www.fortinet.com Open in urlscan Pro
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd  Public Scan

URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Submission: On November 13 via api from DE — Scanned from DE

Summary

This website contacted 10 IPs in 3 countries across 6 domains to perform 56 HTTP transactions. The main IP is 2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.fortinet.com. The Cisco Umbrella rank of the primary domain is 156385.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 16th 2024. Valid for: a year.
This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
37 2a05:d014:f3c... 16509 (AMAZON-02)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
5 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 2.18.64.90 20940 (AKAMAI-ASN1)
1 63.34.142.90 16509 (AMAZON-02)
1 2a02:26f0:480... 20940 (AKAMAI-ASN1)
2 75.2.108.141 16509 (AMAZON-02)
1 2 63.140.62.222 16509 (AMAZON-02)
56 10
Apex Domain
Subdomains
Transfer
39 fortinet.com
www.fortinet.com — Cisco Umbrella Rank: 156385
metrics.fortinet.com — Cisco Umbrella Rank: 444136
4 MB
6 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 390
126 KB
5 6sc.co
j.6sc.co — Cisco Umbrella Rank: 6855
c.6sc.co — Cisco Umbrella Rank: 8270
ipv6.6sc.co — Cisco Umbrella Rank: 6936
eps.6sc.co — Cisco Umbrella Rank: 10972
20 KB
5 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 468
138 KB
1 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 276
542 B
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 610
295 B
56 6
Domain Requested by
37 www.fortinet.com www.fortinet.com
6 cdn.cookielaw.org www.fortinet.com
cdn.cookielaw.org
5 assets.adobedtm.com cdn.cookielaw.org
assets.adobedtm.com
2 metrics.fortinet.com 1 redirects
2 eps.6sc.co j.6sc.co
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 dpm.demdex.net assets.adobedtm.com
1 j.6sc.co www.fortinet.com
1 geolocation.onetrust.com cdn.cookielaw.org
56 10
Subject Issuer Validity Valid
*.fortinet.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-16 -
2025-07-15
a year crt.sh
cookielaw.org
WE1
2024-10-11 -
2025-01-09
3 months crt.sh
geolocation.onetrust.com
WE1
2024-10-11 -
2025-01-09
3 months crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-09 -
2025-08-09
a year crt.sh
6sc.co
R10
2024-09-23 -
2024-12-22
3 months crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-09-25 -
2025-10-26
a year crt.sh
eps.6sc.co
Amazon RSA 2048 M02
2024-08-29 -
2025-09-27
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Frame ID: C0716CE84B58753C8A635BC9785F5FD5
Requests: 57 HTTP requests in this frame

Screenshot

Page Title

New Campaign Uses Remcos RAT to Exploit Victims | FortiGuard Labs

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc/designs/
  • /etc\.clientlibs/

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

56
Requests

98 %
HTTPS

56 %
IPv6

6
Domains

10
Subdomains

10
IPs

3
Countries

4088 kB
Transfer

5685 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 56
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s5285365040468?AQB=1&ndh=1&pf=1&t=13%2F10%2F2024%2016%3A13%3A33%203%20-60&fid=12F4753D9B2BAF89-04C3932BA99F7F92&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s5285365040468?AQB=1&pccr=true&vidn=339A610ECE3CE068-60000CD4030BBA39&ndh=1&pf=1&t=13%2F10%2F2024%2016%3A13%3A33%203%20-60&fid=12F4753D9B2BAF89-04C3932BA99F7F92&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

