www.trellix.com Open in urlscan Pro
2a02:26f0:7100::210:151 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-...
Submission: On October 24 via api (October 24th 2024, 10:35:46 am UTC) from IN — Scanned from DE

Summary HTTP 143 Redirects Links 32 Behaviour Indicators

Summary

This website contacted 25 IPs in 5 countries across 17 domains to perform 143 HTTP transactions. The main IP is 2a02:26f0:7100::210:151, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.trellix.com. The Cisco Umbrella rank of the primary domain is 327631.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on October 22nd 2024. Valid for: a year.

This is the only time www.trellix.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
102	2a02:26f0:710... 2a02:26f0:7100::210:151	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
3	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a02:26f0:350... 2a02:26f0:3500:597::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	3.160.150.115 3.160.150.115	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
4	104.16.93.80 104.16.93.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2620:1ec:29:1... 2620:1ec:29:1::64	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	216.58.206.68 216.58.206.68	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:c81::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:206... 2600:9000:206f:9e00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.195.217.231 18.195.217.231	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:710... 2a02:26f0:7100:594::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	34.250.93.70 34.250.93.70	16509 (AMAZON-02) (AMAZON-02)
1	52.203.56.255 52.203.56.255	14618 (AMAZON-AES) (AMAZON-AES)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
2	63.140.62.27 63.140.62.27	15224 (OMNITURE) (OMNITURE)
1 1	52.17.97.65 52.17.97.65	16509 (AMAZON-02) (AMAZON-02)
3	20.119.174.243 20.119.174.243	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	66.235.152.156 66.235.152.156	15224 (OMNITURE) (OMNITURE)
1	143.204.98.107 143.204.98.107	16509 (AMAZON-02) (AMAZON-02)
1	104.16.92.80 104.16.92.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2.16.168.12 2.16.168.12	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2a02:26f0:480... 2a02:26f0:480:f::213:7ee3	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7ec8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
143	25

102 2a02:26f0:7100::210:151 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.trellix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3500:597::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.160.150.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-160-150-115.fra60.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.93.80 (None, )

ASN13335 (CLOUDFLARENET, US)

627-oog-590.mktoweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:29:1::64 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.206.68 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s11-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:c81::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:9e00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.217.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-217-231.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100:594::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.250.93.70 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-93-70.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
musarubra.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.203.56.255 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-203-56-255.compute-1.amazonaws.com

api2932.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.140.62.27 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-27.data.adobedc.net

smetrics.trellix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.97.65 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-97-65.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.119.174.243 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

r.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.235.152.156 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-66-235-152-156.data.adobedc.net

trellix.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-107.fra50.r.cloudfront.net

cdn-0.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.92.80 (None, )

ASN13335 (CLOUDFLARENET, US)

627-oog-590.mktoweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.168.12 (Netherlands) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-168-12.deploy.static.akamaitechnologies.com

trial-eum-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kd7qo5qcccuayzy2el6q-pakm38-2e8c99089-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7ee3 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

trial-eum-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7ec8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

fiaqjiathaajgkqce3yajaaab5truix5-pakm38-0e707c105-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
104	trellix.com www.trellix.com — Cisco Umbrella Rank: 327631 smetrics.trellix.com — Cisco Umbrella Rank: 688338	4 MB
5	clarity.ms www.clarity.ms — Cisco Umbrella Rank: 634 r.clarity.ms — Cisco Umbrella Rank: 6682	29 KB
5	mktoweb.com 627-oog-590.mktoweb.com	77 KB
4	akamaihd.net 2 redirects trial-eum-clientnsv4-s.akamaihd.net — Cisco Umbrella Rank: 2923 kd7qo5qcccuayzy2el6q-pakm38-2e8c99089-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net — Cisco Umbrella Rank: 2926 fiaqjiathaajgkqce3yajaaab5truix5-pakm38-0e707c105-clienttons-s.akamaihd.net	1 KB
4	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 243 musarubra.demdex.net	3 KB
4	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 430	134 KB
3	sharethis.com platform-api.sharethis.com — Cisco Umbrella Rank: 4938 buttons-config.sharethis.com — Cisco Umbrella Rank: 5686 l.sharethis.com — Cisco Umbrella Rank: 5365	48 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 220	44 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	283 KB
2	d41.co api2932.d41.co — Cisco Umbrella Rank: 986490 cdn-0.d41.co — Cisco Umbrella Rank: 25587	25 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1607 c.go-mpulse.net — Cisco Umbrella Rank: 772	50 KB
2	google.com www.google.com — Cisco Umbrella Rank: 3	1022 B
1	omtrdc.net trellix.tt.omtrdc.net	844 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1371	490 B
1	gstatic.com www.gstatic.com	217 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3643
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 311	65 KB
143	17

