/6JZdtfgoA"
vary
Accept
content-type
image/webp
x-styx-req-id
c380a60e-0635-11ef-be95-3a8be9a6877a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 30 Apr 2025 14:35:45 GMT
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
750 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
ajax-loader.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
365 B
752 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ajax-loader.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
195211df418c32079abb41bb0ebd2ea3aace287509a9c49702d80f1350313527
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img01-europe-west2
age
2015189
http_x_geo_region
DE-BW
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=404 idim=43x11 ifmt=gif ofsz=365 odim=43x11 ofmt=gif ofrm=4
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-2w9x6
content-length
365
x-served-by
cache-chi-klot8100112-CHI, cache-ams21072-AMS, cache-ams21053-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.924920,VS0,VE2
etag
"c9vdSz1SobFgJvEEIebuVOe3obQGnXd87HeEFJfv0io"
vary
Accept
content-type
image/gif
x-styx-req-id
86b514b5-07bc-11ef-bee0-eaad830a048d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:12:56 GMT
bg-blog-podcast-final-plea.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/
136 KB
137 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/bg-blog-podcast-final-plea.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
defd01b0db74c62e4efe18ef38e5ec968f2b8c2cf51ab6b14f12e1ad250eec84
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:09 GMT
fastly-io-served-by
img03-europe-west2
age
2163324
http_x_geo_region
DE-BW
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=236236 idim=580x458 ifmt=png ofsz=139710 odim=580x458 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
139710
x-served-by
cache-chi-kigq8000133-CHI, cache-ams21029-AMS, cache-ams12730-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.924990,VS0,VE2
etag
"J4HM7COV6lmZQG/n7TaO0MtxZmafgyzKI2fNbOojs8E"
vary
Accept
content-type
image/webp
x-styx-req-id
82115b34-07bd-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:19:58 GMT
f-white.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/
257 B
545 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/f-white.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
2, 135, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407830
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-4fsf9
content-length
187
x-served-by
cache-chi-klot8100146-CHI, cache-fra-etou8220152-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:44 GMT
server
nginx
x-timer
S1719816250.925354,VS0,VE4
etag
W/"667c16d8-101"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
c4b51725-33bf-11ef-82b6-0e47c8ff5b51
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Jun 2025 13:27:00 GMT
truncated
/
442 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
icon-anchor-arrow-teal.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/
655 B
659 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/icon-anchor-arrow-teal.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
2, 561, 0
date
Mon, 01 Jul 2024 06:44:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407829
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-lk559
content-length
400
x-served-by
cache-chi-kigq8000077-CHI, cache-fra-eddf8230034-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:43 GMT
server
nginx
x-timer
S1719816250.926448,VS0,VE5
etag
W/"667c16d7-28f"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
c4b652ab-33bf-11ef-be6b-420e4ed0c032
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Jun 2025 13:27:00 GMT
truncated
/
383 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
558 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
356 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
431 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
688 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
utag.v.js
tags.tiqcdn.com/utag/tiqapp/
2 B
431 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=websense/forcepoint-2018/202406131401&cb=1719816250040
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:7600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date
Mon, 01 Jul 2024 06:40:26 GMT
via
1.1 d2c570942164f5ee69dab53f43b0f1d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
age
225
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2
last-modified
Sat, 11 Mar 2023 06:57:46 GMT
server
AmazonS3
etag
"7bc0ee636b3b83484fc3b9348863bd22"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
tZ_Cq5YPfNCB1Kebvcu0mfJIu-GBBeCMVGt3eljyRA41jwERX7NG6A==
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/
47 KB
7 KB
XHR
General
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
673bc3f10a02162bd98b0e7de32f8cb9637f2564c4c6d6f283d82d8d60f5ace2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-origin-hublet
na1
date
Mon, 01 Jul 2024 06:44:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
f95d42fb-2b5b-4c71-afa3-1236ed007670
x-envoy-upstream-service-time
16
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
f95d42fb-2b5b-4c71-afa3-1236ed007670
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.forcepoint.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
89c46d0affa78ed5-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-n485z
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/
47 KB
7 KB
XHR
General
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
110a9f5182d8768a5d1338d4598e0614f19dd83323ee56dc5d9c3a45ef28b4e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-origin-hublet
na1
date
Mon, 01 Jul 2024 06:44:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
3760b8d8-0a49-4e5c-8b04-7d5e2bab72e1
x-envoy-upstream-service-time
18
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
3760b8d8-0a49-4e5c-8b04-7d5e2bab72e1
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.forcepoint.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
89c46d0bc8a58ed5-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-gqvsp
loading.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
76 KB
77 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/loading.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3f3a06c93db350a7a9d3616a3dbbd6c252e702ade48978256c8a125fc2981d2d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 1, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 01 Jul 2024 06:44:10 GMT
fastly-io-served-by
img04-europe-west2
age
1049879
http_x_geo_region
DE-BW
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=80522 idim=200x200 ifmt=gif ofsz=78253 odim=200x200 ofmt=gif ofrm=30
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
78253
x-served-by
cache-chi-kigq8000130-CHI, cache-ams21037-AMS, cache-ams21030-AMS, cache-fra-eddf8230117-FRA
server
nginx
x-timer
S1719816250.066425,VS0,VE2
etag
"Nxhc6+NYNokf+oi4tit7qUckgh54LwQ6JJFLiU/ddPg"
vary
Accept
content-type
image/gif
x-styx-req-id
94ec1476-07a6-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 10:35:51 GMT
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
884 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:44:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
79253fd2-ef62-4bc0-a1e3-df36fb337653
x-envoy-upstream-service-time
8
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
79253fd2-ef62-4bc0-a1e3-df36fb337653
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-9q5kl
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
89c46d0beadc5b8c-FRA
truncated
/
133 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
geolocation-db.com/json/
145 B
256 B
XHR
General
Full URL
https://geolocation-db.com/json/
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
c71b4d1e498f61a8a6c910b80dc233bb60e52f0cb428d3a14982c58369a48092