56 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request new-campaign-uses-remcos-rat-to-exploit-victims
www.fortinet.com/blog/threat-research/
81 KB
26 KB
Document
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
7fad0b58c45141ac8b2fafa7e378a66f2d8a9297e3253ea671b40c09a8a085a8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Age
658
Cache-Control
max-age=600, public, s-maxage=10800
Connection
keep-alive
Content-Encoding
gzip
Content-Length
24699
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Content-Type
text/html;charset=utf-8
Date
Wed, 13 Nov 2024 15:03:35 GMT
ETag
"145bf-626cc9f75a0ac-gzip"
Last-Modified
Wed, 13 Nov 2024 15:02:30 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
Via
1.1 39e6266db143f6443f194d8c60e22480.cloudfront.net (CloudFront)
X-Amz-Cf-Id
7lbFAA4lSbUuTZJ7jcjMzGCB4bh9hFYPfocYSfGDKOJ9BrOS6rjEow==
X-Amz-Cf-Pop
FRA60-P3
X-Cache
Hit from cloudfront
X-Content-Type-Options
nosniff
X-Dispatcher
dispatcher1uswest1-28559594
X-Frame-Options
SAMEORIGIN
X-Vhost
publish
X-XSS-Protection
1; mode=block
visitorapi.min.js
www.fortinet.com/etc/designs/fortinet/adb-target/
64 KB
30 KB
Script
General
Full URL
https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"fe2d-6117284c96900-gzip"
Age
184580
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
MTWiO-2Q-x371SjDi6ntPszcBysDEZVNoGVdhYWxtqlF1PHS3lM7eA==
Date
Mon, 11 Nov 2024 11:57:10 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Last-Modified
Thu, 15 Feb 2024 21:43:32 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
29532
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
at.js
www.fortinet.com/etc/designs/fortinet/adb-target/
104 KB
48 KB
Script
General
Full URL
https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"19e83-61431fc4b24c0-gzip"
Age
200741
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
AtSo3bRglYb0JPAVKF-q4owr7snybkFTW70fnm9cjz25stRjWPMeSQ==
Date
Mon, 11 Nov 2024 07:27:49 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Last-Modified
Thu, 21 Mar 2024 20:59:39 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
47782
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/
540 KB
28 KB
Stylesheet
General
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"86e1b-61b58883c7740-gzip"
Age
176391
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
mM8kyx1Ik6yDhZuC2uF0_bMP432qOL_6v3RAypIybNINVChEcQ1LmQ==
Date
Mon, 11 Nov 2024 14:13:38 GMT
Content-Type
text/css;charset=utf-8
Last-Modified
Thu, 20 Jun 2024 20:55:17 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 39e6266db143f6443f194d8c60e22480.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
27478
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
22 KB
8 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
Vo/d0f3ZefkwyML/PnJnjg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD02CCC182444E
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
14154
x-content-type-options
nosniff
expires
Thu, 14 Nov 2024 15:13:30 GMT
date
Wed, 13 Nov 2024 15:13:30 GMT
content-type
application/javascript
last-modified
Tue, 12 Nov 2024 03:47:39 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
558e0cc4-901e-00a8-6ed6-34479f000000
cf-ray
8e1fb4c369c5dbc5-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
7212
x-ms-blob-type
BlockBlob
server
cloudflare
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/
32 KB
3 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"7ebb-565d53a1d6e40-gzip"
Age
38715129
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
T9ePID_9Z-HpnUNg-uVkM6MLN7BZ_XArvFW9gEFtT6aQXXS5wSMKDg==
Date
Wed, 13 Nov 2024 15:11:35 GMT
Content-Type
image/svg+xml
Content-Disposition
attachment; filename="fortinet-logo-white.svg"
Vary
Accept-Encoding
Last-Modified
Thu, 22 Feb 2018 23:16:01 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
1998
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
toc-icon.jpg
www.fortinet.com/content/dam/fortinet/images/
1 KB
3 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet/images/toc-icon.jpg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"4fd-60a2031eb4f40"
Age
31527546
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
rv1Q46bsygjd1VKnb4pahO6Ptsea5n16cItX1IRgfMQ7UF4okU-zzg==
Date
Wed, 13 Nov 2024 15:03:37 GMT
Content-Type
image/jpeg
Last-Modified
Tue, 14 Nov 2023 17:34:13 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
1277
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/
160 KB
74 KB
Script
General
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"28100-61cff12ce1d80-gzip"
Age
1092987
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
nuwVJZpTjrX-rq4dLC1YpLbE1Jf9Wf_2RlMlJZEvd829hSsyMt6XqA==
Date
Wed, 13 Nov 2024 15:11:35 GMT
Content-Type
application/javascript;charset=utf-8
Vary
Accept-Encoding
Last-Modified
Thu, 11 Jul 2024 21:01:58 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
74768
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
f85f39fc-d7aa-467a-b762-fbb722748016.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/
5 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
Uj3iBUKm1Vl2g2NHq67V+w==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC07DF23DF5130
age
46676
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Thu, 14 Nov 2024 15:13:30 GMT
date
Wed, 13 Nov 2024 15:13:30 GMT
content-type
application/json
last-modified
Thu, 28 Dec 2023 19:56:54 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
812fd0b8-001e-0025-0e4c-260b39000000
cf-ray
8e1fb4c4ac578fe3-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1792
x-ms-blob-type
BlockBlob
server
cloudflare
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
fg-rat-hero.jpg
www.fortinet.com/content/dam/fortinet-blog/article-heros/
117 KB
119 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/fg-rat-hero.jpg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
0cf246d6cd139b795a60b01f5d66885f3a685b2433222bd698371d429418d5ea
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"1d5a7-626349f6adec0"
Age
436254
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
rh6-xDwpWZLTLqt6mdJZvxpu9H9hMlGxjf-C6pziJI8LwjnniDi_Ig==
Date
Fri, 08 Nov 2024 14:02:36 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:41:55 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
120231
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
deep-analysis-of-new-emotet-variant-part-2.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/
35 KB
36 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/deep-analysis-of-new-emotet-variant-part-2.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
9ce9e23b2f0aff01f3a20cde4e99e014e306dfb3c420bee920ea9e0f323a6ccc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"8a6d-5673b5c033a00"
Age
38711800
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
YGVXwlAlYheL0pzc_p0l1vCLRzbR5TrzvEA8_ikZwUrGZYKov-JJxg==
Date
Wed, 13 Nov 2024 15:08:16 GMT
Content-Type
image/png
Last-Modified
Mon, 12 Mar 2018 18:32:08 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
35437
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
pdf-phishing-leads-to-nanocore-rat-targets-french-nationals.jpg.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/
153 KB
154 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/pdf-phishing-leads-to-nanocore-rat-targets-french-nationals.jpg.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
5a922a2c59c77d6ae5ce67413c452540ffe00b468d240ab6928531bab15fce2b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"26320-567c8817b12c0"
Age
38704991
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
9JoSDEF7ixoYzpXjs_8OoAFV67mZG0K0Zha_AEHMjsCSdECjWOWQUg==
Date
Wed, 13 Nov 2024 15:08:16 GMT
Content-Type
image/png
Last-Modified
Mon, 19 Mar 2018 18:55:47 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 39e6266db143f6443f194d8c60e22480.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
156448
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
a_deep_dive_analysis_of_fallchill_remote_admin_tool.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/
12 KB
13 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/a_deep_dive_analysis_of_fallchill_remote_admin_tool.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
910ab43f73b6073142379650feb6de6f77744c9a418754fab9e8c71b12065c10
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"3022-5663656517780"
Age
38690175
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
vdU-U3_OGy-hU8yufK4-OrCiEQcaE_iZgG8PJd6vj_xitB6mlxDeJQ==
Date
Wed, 13 Nov 2024 15:08:16 GMT
Content-Type
image/png
Last-Modified
Tue, 27 Feb 2018 19:07:26 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
12322
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
www.fortinet.com/etc/designs/fortinet/gfonts/
37 KB
38 KB
Font
General
Full URL
https://www.fortinet.com/etc/designs/fortinet/gfonts/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.fortinet.com
Referer
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Response headers