	Domain	Requested by
102	www.trellix.com	www.trellix.com
5	627-oog-590.mktoweb.com	www.trellix.com 627-oog-590.mktoweb.com
4	assets.adobedtm.com	www.trellix.com assets.adobedtm.com
3	r.clarity.ms	www.trellix.com
3	cdnjs.cloudflare.com	www.trellix.com
3	www.googletagmanager.com	www.trellix.com www.googletagmanager.com
2	smetrics.trellix.com	www.trellix.com
2	musarubra.demdex.net	www.trellix.com
2	dpm.demdex.net	assets.adobedtm.com www.trellix.com
2	www.google.com	www.trellix.com
2	www.clarity.ms	www.trellix.com www.clarity.ms
1	fiaqjiathaajgkqce3yajaaab5truix5-pakm38-0e707c105-clienttons-s.akamaihd.net
1	trial-eum-clienttons-s.akamaihd.net	1 redirects
1	kd7qo5qcccuayzy2el6q-pakm38-2e8c99089-clientnsv4-s.akamaihd.net
1	trial-eum-clientnsv4-s.akamaihd.net	1 redirects
1	cdn-0.d41.co	assets.adobedtm.com
1	trellix.tt.omtrdc.net	www.trellix.com
1	cm.everesttech.net	1 redirects
1	www.gstatic.com	www.google.com
1	region1.google-analytics.com	www.googletagmanager.com
1	api2932.d41.co	assets.adobedtm.com
1	c.go-mpulse.net	s.go-mpulse.net
1	l.sharethis.com	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	s.go-mpulse.net	www.trellix.com
1	cdn.jsdelivr.net	www.trellix.com
1	platform-api.sharethis.com	www.trellix.com
143	27

This site contains links to these domains. Also see Links.

Domain
auth.ui.trellix.com
partners.trellix.com
developer.manage.trellix.com
marketplace.manage.trellix.com
trellix.com
training-catalog.trellix.com
trellixpartners.trellix.com
careers.trellix.com
trellix-training.netexam.com
trellix.g2planet.com
thrive.trellix.com
docs.trellix.com
shop.trellix.com
www.linkedin.com
www.youtube.com
x.com
soulfulwork.com

Subject Issuer	Validity	Valid
www.trellix.com Sectigo RSA Organization Validation Secure Server CA	`2024-10-22` - `2025-10-22`	a year	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-09` - `2025-08-09`	a year	crt.sh
sharethis.com Amazon RSA 2048 M03	`2024-04-19` - `2025-05-17`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
627-oog-590.mktoweb.com WE1	`2024-09-19` - `2024-12-18`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2024-09-04` - `2025-09-04`	a year	crt.sh
*.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
akstat.io DigiCert TLS RSA SHA256 2020 CA1	`2024-07-31` - `2025-07-31`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-25` - `2025-10-26`	a year	crt.sh
*.d41.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-15` - `2025-02-14`	a year	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
smetrics.trellix.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-06` - `2025-01-05`	a year	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2025-03-28`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/
Frame ID: 300150D6415083519362389CC40D0669
Requests: 142 HTTP requests in this frame

Frame: https://musarubra.demdex.net/dest5.html?d_nsid=0
Frame ID: ADAC55C2C20639EB4779D2602FD3B048
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfqXqAlAAAAAOcuwHMDX6Uo3mWxPTJUxjh8kcZu&co=aHR0cHM6Ly93d3cudHJlbGxpeC5jb206NDQz&hl=de&v=lqsTZ5beIbCkK4uGEGv9JmUR&size=invisible&cb=fs7reydjjmbb
Frame ID: 5DB7D909CADDBCCA9AC067D7EFDD5863
Requests: 1 HTTP requests in this frame

Frame: https://627-oog-590.mktoweb.com/index.php/form/XDFrame
Frame ID: 9F0D1CD736F327417051A76DD6E21160
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Unmasking the Hidden Threat: Inside a Sophisticated Excel-Based Attack Delivering Fileless Remcos RAT

Page URL History Show full URLs

https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-base... Page URL
https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-base... Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

Chart.js (JavaScript Graphics) Expand

Overall confidence: 75%
Detected patterns

/Chart(?:\.bundle)?(?:\.min)?\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

143
Requests

98 %
HTTPS

42 %
IPv6

17
Domains

27
Subdomains

25
IPs

5
Countries

5191 kB
Transfer

9525 kB
Size

25
Cookies

32 Outgoing links

These are links going to different origins than the main page.

URL: https://auth.ui.trellix.com/
Title: Trellix Login

Search URL Search Domain Scan URL

URL: https://partners.trellix.com/
Title: Trellix Hive

Search URL Search Domain Scan URL

URL: https://developer.manage.trellix.com/
Title: Developer Portal

Search URL Search Domain Scan URL

URL: https://marketplace.manage.trellix.com/
Title: Marketplace

Search URL Search Domain Scan URL

URL: https://trellix.com/en-au/
Title: Australia (English)

Search URL Search Domain Scan URL

URL: https://trellix.com/pt-br/
Title: Brasil (Português)

Search URL Search Domain Scan URL

URL: https://trellix.com/en-ca/
Title: Canada (English)

Search URL Search Domain Scan URL

URL: https://trellix.com/fr-ca/
Title: Canada (Français)

Search URL Search Domain Scan URL

URL: https://trellix.com/de-de/
Title: Deutschland (Deutsch)

Search URL Search Domain Scan URL

URL: https://trellix.com/es-es/
Title: España (Español)

Search URL Search Domain Scan URL

URL: https://trellix.com/fr-fr/
Title: France (Français)

Search URL Search Domain Scan URL

URL: https://trellix.com/en-hk/
Title: Hong Kong (English)

Search URL Search Domain Scan URL

URL: https://trellix.com/en-in/
Title: India (English)

Search URL Search Domain Scan URL

URL: https://trellix.com/it-it/
Title: Italia (Italiano)

Search URL Search Domain Scan URL

URL: https://trellix.com/ja-jp/
Title: 日本 (日本語)

Search URL Search Domain Scan URL

URL: https://trellix.com/ko-kr/
Title: 대한민국 (한국어)

Search URL Search Domain Scan URL

URL: https://trellix.com/es-mx/
Title: México (Español)