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Mon, 01 Jul 2024 06:44:10 GMT
content-encoding
gzip
server
nginx/1.14.0 (Ubuntu)
content-type
text/html; charset=UTF-8
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
848 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:44:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
11c36dfb-f9ad-428d-aa53-5d7e905c61dc
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
11c36dfb-f9ad-428d-aa53-5d7e905c61dc
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-ptpxr
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
89c46d0c0aeb5b8c-FRA
/
geolocation-db.com/json/
145 B
255 B
XHR
General
Full URL
https://geolocation-db.com/json/
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
c71b4d1e498f61a8a6c910b80dc233bb60e52f0cb428d3a14982c58369a48092

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Mon, 01 Jul 2024 06:44:10 GMT
content-encoding
gzip
server
nginx/1.14.0 (Ubuntu)
content-type
text/html; charset=UTF-8
nr-rum-1.261.1.min.js
js-agent.newrelic.com/
49 KB
16 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-rum-1.261.1.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2602:816:5001::39 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d0ec82a82ae412d1cbcf08f404ce69ef215cd47d8a98d6aa13309fc66dacba1f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
PtpEMFkvDPThYBpPR8Pubi8RTrSqq2TW
content-encoding
br
via
1.1 varnish
date
Mon, 01 Jul 2024 06:44:10 GMT
strict-transport-security
max-age=300
x-amz-request-id
RDJHFKXDXC5H56B3
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
15608
x-amz-id-2
x5j8fgCnKKGEHfDf7NvPhRlRRvHi36eNjjzEqHztxuHfyyXV/qZuwRyUi2bPeIf7yZKsBuuZrBQF56iHmqfKZHmj+WMLFYaB
x-served-by
cache-fra-etou8220031-FRA
last-modified
Wed, 26 Jun 2024 18:29:32 GMT
server
AmazonS3
etag
"af66b9ecbf2258d50184f3a2cab623c1"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
23937
latest.js
scripts.simpleanalyticscdn.com/
7 KB
5 KB
Script
General
Full URL
https://scripts.simpleanalyticscdn.com/latest.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_js/js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1a00::894:1 Chicago, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-IL1-894 /
Resource Hash
a965bdafdcbdf6a1bc0a04fb81ee6d5fb86e1fde7a2da4e8998ab3bcf467bdb4