X-Vhost
publish
ETag
"9354-5df4fa74ff980"
Age
1093081
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
G9nUlPtMImUxLVsh1i_k7813WmtwAtR50z1C23VdUUhRSfB5AWebmw==
Date
Thu, 31 Oct 2024 23:35:40 GMT
Content-Type
application/octet-stream
Last-Modified
Wed, 18 May 2022 21:08:06 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=2000000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
37716
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig01-remcos-rat-software-website.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image.img.jpeg/1730856265174/
50 KB
51 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image.img.jpeg/1730856265174/fig01-remcos-rat-software-website.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
ced16fb84941eb1582822542d082b1911b669ac0c125c3ba47d55e3521a1514c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"c888-6263460d52440"
Age
435794
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
8YumUOdZqJ68szbnOMRKeku9emORBo82VrhLDlfoyxE6NK61qGK7vw==
Date
Wed, 13 Nov 2024 15:08:17 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:24:25 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
51336
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig02-remcos-phishing-email.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_2145042393.img.jpeg/1730856285752/
77 KB
78 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_2145042393.img.jpeg/1730856285752/fig02-remcos-phishing-email.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
fc0de94620ef9ccacfa68e0c7fef1dd6ad73f7920acd47cc1009713af6f1b703
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"133db-6263462065140"
Age
436301
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
IoBjrl3PceVDg_CIra2QZPpz5G1Wol-RDpv-dE5ywNm0DA04IOGv2g==
Date
Wed, 13 Nov 2024 15:08:17 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:24:45 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
78811
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
fig03-remcos-excel-file.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1526230262.img.jpeg/1730856306653/
77 KB
79 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1526230262.img.jpeg/1730856306653/fig03-remcos-excel-file.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
75e1826a8d1cd5059e09ca0c508d8da3228ecf159fd01316ec34eaef57543357
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"134ca-626346346c080"
Age
436170
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
_4TGR_6OlZQ2pcJq0PFxz2f9ZtD42MrAIYGX75Z2FHAx9AU1C5KijQ==
Date
Wed, 13 Nov 2024 15:08:17 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:25:06 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
79050
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig04-remcos-crafted-ole.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_978323627.img.jpeg/1730856324452/
146 KB
147 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_978323627.img.jpeg/1730856324452/fig04-remcos-crafted-ole.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
30e3ee538441256091bfe54048cdb9883bd4509a9e6e4b68827771ddb1cf4207
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"2471c-6263464596900"
Age
436177
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
kz0o5Qtu6sN9wTxunoUts3olD0xHcQYIRrbJ5K1ZCTfTXoAB18kaUw==
Date
Wed, 13 Nov 2024 15:08:17 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:25:24 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
149276
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig05-remcos-downloaded-hta.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_214426422.img.jpeg/1730856341252/
108 KB
110 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_214426422.img.jpeg/1730856341252/fig05-remcos-downloaded-hta.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
c5e2f3bd6de83dae9307b2eb56380edaef01582a4ca721583ce3c745b15c2388
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"1b119-62634655ccf40"
Age
436177
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
80AAJIt5g89EwNIjMOfY9mDOSj7OhNxW4_fsyo1CM7f5Fk5jZa6d9g==
Date
Wed, 13 Nov 2024 15:08:17 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:25:41 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
110873
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig06-remcos-examples-script.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_215710500.img.jpeg/1730856359157/
169 KB
171 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_215710500.img.jpeg/1730856359157/fig06-remcos-examples-script.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
2bc3f32248814e53fb0792922dae3d54ebbeb6c7be7d95d20df0e2fa6a69ae67
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"2a4dd-62634666f77c0"
Age
436046
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
2fhcukO8SHl0s0ztstkueSBpgeG2nPE1GPk0Gn-tRdK9mxlxTbF6rg==
Date
Wed, 13 Nov 2024 15:08:17 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:25:59 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 39e6266db143f6443f194d8c60e22480.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
173277
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig07-remcos-extracted-files.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1869023178.img.jpeg/1730856378002/
66 KB
67 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1869023178.img.jpeg/1730856378002/fig07-remcos-extracted-files.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
f2489dc61786cfcc0a7d81d9ef195c9ad53620928e746388f507f59f76cbb258
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"106d0-6263467916280"
Age
435882
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
xZpSqgs-i3-RtNRJLhRkkLqVNTCVzWZebYOpzpsuXMP7ycEkkr07uQ==
Date
Wed, 13 Nov 2024 15:08:17 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:26:18 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
67280
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig08-remcos-dllhost-powershell.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1494152091.img.jpeg/1730856395632/
137 KB
138 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1494152091.img.jpeg/1730856395632/fig08-remcos-dllhost-powershell.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
3cafe408bf18e918d7daac870762a97244d03a73aca8ed7fe6a17141dfe34dad
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"22255-626346894c8c0"
Age
436176
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
sBfcrQuvKhcAmY0dMvrOdJJhCPdrF7GtIcV5QDB9trQVq2IyavdGFA==
Date
Wed, 13 Nov 2024 15:08:17 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:26:35 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
139861
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig09-remcos-debugging-aerognosy.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1263028014.img.jpeg/1730856420367/
99 KB
100 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1263028014.img.jpeg/1730856420367/fig09-remcos-debugging-aerognosy.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
5f13d75795dbc9a02d514d38afb282a463efe4698b22c820a040b17c132a6127
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"18be6-626346a124100"
Age
436178
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
dYJb7HpfHkpeERe5UC0_nAzGPhoExsyz_JhfEa-5LFM-uIdVDOUssg==
Date
Wed, 13 Nov 2024 15:08:18 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:27:00 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
101350
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig10-remcos-decrypted-code.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1245682691.img.jpeg/1730856441657/
106 KB
107 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1245682691.img.jpeg/1730856441657/fig10-remcos-decrypted-code.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
8cbd18186b68edee7ccf8f12acfd296f3752d51cd0ebc04dff271e9d601d744d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"1a7ad-626346b52b040"
Age
436178
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
86bqX2EYmalf2ZTJCK1kouekyc1pbwmG52pDUfT5w3kEQD2tl0kIyA==
Date
Wed, 13 Nov 2024 15:08:18 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:27:21 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
108461
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig11-remcos-exception.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1504675537.img.jpeg/1730856457579/
91 KB
92 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1504675537.img.jpeg/1730856457579/fig11-remcos-exception.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
789e8ae2f43db57070e47d9ab0ec5ba687cd2e3525084d152b001cb17e36d03c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"16ae7-626346c46d440"
Age
436047
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
nBPL8JX_FosVw9euXeFJCFWEtgNqk2rXqMV8g-rdiURIWLxy7I5keQ==
Date
Wed, 13 Nov 2024 15:08:18 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:27:37 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
92903
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig12-remcos-zwsetinformation.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1264330218.img.jpeg/1730856485385/