Search URL Search Domain Scan URL

URL: https://trellix.com/en-sg/
Title: Singapore (English)

Search URL Search Domain Scan URL

URL: https://trellix.com/en-gb/
Title: United Kingdom (English)

Search URL Search Domain Scan URL

URL: https://trellix.com/
Title: United States (English)

Search URL Search Domain Scan URL

URL: https://training-catalog.trellix.com/
Title: Training Courses

Search URL Search Domain Scan URL

URL: https://trellixpartners.trellix.com/english/register_email.aspx
Title: Become a Partner

Search URL Search Domain Scan URL

URL: https://careers.trellix.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://trellix-training.netexam.com/
Title: Training Courses

Search URL Search Domain Scan URL

URL: https://trellix.g2planet.com/xpand_live_2022/register
Title: Register Now

Search URL Search Domain Scan URL

URL: https://thrive.trellix.com/
Title: Support

Search URL Search Domain Scan URL

URL: https://docs.trellix.com/
Title: Product Documentation

Search URL Search Domain Scan URL

URL: https://shop.trellix.com/1320/purl-cataloghome
Title: Shop Online

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/trellixsecurity

Search URL Search Domain Scan URL

URL: https://www.youtube.com/trellixsecurity

Search URL Search Domain Scan URL

URL: https://x.com/Trellix

Search URL Search Domain Scan URL

URL: https://soulfulwork.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/ Page URL
https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 123

https://cm.everesttech.net/cm/dd?d_uuid=15040623255615104383017110925251841714 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zxoi-AAAAFZuvgN-

Request Chain 140

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pakm38b75 HTTP 302
https://kd7qo5qcccuayzy2el6q-pakm38-2e8c99089-clientnsv4-s.akamaihd.net/eum/results.txt

Request Chain 141

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pakm38b75 HTTP 302
https://fiaqjiathaajgkqce3yajaaab5truix5-pakm38-0e707c105-clienttons-s.akamaihd.net/eum/results.txt

143 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/ 2 KB
2 KB 239ms
98ms Document
text/html 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6627ca25d87ed46fa552d611de1512c7d1bfbaad2ef3517fd3134b3d43d2c68e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 1466
content-type: text/html
date: Thu, 24 Oct 2024 10:35:38 GMT
expires: 0
mime-version: 1.0
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1729766138644_34603341_628695420_20_13522_36_0_255";dur=1
strict-transport-security: max-age=15768000
vary: Accept-Encoding

POST
H2 200 verify
www.trellix.com/_sec/ 16 B
763 B 57ms
56ms XHR
application/json 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/_sec/verify?provider=interstitial

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

mime-version: 1.0
expires: Thu, 24 Oct 2024 10:35:38 GMT
strict-transport-security: max-age=15768000
server-timing: cdn-cache; desc=HIT, edge; dur=4, ak_p; desc="1729766138734_34603341_628695486_676_10078_36_0_255";dur=1
content-length: 16
date: Thu, 24 Oct 2024 10:35:38 GMT
content-type: application/json

GET
H2 200 Primary Request / Show response
www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/ 182 KB
47 KB 453ms
452ms Document
text/html 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

584c91e67284c0975554752f88e15aaab71790454091a4d2bacc7eb193245dd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
content-type: text/html;charset=utf-8
date: Thu, 24 Oct 2024 10:35:39 GMT
etag: W/"2c6c7-625366e019b71-gzip"
expires: Thu, 01 Jan 1970 00:00:00 GMT
last-modified: Thu, 24 Oct 2024 10:26:04 GMT
referrer-policy: no-referrer-when-downgrade
server-timing: cdn-cache; desc=HIT edge; dur=379 origin; dur=0 ak_p; desc="1729766138793_34603341_628695511_37820_15418_36_0_255";dur=1
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-akamai-transformed: 9 42761 0 pmb=mTOE,3mRUM,1
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 Montserrat-VF.woff2
www.trellix.com/www/css/fonts/ 120 KB
120 KB 201ms
197ms Font
application/octet-stream 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/fonts/Montserrat-VF.woff2?v=1.0

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

30340b72c6991d891792731fb1dd492ff6a2c530adee3b22d13c5fbc522601e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.trellix.com
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "1dfc4-604b4f3ca26c0"
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139326_34603341_628695738_4164_12480_42_0_219";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 06 Sep 2023 18:31:31 GMT
vary: Accept-Encoding
content-type: application/octet-stream
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 122871
x-xss-protection: 1; mode=block

GET
H2 200 bootstrap-icons.woff2
www.trellix.com/www/css/fonts/ 128 KB
128 KB 279ms
275ms Font
application/octet-stream 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/fonts/bootstrap-icons.woff2?v=1.0

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d029b51d694d1b0b226cacde588b0dd3c0cd0be4b9ead38b4e6e728442b2b8d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.trellix.com
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139371_34603341_628695739_8576_12898_42_0_219";dur=1
content-length: 130856
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: application/octet-stream
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 utm-cookie-setter.min.js Show response
www.trellix.com/www/js/ 4 KB
2 KB 146ms
129ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/utm-cookie-setter.min.js?v=1.0

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f5220de08601a1ac90a232b88b0d39488905190d45535bcc5fefbe9b100eba32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139697_34603341_628695882_4127_15509_37_0_146";dur=1
content-length: 1334
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: application/javascript
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 322 KB
107 KB 215ms
123ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-P2K9CJ3DRL

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b2bf76499598162ec1fa1ee40899b2c2bee1810f0bf286798a6d3dd8eb1a6181