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:44:10 GMT
content-encoding
br
cdn-edgestorageid
1070
cdn-storageserver
LA-342
cdn-cachedat
03/26/2024 02:49:50
cdn-pullzone
103822
last-modified
Wed, 03 May 2023 16:16:26 GMT
server
BunnyCDN-IL1-894
cdn-fileserver
357
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"645288da-1d5b"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
621ef7c8-45de-46e4-8237-2eca0c3a2d75
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=604800
simple-analytics
true
cdn-requestid
5a020950787f3fa6645c1e8e7f582bfe
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
favicon.ico
www.forcepoint.com/sites/all/themes/custom/fp/assets/icons/favicon/
15 KB
963 B
Other
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/icons/favicon/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
59a410a623d86c98b190b07e27d0cf4e36455f184fc85cc1a4021aac1bc8a860
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-l749x
date
Mon, 01 Jul 2024 06:44:10 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
407821
http_x_geo_region
DE-BW
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
expires
Fri, 27 Jun 2025 13:27:09 GMT
content-length
606
x-served-by
cache-chi-klot8100165-CHI, cache-fra-etou8220135-FRA, cache-fra-eddf8230117-FRA
last-modified
Wed, 26 Jun 2024 13:25:44 GMT
server
nginx
x-timer
S1719816250.483718,VS0,VE4
etag
"667c16d8-3aee"
vary
Accept-Encoding
content-type
image/x-icon
x-styx-req-id
ca528571-33bf-11ef-8b05-0e97991a7547
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
2, 34, 0
NRJS-922263b7f65c352c48b
bam.nr-data.net/1/
150 B
603 B
XHR
General
Full URL
https://bam.nr-data.net/1/NRJS-922263b7f65c352c48b?a=477262540&v=1.261.1&to=YFEDbUMFXBBXB0RbXlkbNEtYSx0KWABVSh9HXBE%3D&rst=1245&ck=0&s=63ece92e90306227&ref=https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan&ptid=a19735ef7f8abebe&ap=1427&be=379&fe=828&dc=393&at=TBYAGwsfTx4%3D&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1719816249269,%22n%22:0,%22f%22:0,%22dn%22:9,%22dne%22:9,%22c%22:9,%22s%22:223,%22ce%22:367,%22rq%22:367,%22rp%22:379,%22rpe%22:406,%22di%22:759,%22ds%22:766,%22de%22:772,%22dc%22:1206,%22l%22:1206,%22le%22:1207%7D,%22navigation%22:%7B%7D%7D&fp=560&fcp=706
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.261.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2d178ee57c5d2a506b3799b50fea41d93ed1b786b8249434071bd048f2f376ac

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 01 Jul 2024 06:44:10 GMT
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
content-type
text/plain
access-control-allow-origin
https://www.forcepoint.com
access-control-expose-headers
Date
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
Connection
keep-alive
timing-allow-origin
https://www.forcepoint.com
Content-Length
150
x-served-by
cache-fra-etou8220143-FRA
simple.gif
queue.simpleanalyticscdn.com/
43 B
410 B
Image
General
Full URL
https://queue.simpleanalyticscdn.com/simple.gif?version=cdn_latest_11&hostname=www.forcepoint.com&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F126.0.0.0%20Safari%2F537.36&https=true&timezone=Europe%2FBerlin&page_id=58b9784c-faab-4a61-8850-d37398f2c12b&session_id=272474d9-91c1-42ef-b91c-09dcaef838a6&sri=false&mobile=false&brands=%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22126%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22126%22%7D%5D&os_name=Win32&os_version=10.0.0&path=%2Fblog%2Fx-labs%2Furl-shortener-microsoft-word-remcos-rat-trojan&viewport_width=1600&viewport_height=1200&language=de-DE&screen_width=1600&screen_height=1200&unique=true&id=58b9784c-faab-4a61-8850-d37398f2c12b&type=pageview&time=1719816250825
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.182.193.176 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
185-182-193-176.hosted-by-worldstream.net
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Mon, 01 Jul 2024 06:44:10 GMT
Simple-Analytics-Feedback
Thanks for sending this page view!
Simple-Analytics-Location
not_set
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
43
Expires
0