91 KB
92 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1264330218.img.jpeg/1730856485385/fig12-remcos-zwsetinformation.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
b726aa772c609165b5815643b26bb2e91d5d55d337a1cd073a0b9b943d77e869
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"16c89-626346df21340"
Age
436047
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
BiQl8ulEkrRU4YVI1lgkXkedCD-J6mAWdDVOvb0yY0C3723UMZXwKQ==
Date
Wed, 13 Nov 2024 15:08:18 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:28:05 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 39e6266db143f6443f194d8c60e22480.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
93321
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig12a-remcos.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1026353546.img.jpeg/1730856721310/
37 KB
38 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1026353546.img.jpeg/1730856721310/fig12a-remcos.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
259bd74127f3150b5dbe1c2f9da49d1dbeeecce06bd0152f333839f448722ae2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"92e0-626347c032640"
Age
435882
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
OFn0JA-D0V8TTLUzg2hx_gdAwrrRNuFO6WIsQati9Xb9BFq1xhsGBQ==
Date
Wed, 13 Nov 2024 15:08:18 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:32:01 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
37600
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig12b-remcos.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_2010556436.img.jpeg/1730856715090/
52 KB
53 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_2010556436.img.jpeg/1730856715090/fig12b-remcos.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
c3b557d8a9405227edbfd04c2f2f199168deceb2806059a02abba860054615a5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"cfaf-626347ba798c0"
Age
436178
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
g1Py5uCkclTdnIrsqD6gm-ldaBQFO7ZMtun9ib-Rs6rN7fcbazS8ZQ==
Date
Wed, 13 Nov 2024 15:08:18 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:31:55 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
53167
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig13-remcos-display.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_759706181.img.jpeg/1730856571640/
132 KB
133 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_759706181.img.jpeg/1730856571640/fig13-remcos-display.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
3923bff4786ef686d8dd4376b99c73c72b93e302b1dfb68243c7b620c4c27b99
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"20f13-62634731254c0"
Age
436171
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
LRjPq25vpyChnw7bjS7sUhzqtr2nBfOC2OcOU5v36MwXoTzMCqQtXA==
Date
Wed, 13 Nov 2024 15:08:18 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:29:31 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
134931
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig14-remcos-autorun.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_116464583.img.jpeg/1730856593234/
193 KB
194 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_116464583.img.jpeg/1730856593234/fig14-remcos-autorun.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
a1050b6624dd64bb43f5b8c093c1363ab2fdc3b0698ee486df2e7d897d2c6ef6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"302f9-6263474620640"
Age
436178
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
sr-mZpHDKlF3XLPen8Iv6rB3WEwXq31GqQ5IIvrkmbcs0NASglJJVw==
Date
Wed, 13 Nov 2024 15:08:18 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:29:53 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
197369
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig15-remcos-payload.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1244753560.img.jpeg/1730856614418/
94 KB
96 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1244753560.img.jpeg/1730856614418/fig15-remcos-payload.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
38a4d98e8a644d2a59d5f709452915bec15b125de944590af7fcaeb06b2472ca
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"17920-6263475a27580"
Age
436170
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
6wvRhku8YMiyTrZAHe4Xbh4wjKawXD18Hb2mooj_yKHFHo2aYPmJtA==
Date
Wed, 13 Nov 2024 15:08:19 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:30:14 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
96544
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig16-remcos-memory-view-decrypted-setting-blocl.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_116539316.img.jpeg/1730856630902/
209 KB
211 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_116539316.img.jpeg/1730856630902/fig16-remcos-memory-view-decrypted-setting-blocl.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
7d8bd939933062935977eeb7af4d11047164be70e17407be8c754458ae19ba4e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"34522-6263476969980"
Age
436177
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
QE-ht3cBcvvSu9ldMpAwujKd7UnjUbLaUWoNYHShB-GcUXBAzNTykQ==
Date
Wed, 13 Nov 2024 15:08:20 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:30:30 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
214306
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig17-remcos-register-packet.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_320814119.img.jpeg/1730856652374/
266 KB
268 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_320814119.img.jpeg/1730856652374/fig17-remcos-register-packet.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
4874fa9fd13dc1a03d79114835648fcad2a4ea5f9e53a72a19f7a1c2f002de34
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"428a2-6263477e64b00"
Age
436177
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
qZU6JCFE6DltCJRwTWQaJTRkgjauLmKpj6IgzqCF08eBX6v8pYF9zw==
Date
Wed, 13 Nov 2024 15:08:19 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:30:52 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
272546
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig17b-remcos-command.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1144901365.img.jpeg/1730856733204/
8 KB
9 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1144901365.img.jpeg/1730856733204/fig17b-remcos-command.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
32b4931413d5ce2afcf4ef52b12d39c3d6dd7247bd73c3a160c734b67c1a4c95
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"1f26-626347cba4140"
Age
436172
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
dwLfvmlWAcBBffVqGvKH5uB2zawSOGfpgKQHfwfPrei5r-JPBOIYxA==
Date
Wed, 13 Nov 2024 15:08:20 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:32:13 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 39e6266db143f6443f194d8c60e22480.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
7974
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig18-remcos-send-process-list-c2.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_42816202.img.jpeg/1730856755219/
219 KB
220 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_42816202.img.jpeg/1730856755219/fig18-remcos-send-process-list-c2.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d12d6916f244b407ef03c8a770d16da6a3aa60adef4d3ad50c6341c32fe841cc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"36ad6-626347e09f2c0"
Age
436046
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
RjUxKp_mlG3qQAgJlB47tI3NQ3saFAODXO6tl7vworkfRqQbpnjTww==
Date
Wed, 13 Nov 2024 15:08:20 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:32:35 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 39e6266db143f6443f194d8c60e22480.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
223958
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig19-remcos-process-manager.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1820712132.img.jpeg/1730856776798/
122 KB
124 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1820712132.img.jpeg/1730856776798/fig19-remcos-process-manager.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
a5fedaddf8960351b7dcb1bf9b4a2ce58b28a336901d7eebe92b92c9aeb185f8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"1e978-626347f4a6200"
Age
436177
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
G3c9-FkP2CVLM3nqp-0xM0pKOURDJ-kd3CSheJfBE35WzoeX6QtZKw==
Date
Wed, 13 Nov 2024 15:08:20 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:32:56 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
125304
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig19-remcos-table.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_988305437.img.jpeg/1730856801764/
577 KB
578 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_988305437.img.jpeg/1730856801764/fig19-remcos-table.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
23ca5578686d651deed4508b104fe16de675ab296becda560dc17d741f090af1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"9046c-6263480c7da40"
Age