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 24 Oct 2024 10:35:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 109421
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 common.min.css
www.trellix.com/www/css/ 940 KB
88 KB 158ms
154ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/common.min.css?v=5.0

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f306b61b8e4ed1fb3b4a0fa93193fbfc635d9fa116084f60c78db961ea2ecd2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139326_34603341_628695737_3999_11149_42_0_255";dur=1
content-length: 89386
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: text/css
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.5/ 71 KB
26 KB 144ms
96ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.5/gsap.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28033e449a31ebcc396e5be8b13b63152bf03094288fb5867034321927bce087

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "65a9b559-63ab"
age: 61580
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=edJ1QG59KYwxtKUqDF4mqGJaCeVlhszGEt4wQ%2FRvIVnyA8ewXb5iCXyKfRQj6l7t0MFkSC3%2ByZlGctXJ%2FOwUHVejijUQOd7vXQ1F2JmGrj0QnDMKWXja6UIVmtn1Mgzd3Uzsk725"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 14 Oct 2025 10:35:39 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Jan 2024 23:33:45 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d795242b88e2c01-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25515
server: cloudflare

GET
H3 200 ScrollTrigger.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.5/ 42 KB
16 KB 109ms
62ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.5/ScrollTrigger.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad33c2df9ada8a663c2147357828f980d0b7ca731ef33eb3c6e4f327c3b2cda5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "65a9b559-3e20"
age: 58887
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AW%2BM2QXt7%2FGHhIuTi4ahMVyckeGfqFeX5c5pxWnq7KFMQTBZ5qeNb0mXRvz0SQCihH%2F9JJQuiMPIZQ4AEpkWxpmtoUawNuWYLK%2BI5rtmpEMNZcE2qe%2Bhu3FVVSIKYVC%2BG5F1WzRX"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 14 Oct 2025 10:35:39 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Jan 2024 23:33:45 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d795242b88f2c01-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15904
server: cloudflare

GET
H3 200 ScrollToPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.5/ 4 KB
2 KB 105ms
58ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.5/ScrollToPlugin.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e82f1a686ce2f7a62a7078bf101a386c58bd4e3b0b2e99f5774b7c1e54f8440f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "65a9b559-6bc"
age: 66265
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YRwrgbdYu2ljYAnSXVS70anpIw3BHSKM%2FimGAOidOFJAMFcHYx0rqT6KiPUf%2FRSWtkT1qWfpuRmzq9cekkRJVbNMiqyhCsRMirEd8ph0IdoUwcVSbRC9HMYT82cXTDVj5FvH9hIT"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 14 Oct 2025 10:35:39 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Jan 2024 23:33:45 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d795242b88a2c01-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1724
server: cloudflare

GET
H2 200 newco.min.js Show response
www.trellix.com/www/js/ 93 KB
26 KB 145ms
129ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/newco.min.js?v=1.0

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c9e2b515dbd3297d3582f93d2379df40fb1f622cedd8a0bfd68d5ba3a4887eac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139660_34603341_628695883_480_12450_37_0_146";dur=1
content-length: 26240
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: application/javascript
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 launch-675ffef2af24.min.js Show response
assets.adobedtm.com/f0febc6281f5/daaefd9d8423/ 358 KB
111 KB 161ms
53ms Script
application/x-javascript 2a02:26f0:3500:597::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/launch-675ffef2af24.min.js
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:597::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 41ff9779305bdc6ddb5a5e7eeff448010e4dc8372402114b4ce4b312b26f869d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "745d08af8ad0be9130feb1d366752080:1727385979.627149"
expires: Thu, 24 Oct 2024 11:35:39 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.trellix.com
content-length: 113003
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/x-javascript
last-modified: Thu, 26 Sep 2024 21:26:19 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 a8ad0b8 Show response
www.trellix.com/akam/13/ 26 KB
10 KB 645ms
630ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/akam/13/a8ad0b8

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c540fc745aa98b3688ae932469d410b80fe059453fb4caaa8375dc98b56b2d77

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=21600
content-encoding: gzip
etag: "628ead3782c5d2f3a695b42ea6b91a96d6ea5bc08c40f1f35a38b44b94830a39"
server-timing: cdn-cache; desc=HIT, edge; dur=560, origin; dur=0, ak_p; desc="1729766139660_34603341_628695884_56460_8235_38_0_146";dur=1
content-length: 8767
date: Thu, 24 Oct 2024 10:35:40 GMT
stored-attribute-sha-checksum: c540fc745aa98b3688ae932469d410b80fe059453fb4caaa8375dc98b56b2d77
last-modified: Thu, 22 Feb 2024 19:50:10 GMT
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 popper-v2.11.5.js Show response
www.trellix.com/www/js/ 19 KB
7 KB 147ms
132ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/popper-v2.11.5.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7ab491a2f3105aa299a74df2993d21b1d90113e151ab397da33f3b6aa22ca7e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "4d0f-5e44138d45540-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139670_34603341_628695885_1419_16388_38_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 20 Jul 2022 19:01:01 GMT
vary: Accept-Encoding
content-type: application/javascript
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 7189
x-xss-protection: 1; mode=block

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 206 KB
46 KB 140ms
42ms Script
text/javascript 3.160.150.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.160.150.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-160-150-115.fra60.r.cloudfront.net