Verdicts & Comments Add Verdict or Comment

133 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 undefined| event object| fence object| sharedStorage object| NREUM object| webpackChunk:NRBA-1.261.1.PROD object| newrelic object| utag_data undefined| $ function| jQuery number| _vis_opt_account_id string| _vis_opt_protocol string| _vis_opt_script1src string| _vis_opt_script1id string| _vis_opt_script2src string| _vis_opt_script2id undefined| scriptsInitialized function| _vis_opt_loadScript function| _vis_opt_loadScript_write function| loadTopBottomScript function| vwoSyncCode function| consentCookie function| vwoConsentGiven object| consentFunctionalCookie boolean| hasSessionStorageConsent number| prevScrollPos function| shouldRunScript object| body function| insertModalInBody boolean| hasScrolled boolean| hasSpentTime boolean| hasExitIntent boolean| hasDSEOpened boolean| scrolledUp function| userScrolledUp function| userInteracted function| userSpentTime function| userLeavesPage function| closeModal object| forresterUrls undefined| hasOpenedForrester undefined| forresterModalOpenedInSession undefined| imgSrc undefined| titleContent undefined| linkTo undefined| forresterModalString undefined| forresterModal undefined| modalCloseBtn undefined| modalLinkBtn undefined| forresterModalContent object| dseUrls undefined| newScript undefined| dseModalOpened undefined| title undefined| video undefined| linkUrl undefined| linkText undefined| dseModalString undefined| dseModal undefined| dseModalCloseBtn undefined| dseModalContent undefined| dseModalLinkBtn boolean| hasValidUtm object| formProductModal undefined| hasDataWildOpened undefined| dataWildTitle undefined| dataWildDescription undefined| dataWildParagraph undefined| dataWildLinkUrl undefined| dataWildLinkText undefined| dataWildImageUrl undefined| dataWildModalString undefined| wildModal undefined| wildModalCloseBtn undefined| wildModalContent undefined| wildModalLinkBtn undefined| canShowWildModal object| hubspot object| HubSpotForms object| hbspt object| hsFormsOnReady function| advagg_mod_2 function| advagg_mod_2_check function| advagg_mod_defer_1 function| init_drupal_core_settings object| utag_err boolean| utag_condload string| url object| utag function| e object| s function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap object| _linkedin object| _qevents function| _tealium_old_error boolean| __tealium_twc_switch object| adobe function| Visitor object| s_c_il number| s_c_in number| s_objectID number| s_giq object| _linkedin_data_partner_ids string| gtagRename object| dataLayer function| gtag function| rdt object| md5 function| fbq function| _fbq object| html5 object| Modernizr object| Drupal function| DOMPurify function| lazyloaderDebounceOrThrottle object| echo function| Waypoint object| AOS object| picturefillCFG function| picturefill function| tealiumGetResourceSearchData function| tealiumTrackResourceSearch object| tealFuncs object| options object| _hsq boolean| sa_event_loaded boolean| sa_loaded function| sa_event

12 Cookies

Domain/Path Name / Value
.hsforms.net/ Name: __cf_bm
Value: FtpyoeeQb9_TYG_9x2CCjCTLR9.FRZ.T3iDXjpMV3lw-1719816249-1.0.1.1-j7eWqm.3OAjwVK98E6NW44IVZZq0YCXg2so8ArazLDOeAqxk97Q.RoCrwRun6JGcwNRX6XkFUU27WgJjWDnAhw
.forcepoint.com/ Name: utag_main__sn
Value: 1
.forcepoint.com/ Name: utag_main__se
Value: 1%3Bexp-session
.forcepoint.com/ Name: utag_main__ss
Value: 1%3Bexp-session
.forcepoint.com/ Name: utag_main__st
Value: 1719818050022%3Bexp-session
.forcepoint.com/ Name: utag_main_ses_id
Value: 1719816250022%3Bexp-session
.forcepoint.com/ Name: utag_main__pn
Value: 1%3Bexp-session
.adnxs.com/ Name: XANDR_PANID
Value: _cw7rXILVSGFL1WX3fmcXNzuGRuqO2dRB5CJbewJj2ksKM5_ePzH-Jfs9jAnKk9EfiI3wNQ6PARVlbIQSaPX3fam3jzJanV0B8U2DeRji8Q.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 2280562509482168976
.hsforms.com/ Name: __cf_bm
Value: L.r5VDB0x.xrfohlA3DPiBC36eciOBx5TJbr_ZvyX48-1719816250-1.0.1.1-0xjThkm_l4RTsSuewF3TiXscJsolPyo_YW5wcr0juqhcZ7xUwsx.7inRHLi1vR3bUjaZHdpARRiNM9aFH.IpfQ
.hsforms.com/ Name: _cfuvid
Value: bXXoG1K4aqe1rxNCPA8ey9Gkv7mjpsErNfYk6j02o28-1719816250351-0.0.1.1-604800000