436177
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
sZcoV6DD_wNZGj-gJ3TZFEyARdj5NTZkJe4Dkgn-4SHvo4eznEPXGg==
Date
Wed, 13 Nov 2024 15:08:20 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:33:21 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
590956
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig20-remcos-workflow.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_109718400.img.jpeg/1730856820846/
69 KB
71 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_109718400.img.jpeg/1730856820846/fig20-remcos-workflow.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
c93c62ebfd2a7f0e95f77ea558c53c2536ba327c1a28ad4870f2d518476500b6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
ETag
"115f2-6263481e9c500"
Age
436172
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
RpRW6WVFd5AIVTHKKIXRzL4bipYu_cJ_fKaD4Ov6KylDfra4UcZJig==
Date
Wed, 13 Nov 2024 15:08:20 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 06 Nov 2024 01:33:40 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
71154
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
59 B
295 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept
application/json
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, OPTIONS
cf-ray
8e1fb4c9c981dc8e-FRA
access-control-allow-origin
*
date
Wed, 13 Nov 2024 15:13:31 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.10.0/
356 KB
78 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c44f719750dd68af8862cbcfa4ab17d67bf462fa44992e5043f073af63c72984
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
Bh9exWOPGIwRshWljrtlEw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
cf-bgj
minify
cf-cache-status
HIT
x-ms-version
2009-09-19
age
29698
content-encoding
gzip
x-content-type-options
nosniff
cf-polished
origSize=364824
date
Wed, 13 Nov 2024 15:13:31 GMT
content-type
application/javascript
last-modified
Thu, 03 Dec 2020 02:43:00 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
f4887a51-a01e-00a0-1512-205cec000000
cf-ray
8e1fb4caa831dbc5-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
en.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/4ee482d4-0cd8-4c59-918a-90483d5b8131/
100 KB
24 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/4ee482d4-0cd8-4c59-918a-90483d5b8131/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46ef912a5bf1fec350dc9d14102bcf1965471f16a57a890bdc5fc06bc4404370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
0twb7zWjuAt4bYR0sykmNQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC07DF2D729AA1
age
69725
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Thu, 14 Nov 2024 15:13:31 GMT
date
Wed, 13 Nov 2024 15:13:31 GMT
content-type
application/json
last-modified
Thu, 28 Dec 2023 19:57:10 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
ed815389-c01e-0038-2c4c-26d2d3000000
cf-ray
8e1fb4ccbd148fe3-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
24175
x-ms-blob-type
BlockBlob
server
cloudflare
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/
9 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/otCenterRounded.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
452ee2471448cc6b716090a014cf7fc9cc515998bda9dcc334aa073a72a591e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
SH1nUCPouc1JVrHnvxpQbg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8D89735210A49EB
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
23619
x-content-type-options
nosniff
date
Wed, 13 Nov 2024 15:13:31 GMT
content-type
application/json
last-modified
Thu, 03 Dec 2020 02:42:51 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
754eaa05-001e-00c0-3a4f-2f19ce000000
cf-ray
8e1fb4ce7e978fe3-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
2857
x-ms-blob-type
BlockBlob
server
cloudflare
otPcTab.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/
45 KB
12 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
zNsRoM1FEmsEgJoYMCNTng==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8D897352245C4EA
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
38284
x-content-type-options
nosniff
date
Wed, 13 Nov 2024 15:13:31 GMT
content-type
application/json
last-modified
Thu, 03 Dec 2020 02:42:53 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
ecfe8c79-601e-0080-574e-79c685000000
cf-ray
8e1fb4ce7e988fe3-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
11755
x-ms-blob-type
BlockBlob
server
cloudflare
launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
assets.adobedtm.com/
506 KB
122 KB
Script
General
Full URL
https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:c8d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
0cd344605a83e699d26efaf3206c882e108d1197292e2f3b4c327a24ed53e613
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"5af35dc6c4eab0ab0109cd04e32f1d39:1730940560.67827"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:13:32 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
124401
date
Wed, 13 Nov 2024 15:13:32 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:20 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP31dbb9c60e404ba1aa6e746d49be6f29/
35 KB
13 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP31dbb9c60e404ba1aa6e746d49be6f29/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:c8d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
7db8d077fc21c20f1449a2603d524e423cfa25d7df6d5fd845a8e5e883aa227e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache
timing-allow-origin
*
content-encoding
gzip
etag
"66aabcd8a7ba429711eebdad8acc3dd6:1729811534.672229"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:13:32 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
13011
date
Wed, 13 Nov 2024 15:13:32 GMT
content-type
application/x-javascript
last-modified
Thu, 24 Oct 2024 23:12:14 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP31dbb9c60e404ba1aa6e746d49be6f29/
3 KB
2 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP31dbb9c60e404ba1aa6e746d49be6f29/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:c8d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
2a250e2f225e48cf583d54a0a42d623c700847de17323bf23ea372e5d9e89cb2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache
timing-allow-origin
*
content-encoding
gzip
etag
"ddda3fb3f27121fcba6a33a82f32d57c:1729811534.987187"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:13:32 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
1598
date
Wed, 13 Nov 2024 15:13:32 GMT
content-type
application/x-javascript
last-modified
Thu, 24 Oct 2024 23:12:14 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
6si.min.js
j.6sc.co/
68 KB
19 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.64.90 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-18-64-90.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
private, proxy-revalidate, max-age=10800
content-encoding
gzip
etag
"66fb91ae-111bb"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 18:13:33 GMT
accept-ranges
bytes
content-length
18819
date
Wed, 13 Nov 2024 15:13:33 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
last-modified
Tue, 01 Oct 2024 06:07:42 GMT
RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
358 B
509 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:c8d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
7c502d550f5fe20eee417decbabf97452005f80d5ffe8933e2b0fe8cbcf33fe9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:13:33 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
229
date
Wed, 13 Nov 2024 15:13:33 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
optOutStatus
dpm.demdex.net/
41 B
542 B
XHR
General
Full URL
https://dpm.demdex.net/optOutStatus?d_visid_ver=5.5.0&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1731510813153
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.34.142.90 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-34-142-90.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e5873dbdaa376d924cfa4b2ba4b1622d4e6e483866e2b7bc24ef3007ff5960e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-irl1-2-v069-0b065b696.edge-irl1.demdex.com 1 ms
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
x-tid
aGMD7GDmTOw=
expires
Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin
https://www.fortinet.com
content-length
60
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Wed, 13 Nov 2024 15:13:33 GMT
content-type
application/json;charset=utf-8
vary
Origin
/
c.6sc.co/
7 B
194 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.64.90 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-18-64-90.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-methods
GET,POST
access-control-allow-origin
https://www.fortinet.com
content-length
7
date
Wed, 13 Nov 2024 15:13:33 GMT
content-type
text/html
access-control-allow-headers
*
/
ipv6.6sc.co/
20 B
311 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:21::217:d11c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
bfd3189d965573e36997f170667b1ceef5cfd0471b6f5be228ca6ac7bcb97c23