Software

Resource Hash

98d32b00fca86fc6994df33302e051a6ad03461a43ff5797d5b10ace4cf4772f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=600, public
content-encoding: gzip
etag: W/"336d0-g/6wprihOkYe7HpMswOVDodT6lU"
age: 551
via: 1.1 6dcc6937cfa978a65f9d5d75296b24a6.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: XRtqAl4wmV2R7a_LMzg3JN-kEdyK7L7VOmwVJpJ-5HLT4jNRSaKRrQ==
edge-control: cache-maxage=60m,downstream-ttl=60m
date: Thu, 24 Oct 2024 10:26:28 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-amz-cf-pop: FRA60-P7
x-frame-options: SAMEORIGIN

GET
H2 200 chart.js Show response
cdn.jsdelivr.net/npm/ 201 KB
65 KB 128ms
37ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/chart.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2df966377ac21760d4162cec7e8a0049acfbb29421934c5a52efa99188273c7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"32423-MbYzL20wZR6T1SY67KXagUI/f4I"
age: 17328
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230122-FRA, cache-cph2320053-CPH
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 65996
x-jsd-version: 4.4.5

GET
H2 200 button-control.min.js Show response
www.trellix.com/www/js/ 43 KB
8 KB 309ms
306ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/button-control.min.js?v=1.2

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

35d5c7cdbecbf3a7affa221bf7ff7e61a61d57b0187693a2bf9ea65835878812

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.trellix.com
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139326_34603341_628695740_4020_11121_42_0_219";dur=1
content-length: 8025
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: application/javascript
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 header-footer-control.min.js Show response
www.trellix.com/www/js/ 4 KB
2 KB 146ms
133ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/header-footer-control.min.js?v=1.0

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d899dcbc7eaea8bddf03382c290f577abc55f04dbaf498f1f33c32fd1a69269a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139659_34603341_628695886_350_10573_37_0_146";dur=1
content-length: 1616
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: application/javascript
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 form-control.min.js Show response
www.trellix.com/www/js/ 64 KB
19 KB 238ms
225ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/form-control.min.js?v=1.0

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

419e8d55d3c9dc42570b5aef98d606fab8aeb82b1620f02c98b882ccf46b017e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139781_34603341_628695905_5228_12143_37_0_146";dur=1
content-length: 19290
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: application/javascript
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 fancyapps-control-v5.min.js Show response
www.trellix.com/www/js/ 2 KB
1 KB 311ms
309ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/fancyapps-control-v5.min.js?v=1.0

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2be3c9e333c016d1449decbf1abf10d4d4aef32099dcf5cb61bb23ee7e6aec64

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.trellix.com
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139330_34603341_628695741_4472_12716_42_0_219";dur=1
content-length: 681
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: application/javascript
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 jquery.rollNumber.js Show response
www.trellix.com/www/js/ 4 KB
2 KB 312ms
298ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/jquery.rollNumber.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c82b40567e9093a0ef5749ac800d9014cbcaf35820d1dd464cd16bdc4636d965

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "115d-600f03edbb0c0-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139839_34603341_628695906_10928_9946_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Thu, 20 Jul 2023 19:35:07 GMT
vary: Accept-Encoding
content-type: application/javascript
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 1515
x-xss-protection: 1; mode=block

GET
H2 200 charts-control.min.js Show response
www.trellix.com/www/js/ 1 KB
961 B 241ms
228ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/charts-control.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dcc64728657d8a221d4d98b440fa1754f08088732bf487aef530c0db45bfe8c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "46c-61d9babfec1c0-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139742_34603341_628695907_1266_11442_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Fri, 19 Jul 2024 15:51:43 GMT
vary: Accept-Encoding
content-type: application/javascript
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 524
x-xss-protection: 1; mode=block

GET
H2 200 toc-control.min.js Show response
www.trellix.com/www/js/ 864 B
906 B 311ms
298ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/toc-control.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8c3a1927bf00edb2ad50aec1d493925daa858bf15b22dcb6f69dd7e902978446

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "360-605f61de67480-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139846_34603341_628695908_11690_24874_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Fri, 22 Sep 2023 17:41:22 GMT
vary: Accept-Encoding
content-type: application/javascript
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 467
x-xss-protection: 1; mode=block

GET
H2 200 gsap-control.js Show response
www.trellix.com/www/js/ 12 KB
3 KB 242ms
229ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/gsap-control.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

58da02b9270de8619cda29e7973946a213d979931270beefddbad2ead61730ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "2f2b-624b092ccc000-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139742_34603341_628695909_1246_11479_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Thu, 17 Oct 2024 18:44:16 GMT
vary: Accept-Encoding
content-type: application/javascript
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 2653
x-xss-protection: 1; mode=block

GET
H2 200 Trellix-Logo-Black.svg
www.trellix.com/en-us/assets/logos/ 2 KB
1 KB 311ms
309ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/assets/logos/Trellix-Logo-Black.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f1db9226a29ed07a02ee3a1743c325277f2248cfdb8315ba8602418c5c1610db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "865-6214de23b4f00"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139326_34603341_628695742_4092_14489_42_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 04 Sep 2024 16:44:12 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 1067
x-xss-protection: 1; mode=block

GET
H2 200 T0307-grad.svg
www.trellix.com/en-us/img/icons/gradient/ 2 KB
1 KB 311ms
309ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/icons/gradient/T0307-grad.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b5d92d039d7e5b586da380cd3972abbfb70da8f47d460fc8bad00b7ef8ee590b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "86f-5e689808a2b40"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=47, ak_p; desc="1729766139326_34603341_628695743_8616_14458_42_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Thu, 18 Aug 2022 20:05:25 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 953
x-xss-protection: 1; mode=block