19 Console Messages

Source Level URL
Text
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/help.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/message-24-warning.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/message-24-error.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/menu-expanded.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/tree-bottom.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/menu-collapsed.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/message-24-ok.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/throbber-inactive.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/draggable.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/grippie.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/tree.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/throbber-active.gif was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
Message:
The resource https://www.forcepoint.com/misc/progress.gif was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
security error URL: https://scripts.simpleanalyticscdn.com/latest.js(Line 2)
Message:
Refused to connect to 'https://queue.simpleanalyticscdn.com/append' because it violates the following Content Security Policy directive: "connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com; img-src * data: *; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com *.hubspot.com *.hubspot.net *.demdex.net *.libsyn.com *.youtube.com; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

attr.ml-api.io
bam.nr-data.net
cdnjs.cloudflare.com
forms-na1.hsforms.com
forms.hsforms.com
geolocation-db.com
js-agent.newrelic.com
js.hsforms.net
queue.simpleanalyticscdn.com
s.ml-attr.com
scripts.simpleanalyticscdn.com
secure.adnxs.com
tags.tiqcdn.com
www.forcepoint.com
104.17.25.14
104.18.142.119
104.18.80.204
104.19.175.188
159.89.102.253
162.247.243.29
185.182.193.176
2400:52e0:1a00::894:1
2600:9000:206f:c200:5:7a81:86c0:93a1
2600:9000:235a:7600:7:2bfb:7c00:93a1
2602:816:5001::39
2a04:4e42:400::740
37.252.171.149
68.67.153.60
033ea4cefced423a11d0cc62afb56c3b09c16913abe8a891fc578b2f2327a101
06253733aa87841e74e8076ca1a74c6b8a5eed79057c8dc2812e8f622cbdd45e
0af941ad21ab4dc704f04bdf8d21825869cfe27eb61b3a37e295f70697c48c88
0eb42d32c51e79e9d48a5694328c0ce8889f58a2c25bf13f239a8d818226a96a
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae
10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3
110a9f5182d8768a5d1338d4598e0614f19dd83323ee56dc5d9c3a45ef28b4e2
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
195211df418c32079abb41bb0ebd2ea3aace287509a9c49702d80f1350313527
1a551853bab605782355fae523df4ddad8f3ec86be2e9654278282b154490cc2
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d
1f81387d932ab97c0ddff8edfc8e1ca4e37201b3cfb5d3911bc25a04e4087ae7
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
2528d731c4e61e67f78982f202d1de7e6f7a234117b4d9c98325c27e33c6e1d3
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4
273da5f5372f7eca262d218c1b3a1b0a7055dad4843e7cf485cf7804d8aa0ca4
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
2d178ee57c5d2a506b3799b50fea41d93ed1b786b8249434071bd048f2f376ac
2da781a6191588a46eeb8e47e2d5c4fd2d49a2eceeb1e6e061dbac289e63dc7c
2db23bd96dca0757b0f0d309acb62fe766c08348c86c195ed79658f7f7b456c3
3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d
3180fea88eaa47e87effdffd92cc7f52249a701909b6b617b2d0c55b7a0e7c98
33df7d1430b49b83528e5df930e1da6d9bf492fb32b37ff2b9fd4d97834a0abd
353db1686dfd23728735c8f83a8382b37b37f1243ca1ee2ef2f7241341f2e1e4
365e944c8e49f6e24235dabb2633d0f154ef6a8ef077a8abfe29a6847ae1153a
3d71af35f2b359f1b23e69e6fb08b67a73db8dc5907a7bf83d87b62849ed3b3b
3f3a06c93db350a7a9d3616a3dbbd6c252e702ade48978256c8a125fc2981d2d
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3
4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a
4d58ffb4437135b1a4f7b8cbf01321ea85fe244416aed493ea942462f3d58c86
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70
521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
59976a805bd708c7009f31a3cd7a86357c53b1f2331d2f2997d0db350b9bb32b
59a410a623d86c98b190b07e27d0cf4e36455f184fc85cc1a4021aac1bc8a860
5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886
5f1b6cef797b1f839c2db70c44e77b6e0551cba4e22c5f7b056fcb805468b613