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
pragma
no-cache
6si-ipv6
2a01:4a0:1338:92::12
expires
Wed, 13 Nov 2024 15:13:33 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731510813247_389993811_92329559_28_945_45_268_219";dur=1
access-control-allow-origin
https://www.fortinet.com
content-length
20
date
Wed, 13 Nov 2024 15:13:33 GMT
content-type
text/html
vary
Origin
RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/
2 KB
1005 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:c8d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
3e75053eb73861e42602ca4075a48ad1a004f507ca9949210cfd09517114cc72
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"e4025e557089d49e2fc1f023a01abf25:1730940563.547746"
x-content-type-options
nosniff
expires
Wed, 13 Nov 2024 16:13:33 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
724
date
Wed, 13 Nov 2024 15:13:33 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 00:49:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
favicon.ico
www.fortinet.com/etc/designs/fortinet-blog/
318 B
2 KB
Other
General
Full URL
https://www.fortinet.com/etc/designs/fortinet-blog/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"13e-565c628eb6a00-gzip"
Age
1093080
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
vbfZlcUrKR6Gk78YrWrkVZIj6IK0UQHBcXI0EYbK8y-akI_uUuON6w==
Date
Fri, 01 Nov 2024 23:38:58 GMT
Content-Type
image/vnd.microsoft.icon
Last-Modified
Thu, 22 Feb 2018 05:17:28 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=2000000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
133
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
details
eps.6sc.co/v3/company/
740 B
653 B
XHR
General
Full URL
https://eps.6sc.co/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.2.108.141 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afe865822f884bb48.awsglobalaccelerator.com
Software
/
Resource Hash
a16a8eb1006deca6a9a6ccedf5176d374b3ea8d35ff08cf29321623d0c943f69