GET
H2 200 T0266-grad.svg
www.trellix.com/en-us/img/icons/gradient/ 2 KB
1 KB 63ms
61ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/icons/gradient/T0266-grad.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9febcf4a23351d2662253aa22007bb307431d2ba5bd4925adb7161dd4aed2965

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "6b6-5e6897e4655c0"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139582_34603341_628695828_62_13013_37_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Thu, 18 Aug 2022 20:04:47 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 814
x-xss-protection: 1; mode=block

GET
H2 200 T0022-grad.svg
www.trellix.com/en-us/img/icons/gradient/ 1 KB
1 KB 66ms
66ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/icons/gradient/T0022-grad.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e52fe8dc347f5b0cb9583c614bf3888a85701b27aafb61b6530d2f451df5f15f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "5cf-5e689734eb7c0"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2, ak_p; desc="1729766139596_34603341_628695834_176_11730_37_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Thu, 18 Aug 2022 20:01:43 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 679
x-xss-protection: 1; mode=block

GET
H2 200 T0001-grad.svg
www.trellix.com/en-us/img/icons/gradient/ 2 KB
1 KB 54ms
53ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/icons/gradient/T0001-grad.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

516580cb2ff8b38b4319ed3840509e5ecae6c7bea3157f5e50cb21c4b96895e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "7a9-5e68972791840"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139623_34603341_628695843_64_13553_37_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Thu, 18 Aug 2022 20:01:29 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 851
x-xss-protection: 1; mode=block

GET
H2 200 au.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 866 B
841 B 233ms
220ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/au.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2dca728e7e70fffba5efeb1d7f5230f9fad0a4851c5b4daeb187f84f775e845d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "362-5f9b539857e40"
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139742_34603341_628695910_1267_22828_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:13:53 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 437
x-xss-protection: 1; mode=block

GET
H2 200 br.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 686 B
817 B 235ms
223ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/br.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2333b293cbc44e8b736565ac84d4bd03cb136f017e5194d321dcc8ca46aa0464

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "2ae-5f9b539f04e00"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139783_34603341_628695911_5336_13421_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:14:00 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 388
x-xss-protection: 1; mode=block

GET
H2 200 ca.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 438 B
720 B 233ms
221ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/ca.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

be435f09cf3e411f2436202801a90d127800cc5f7b970fdd95aa4f177f8075a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "1b6-5f9b53a0ed280"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139742_34603341_628695912_1282_11343_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:14:02 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 292
x-xss-protection: 1; mode=block

GET
H2 200 de.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 334 B
665 B 237ms
225ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/de.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

3f6dc3fa445f3225e6ed2a1b4bcdb6b74684b5804e6bb2cb6b50aa0325b8d81a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "14e-5f9b53a6a6000"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139766_34603341_628695913_3687_14395_36_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:14:08 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 236
x-xss-protection: 1; mode=block

GET
H2 200 es.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 2 KB
1 KB 304ms
293ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/es.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

3a001c14356b470b8c7ef544144aed6db1298b95cf33303d0471afeae26f197e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "99d-5f9b53af3b440"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139827_34603341_628695914_9797_10371_37_0_219";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:14:17 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 880
x-xss-protection: 1; mode=block

GET
H2 200 fr.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 340 B
670 B 232ms
221ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/fr.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1d0c12a2157fc4a25fb7eb4e989b7555289c118fcb20c5eacebbfe0dafcbe30c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "154-5f9b53b30bd40"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139778_34603341_628695915_4833_13449_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:14:21 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 242
x-xss-protection: 1; mode=block

GET
H2 200 hk.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 704 B
857 B 304ms
293ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/hk.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

050572c4702c51dd080efe7c0d3860163d6784e16216cb4df9cfb9b1d212d87d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "2c0-5f9b53bba1180"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139834_34603341_628695916_10445_11268_37_0_219";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:14:30 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 427
x-xss-protection: 1; mode=block

GET
H2 200 in.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 475 B
688 B 235ms
224ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/in.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2ca4c5390345dec3c0c86d73c1f40e798027600ffbb5a96653f7799a7f71896c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "1db-5f9b53c159f00"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139765_34603341_628695917_3589_12108_36_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:14:36 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 259
x-xss-protection: 1; mode=block

GET
H2 200 it.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 340 B
670 B 242ms
231ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/it.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8f3ce99568a7c2e2560aa69cb825ac34a68dd483ffcb5c71a1204d52f882f45e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "154-5f9b53c342380"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2, ak_p; desc="1729766139794_34603341_628695918_6596_32063_37_0_219";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:14:38 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 242
x-xss-protection: 1; mode=block

GET
H2 200 jp.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 273 B
627 B 236ms
226ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/jp.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

17cea0bab5029d578ee10727a9d9b93ab89720e394241ff6d59b5744d44f3d9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "111-5f9b53c4365c0"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139797_34603341_628695919_6781_13732_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:14:39 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 198
x-xss-protection: 1; mode=block

GET
H2 200 kr.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 933 B
858 B 235ms
225ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/kr.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a0176d1f7b6aefb13f9233976b017ba8a8da82634b03e8150ccf5f78f4db9494

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "3a5-5f9b53c712c80"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139765_34603341_628695920_3584_12082_36_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:14:42 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 429
x-xss-protection: 1; mode=block

GET
H2 200 mx.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 2 KB
1 KB 234ms
224ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/mx.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2348643e40a35e21443e9913eec800683a12acdad9aa96ba07d786fe1747e192