5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49
61cbf8a09d67fc91bd97e439ecb5b880e5b0ea421fdcb9190d5da2f4c8890aa5
61deedef5519831c5ba93b5ea4ccbe1d3a6a544c37709704271d05871caf1a02
629649515666e3906b0dcb77fb2fa1696a4b83b630e2c569a7cd4a097dbe3af8
634b615987ef6bc5cf11ff7eb78673aebf61e436dc7a56de0f4b4aa543ccb577
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53
67138202cdb85739d98743e8226b60fbef18366ce3da88902bee16dacd0f0959
673bc3f10a02162bd98b0e7de32f8cb9637f2564c4c6d6f283d82d8d60f5ace2
6806cdcdd3c7f06950968eeebc5ed11dc261adde18cfefd541532fcf5e59ddff
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868
69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d
6aa75e0e135df761bc11a0e1231af1ef27a5b7fe5985714865f35781286b42e9
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
706bcb95e6eec4ff78ac6d9647ad0e0e7163134b73c45f0fc5b801ca529127d2
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
74a6ba58527ccbbde80b52bb6b23dd5671a4a72199fe789324786d15d6fa9a24
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
76d9063e5a28081ce23c52ce4c500f8a39674afbedf24aad5f304df8f00a84df
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455
7a06dd94021db644db9732192dd8c6b062b80d3f99488e35ce495e82f0ccf961
7dfeb329f73421a0c80e8a067d3e1d67c916c84746f94cb9826c06bc58516d1f
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a
8117b5d7ba159bfb0cf341d96a566b4b06c466a0038eca2273a8533b1536e019
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
87649ba070f4b18de6d9d8824f7a347d4842b913451fddde49bfdb163ae2e12a
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
91997f03543fdd296c85e60feede1e3df0e950aca03698583ff2870869a2dc0b
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742
9a363427efaa6cd56ae165653d1070e96c6b804c99253d1cde1488da66f7af69
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
9e815610f978cad8bc6a72832b206c68e17bf6799cd0c937b2b3c30014243f73
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a167f660daaa2f0abba7204685eb46f7127b490d936f10747a2f8c5daba26b83
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d
a965bdafdcbdf6a1bc0a04fb81ee6d5fb86e1fde7a2da4e8998ab3bcf467bdb4
ac12f243172f3c8376a67f24942257093fd70d0c10212a58bf8df60f372be24e
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9
afe5695ceec4f19c701784c442de76dc711f61482071b8f860bb1608380bc8b5
b2da29ed5ab13ba88c22a51b412428640f8b495c40e0225d712d16eb6ea8351e
b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b
b486e01022c2460a86538a67510d4f39ce41e9dd5050a3d9578ec6f4c054f8ec
b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b
bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf
c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b
c3af792cf17fc9da7b301e6ec8a24dcec9e7b4d3ef83622c2417329f658e8848
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
c654220d555e70fb63334836085ed53e9a9d2982e79824664fba6d89e6dc490e
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
c71b4d1e498f61a8a6c910b80dc233bb60e52f0cb428d3a14982c58369a48092
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
d0ec82a82ae412d1cbcf08f404ce69ef215cd47d8a98d6aa13309fc66dacba1f
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
dd7fe585c74e77b78c21455683a55283fe4f723875c825a1c676e1347ba54ab3
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3
defd01b0db74c62e4efe18ef38e5ec968f2b8c2cf51ab6b14f12e1ad250eec84
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f
e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c
e87016d2d889ede0cfc1d5c8f1b69dfaf7d461f89ea0eda0bb9f0e3a081ca57d
eb06d9c1faf512de924b0840e5ff2cea13ea5154e84b9a2edb23c3ee94602bd7
ee27e3cdc69e172aac4b82b3f20d30a2e9b8fc56e7154475292f0ce338b8a5a5
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
f443007354af04e5d9f0aea2ce21303442752753ce63ab035a6c76d4f06d5d52
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5
f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1
fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5
fd08b09bb992ad9d8eb1fa512716a782939ee1df7c7b10ebecef57bc7b023626
fdc11521f5009cca4ba4c329f0ab9a94273191d33239245d16f484ccbbff23d1
fe7d3ca3e17134925638b03cba3263b8da913e73bf270bf48fda841b2c8ad761
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0
ff79200e9d0486ad1207f01f3c5918eea0771ded9b1681694da8caaae4c74c1a