Request headers

Authorization
Token 7381d1d7c753fe2d8e217c3fdc44c0f17418dcc4
X-6s-CustomID
WebTag1.0 5eeecf22b2d12a77a14639dce97b7a36
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-expose-headers
X-6si-Region
timing-allow-origin
https://6sense.com
content-encoding
gzip
x-6si-region
access-control-allow-credentials
true
access-control-allow-origin
https://www.fortinet.com
content-length
393
date
Wed, 13 Nov 2024 15:13:33 GMT
content-type
application/json
vary
Origin, Accept-Encoding
details
eps.6sc.co/v3/company/
0
0
Preflight
General
Full URL
https://eps.6sc.co/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.2.108.141 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afe865822f884bb48.awsglobalaccelerator.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-6s-customid
Access-Control-Request-Method
GET
Origin
https://www.fortinet.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,x-6s-customid
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.fortinet.com
access-control-expose-headers
X-6si-Region
access-control-max-age
1800
content-length
0
date
Wed, 13 Nov 2024 15:13:33 GMT
timing-allow-origin
https://6sense.com
x-6si-region
s5285365040468
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/
Redirect Chain
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s5285365040468?AQB=1&ndh=1&pf=1&t=13%2F10%2F2024%2016%3A13%3A33%203%20-60&fid=12F4753D9B2BAF89-04C3932BA99F7F92&ce=UTF-8&pag...
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s5285365040468?AQB=1&pccr=true&vidn=339A610ECE3CE068-60000CD4030BBA39&ndh=1&pf=1&t=13%2F10%2F2024%2016%3A13%3A33%203%20-60&f...
43 B
249 B
Image
General
Full URL
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s5285365040468?AQB=1&pccr=true&vidn=339A610ECE3CE068-60000CD4030BBA39&ndh=1&pf=1&t=13%2F10%2F2024%2016%3A13%3A33%203%20-60&fid=12F4753D9B2BAF89-04C3932BA99F7F92&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Protocol
H2
Server
63.140.62.222 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-62-222.data.adobedc.net
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache, no-store, max-age=0, no-transform, private
pragma
no-cache
etag
3718391157526790144-4618371169965223091
x-content-type-options
nosniff
expires
Tue, 12 Nov 2024 15:13:33 GMT
access-control-allow-origin
*
p3p
CP="This is not a P3P policy"
content-length
43
date
Wed, 13 Nov 2024 15:13:33 GMT
x-xss-protection
1; mode=block
last-modified
Thu, 14 Nov 2024 15:13:33 GMT
vary
*
server
jag
content-type
image/gif;charset=utf-8

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache, no-store, max-age=0, no-transform, private
location
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s5285365040468?AQB=1&pccr=true&vidn=339A610ECE3CE068-60000CD4030BBA39&ndh=1&pf=1&t=13%2F10%2F2024%2016%3A13%3A33%203%20-60&fid=12F4753D9B2BAF89-04C3932BA99F7F92&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
pragma
no-cache
x-content-type-options
nosniff
expires
Tue, 12 Nov 2024 15:13:33 GMT
access-control-allow-origin
*
p3p
CP="This is not a P3P policy"
content-length
0
date
Wed, 13 Nov 2024 15:13:33 GMT
x-xss-protection
1; mode=block
content-type
text/plain;charset=utf-8
vary
Origin
server
jag
last-modified
Thu, 14 Nov 2024 15:13:33 GMT

Verdicts & Comments Add Verdict or Comment

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| OptanonWrapper object| fortinet_blog object| EasyAutocomplete object| search_config boolean| blogFilter string| documentsQuery function| htmlEncode function| hideAutoComplete function| sitesearch_init function| sitesearch_search_callback function| sitesearch_countall_callback function| sitesearch_do_search function| sitesearch_do_force_search function| sitesearch_spellcheck_callback function| sitesearch_do_spellcheck function| sitesearch_do_suggest_search function| sitesearch_query_searchresult_callback function| sitesearch_do_query_searchresult function| sitesearch_click_page_callback function| sitesearch_click_page function| search_action function| sitesearch_search_fortiguard function| count_facets_type function| shuffle_facets function| setImmediate function| clearImmediate function| $ function| jQuery object| OtTrustedType string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| Optanon object| OneTrust object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in number| timer_e object| _6si function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq function| liberatedGetOptOut object| Sixsct object| t boolean| _storagePopulated object| s_i_fortinetincproduction object| targetGlobalSettings

11 Cookies

Domain/Path Name / Value
www.fortinet.com/ Name: cookiesession1
Value: 678A3E22DC98A7DDB6B5F941E3BA8248
.fortinet.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Wed+Nov+13+2024+16%3A13%3A32+GMT%2B0100+(Mitteleurop%C3%A4ische+Normalzeit)&version=6.10.0&hosts=&consentId=3a77e2e8-62d5-46bc-a7e0-d20a4f0112ab&interactionCount=0&landingPath=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
www.fortinet.com/ Name: AWSALB
Value: MShn2Z+hOMUyrHVwikOojZ4FmX5AVlCoxAkaLp/YbJDNieNDtOrPy24xshZJc4AeYp3oHJB1zQeBOwxen0KrGchUgnBvb1pb40HUQwdr+mgG5xi/gnhhM3JyFs9IhXzoo69cF4VwRoHSNBpG1ucMo7RptXahmnPQFsTwfcqeknPsMaanu4G4DZS3uO3SlYu1OdBctZJpBmBrwlAlQwGNWvgvJ3OPKrdB
www.fortinet.com/ Name: AWSALBCORS
Value: TB6d0r/TlXYKrKusvg6ayClpKu+dU3oHaUut1tSUxovK1OEWq5JXT0Q/TQoUI13yMwlwMiGK7rQF6e0EewIt9PVcFRxanqBa69hj0uozgqZt2nLiCS4v12A/zrW6uQjmthlT+3TGa8Ezm1oEv9WhPKkqXBhWiB66Qf6bPjezlyn9SHt8/gpqAByRcVtfl6SWbX1PjyWaySyE7DkkVskGWS4cLvf3qoHH
www.fortinet.com/ Name: aa_cc
Value: DE
www.fortinet.com/ Name: aa_cn
Value: DE
.fortinet.com/ Name: s_fid
Value: 12F4753D9B2BAF89-04C3932BA99F7F92
.fortinet.com/ Name: gpv_pn
Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims
.fortinet.com/ Name: s_getNewRepeat
Value: 1731510813580-New
.fortinet.com/ Name: s_cc
Value: true
.fortinet.com/ Name: s_vi
Value: [CS]v1|339A610ECE3CE068-60000CD4030BBA39[CE]