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "638-5f9b53d190540"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139753_34603341_628695921_2418_11499_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:14:53 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 722
x-xss-protection: 1; mode=block

GET
H2 200 sg.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 829 B
815 B 234ms
224ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/sg.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9885d0fa075819d785e2bffb9d001b53b6730c4812e259b1c93b9cd1e5f05a02

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "33d-5f9b53ef20b00"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139802_34603341_628695922_7311_23811_37_0_219";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:15:24 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 387
x-xss-protection: 1; mode=block

GET
H2 200 gb.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 817 B
880 B 233ms
223ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/gb.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

88169c656c516ac6374fe2a7988e103f6eb99db165ce6478aa68ce1b74e67ba9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "331-5f9b53b4f41c0"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=17, ak_p; desc="1729766139766_34603341_628695923_5245_11846_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:14:23 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 451
x-xss-protection: 1; mode=block

GET
H2 200 us.svg
www.trellix.com/en-us/img/state-flags/circle-flags/ 723 B
756 B 344ms
335ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/state-flags/circle-flags/us.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7f3012f520e4aefcff6acbb8cc7198fee604f3f806fd228f59c94077437bda82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "2d3-5f9b541175c00"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=104, ak_p; desc="1729766139817_34603341_628695924_19081_16721_37_0_219";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 19 Apr 2023 19:16:00 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 326
x-xss-protection: 1; mode=block

GET
H2 200 nav-no-alert-left-behind-card.jpg
www.trellix.com/en-us/img/cards/ 38 KB
39 KB 240ms
231ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/cards/nav-no-alert-left-behind-card.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6802b345a7a0a8598d73665be12bd678f2ebcee723b9082e93409f8a4d2fdbaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "99f0-6252e003d3ac0"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=22, ak_p; desc="1729766139754_34603341_628695925_4701_10722_37_0_146";dur=1
content-length: 39408
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Thu, 24 Oct 2024 00:22:43 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 nav-trellix-thrive-card.jpg
www.trellix.com/en-us/img/cards/ 33 KB
33 KB 242ms
233ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/cards/nav-trellix-thrive-card.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

78ac4d2a654f89abd04afbc49a220020660b70464e4826e39673de4e37cc95bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "830d-624c757c6c480"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139767_34603341_628695926_3788_25684_37_0_146";dur=1
content-length: 33549
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Fri, 18 Oct 2024 21:54:10 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 nav-weekly-tech-talk-card.jpg
www.trellix.com/en-us/img/cards/ 22 KB
22 KB 244ms
235ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/cards/nav-weekly-tech-talk-card.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8fb4d49c66b26a87070b52ff59ad02931f9d3dbc3029c0a378a108dd9689166d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "56a6-624c79da21180"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139812_34603341_628695927_8243_13111_37_0_146";dur=1
content-length: 22182
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Fri, 18 Oct 2024 22:13:42 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 nav-control.min.js Show response
www.trellix.com/www/js/ 2 KB
1 KB 66ms
66ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/nav-control.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

30545707854a2822b07daed1aae8e94b571f673adac8e661762b125ae1350de5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "7cd-5ff34d71df400-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139639_34603341_628695847_98_13198_37_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 28 Jun 2023 18:34:56 GMT
vary: Accept-Encoding
content-type: application/javascript
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 656
x-xss-protection: 1; mode=block

GET
H2 200 forms2.min.js Show response
627-oog-590.mktoweb.com/js/forms2/js/ 199 KB
67 KB 271ms
61ms Script
application/x-javascript 104.16.93.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://627-oog-590.mktoweb.com/js/forms2/js/forms2.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.93.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0602c4fb1597b7e6e111fe79777e195cacbc73774fcaf233a7835b33372dceae

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "14e02f5-31b91-62370c030d900"
age: 5257
x-content-type-options: nosniff
cf-ray: 8d795245fb32ca70-HAM
expires: Thu, 24 Oct 2024 14:35:39 GMT
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Tue, 01 Oct 2024 21:10:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 clientlib-jquery.min.js Show response
www.trellix.com/etc.clientlibs/corpcom/clientlibs/ 340 KB
101 KB 138ms
119ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/clientlib-jquery.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c6ce16a2b1eddee2b9f005b419e5e7c0882743dd7550260c6e35073c4607990b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "550b0-60e8f8ef81880-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139703_34603341_628695873_4803_12864_37_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
last-modified: Wed, 10 Jan 2024 04:06:42 GMT
content-disposition: inline
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 102589
x-xss-protection: 1; mode=block

GET
H2 200 clientlibs.min.js Show response
www.trellix.com/etc.clientlibs/corpcom/components/content/marketoForm/ 36 KB
9 KB 145ms
127ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/components/content/marketoForm/clientlibs.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a0ab6e29ce917d2091bced7e47d2328c45d50979f1eadb56ae265cec49107b1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "911b-62491bf068f80-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139659_34603341_628695874_327_36735_37_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
last-modified: Wed, 16 Oct 2024 05:57:34 GMT
content-disposition: inline
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 8520
x-xss-protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 190 KB
69 KB 143ms
59ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K45F7Q73

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b1d4cd6637e955cbfbe5ef3d33bf3e177ac5520d81a0a62c1294d3805796c41d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 24 Oct 2024 10:35:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 24 Oct 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 69847
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 hkgsujld4i Show response
www.clarity.ms/tag/ 571 B
827 B 257ms
128ms Script
application/x-javascript 2620:1ec:29:1::64
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/hkgsujld4i
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 401732863df92f5da9850291f234e01cf3c9b24587c13020a5505d6554b2c1a7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cache-control: no-cache, no-store
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
expires: -1
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 571
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/x-javascript
x-azure-ref: 20241024T103539Z-er1787bdbf4n4rqr19kxyrd2g40000000avg00000001r3w2