3 Console Messages

Source Level URL
Text
rendering warning URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0700002F41C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
javascript warning URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Message:
The resource https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Message:
The resource https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
c.6sc.co
cdn.cookielaw.org
dpm.demdex.net
eps.6sc.co
geolocation.onetrust.com
ipv6.6sc.co
j.6sc.co
metrics.fortinet.com
www.fortinet.com
2.18.64.90
2606:4700:4400::6812:2089
2606:4700::6812:572a
2a02:26f0:3500:c8d::1e80
2a02:26f0:480:21::217:d11c
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd
63.140.62.222
63.34.142.90
75.2.108.141
0cd344605a83e699d26efaf3206c882e108d1197292e2f3b4c327a24ed53e613
0cf246d6cd139b795a60b01f5d66885f3a685b2433222bd698371d429418d5ea
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
23ca5578686d651deed4508b104fe16de675ab296becda560dc17d741f090af1
259bd74127f3150b5dbe1c2f9da49d1dbeeecce06bd0152f333839f448722ae2
2a250e2f225e48cf583d54a0a42d623c700847de17323bf23ea372e5d9e89cb2
2bc3f32248814e53fb0792922dae3d54ebbeb6c7be7d95d20df0e2fa6a69ae67
30e3ee538441256091bfe54048cdb9883bd4509a9e6e4b68827771ddb1cf4207
32b4931413d5ce2afcf4ef52b12d39c3d6dd7247bd73c3a160c734b67c1a4c95
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
38a4d98e8a644d2a59d5f709452915bec15b125de944590af7fcaeb06b2472ca
3923bff4786ef686d8dd4376b99c73c72b93e302b1dfb68243c7b620c4c27b99
3cafe408bf18e918d7daac870762a97244d03a73aca8ed7fe6a17141dfe34dad
3e75053eb73861e42602ca4075a48ad1a004f507ca9949210cfd09517114cc72
452ee2471448cc6b716090a014cf7fc9cc515998bda9dcc334aa073a72a591e7
46ef912a5bf1fec350dc9d14102bcf1965471f16a57a890bdc5fc06bc4404370
4874fa9fd13dc1a03d79114835648fcad2a4ea5f9e53a72a19f7a1c2f002de34
5a922a2c59c77d6ae5ce67413c452540ffe00b468d240ab6928531bab15fce2b
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
5f13d75795dbc9a02d514d38afb282a463efe4698b22c820a040b17c132a6127
75e1826a8d1cd5059e09ca0c508d8da3228ecf159fd01316ec34eaef57543357
789e8ae2f43db57070e47d9ab0ec5ba687cd2e3525084d152b001cb17e36d03c
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
7c502d550f5fe20eee417decbabf97452005f80d5ffe8933e2b0fe8cbcf33fe9
7d8bd939933062935977eeb7af4d11047164be70e17407be8c754458ae19ba4e
7db8d077fc21c20f1449a2603d524e423cfa25d7df6d5fd845a8e5e883aa227e
7fad0b58c45141ac8b2fafa7e378a66f2d8a9297e3253ea671b40c09a8a085a8
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
8cbd18186b68edee7ccf8f12acfd296f3752d51cd0ebc04dff271e9d601d744d
910ab43f73b6073142379650feb6de6f77744c9a418754fab9e8c71b12065c10
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
9ce9e23b2f0aff01f3a20cde4e99e014e306dfb3c420bee920ea9e0f323a6ccc
a1050b6624dd64bb43f5b8c093c1363ab2fdc3b0698ee486df2e7d897d2c6ef6
a16a8eb1006deca6a9a6ccedf5176d374b3ea8d35ff08cf29321623d0c943f69
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a5fedaddf8960351b7dcb1bf9b4a2ce58b28a336901d7eebe92b92c9aeb185f8
ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace
b726aa772c609165b5815643b26bb2e91d5d55d337a1cd073a0b9b943d77e869
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
bfd3189d965573e36997f170667b1ceef5cfd0471b6f5be228ca6ac7bcb97c23
c3b557d8a9405227edbfd04c2f2f199168deceb2806059a02abba860054615a5
c44f719750dd68af8862cbcfa4ab17d67bf462fa44992e5043f073af63c72984
c5e2f3bd6de83dae9307b2eb56380edaef01582a4ca721583ce3c745b15c2388
c93c62ebfd2a7f0e95f77ea558c53c2536ba327c1a28ad4870f2d518476500b6
ced16fb84941eb1582822542d082b1911b669ac0c125c3ba47d55e3521a1514c
d12d6916f244b407ef03c8a770d16da6a3aa60adef4d3ad50c6341c32fe841cc
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
e5873dbdaa376d924cfa4b2ba4b1622d4e6e483866e2b7bc24ef3007ff5960e7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2489dc61786cfcc0a7d81d9ef195c9ad53620928e746388f507f59f76cbb258
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
fc0de94620ef9ccacfa68e0c7fef1dd6ad73f7920acd47cc1009713af6f1b703
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a