GET
H2 200 ajax-loading.gif
www.trellix.com/admin/images/ 2 KB
3 KB 242ms
234ms Image
image/gif 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/admin/images/ajax-loading.gif

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

11f59915c5e02c29fb22980a76c5994bafa5379b73483442ec25b5edf1d7d076

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
etag: "903-5d4566a678b40"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=14, ak_p; desc="1729766139755_34603341_628695928_3929_10174_36_0_146";dur=1
content-length: 2307
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: attachment
last-modified: Thu, 30 Dec 2021 05:35:01 GMT
content-type: image/gif
x-frame-options: SAMEORIGIN

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 2 KB
1022 B 136ms
53ms Script
text/javascript 216.58.206.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LfqXqAlAAAAAOcuwHMDX6Uo3mWxPTJUxjh8kcZu&onload=grecaptchaListeners_ready

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s11-in-f4.1e100.net

Software

ESF /

Resource Hash

acd1fe5f7f9f6dcbf1e8336ff1e922a33373cb8e2c2a805c3b2e650749bd91eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Thu, 24 Oct 2024 10:35:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Thu, 24 Oct 2024 10:35:39 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H2 200 trellix-xpand-live-2022-horz-wht.svg
www.trellix.com/en-us/img/events/xpand-live/ 5 KB
3 KB 330ms
322ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/events/xpand-live/trellix-xpand-live-2022-horz-wht.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

791b87e15baa22bedacfcdc48292787390d530e8462366dc6351caff2069188a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "1349-5e64ce47f3c40"
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=172, origin; dur=0, ak_p; desc="1729766139743_34603341_628695929_18470_10458_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Mon, 15 Aug 2022 19:46:49 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 2291
x-xss-protection: 1; mode=block

GET
H2 200 unmasking-the-hidden-threat-1.jpg
www.trellix.com/en-us/img/newsroom/stories/ 94 KB
95 KB 670ms
662ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-1.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

28142ec3f3a440b8687bc30d70ef377dbfccf286cb4d326ebeb5eb7a3c4f8b70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "17850-6217085da6480"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=465, origin; dur=0, ak_p; desc="1729766139774_34603341_628695930_50924_26799_38_0_146";dur=1
content-length: 96336
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:03:46 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-2-1.jpg
www.trellix.com/en-us/img/newsroom/stories/ 96 KB
96 KB 306ms
299ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-2-1.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6e569ead156ce6bd5cce2f9ec9a5a6efb4439889cdb718c2a14b4e23b021a1fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "17f4b-6217085e9a6c0"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=127, origin; dur=0, ak_p; desc="1729766139755_34603341_628695931_15181_10140_38_0_146";dur=1
content-length: 98123
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:03:47 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-2-2.jpg
www.trellix.com/en-us/img/newsroom/stories/ 71 KB
71 KB 705ms
698ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-2-2.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9882b3610fdb82cf681ea3464bc031d127e3a3f8b24242f0d471b8ff40de4241

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "11ac5-6217085f8e900"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=489, origin; dur=0, ak_p; desc="1729766139804_34603341_628695932_56457_11666_37_0_146";dur=1
content-length: 72389
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:03:48 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-3.jpg
www.trellix.com/en-us/img/newsroom/stories/ 146 KB
147 KB 760ms
753ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-3.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2236c2e4a37163e53ab7328e2516d2cd0615406cc42e84c9e8ce78a4c9ce8c17

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "248b1-6217086082b40"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=438, origin; dur=0, ak_p; desc="1729766139893_34603341_628695944_60143_28609_37_0_146";dur=1
content-length: 149681
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:03:49 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-4.jpg
www.trellix.com/en-us/img/newsroom/stories/ 181 KB
181 KB 576ms
569ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-4.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

010834276c6952fe62d380759fe229f60933c58e0760e9424572f3bd38eb9be2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "2d233-621708626afc0"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=299, origin; dur=0, ak_p; desc="1729766139832_34603341_628695945_40169_12952_46_0_146";dur=1
content-length: 184883
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:03:51 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-5.jpg
www.trellix.com/en-us/img/newsroom/stories/ 82 KB
82 KB 520ms
514ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-5.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

038fa1a8af5f60561b6ea646418bc465200c65e8c2325cfb54573faec07a7c01

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "147a0-621708635f200"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=236, origin; dur=0, ak_p; desc="1729766139869_34603341_628695946_37515_12919_46_0_146";dur=1
content-length: 83872
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:03:52 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-6.jpg
www.trellix.com/en-us/img/newsroom/stories/ 35 KB
35 KB 691ms
684ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-6.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

aa45926035087a6965de2cda5390ea25175cc55e531a5a22d54acc1150f8563e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "8a7f-6217086453440"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=416, origin; dur=0, ak_p; desc="1729766139862_34603341_628695947_54861_12363_38_0_146";dur=1
content-length: 35455
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:03:53 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-7.jpg
www.trellix.com/en-us/img/newsroom/stories/ 92 KB
92 KB 544ms
538ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-7.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c7131ad766bfa86711bac0d9aaaebbe378fd22e2d46417a3ec330deec9584685

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "16f19-6217086547680"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=261, origin; dur=0, ak_p; desc="1729766139862_34603341_628695948_39377_12402_46_0_146";dur=1
content-length: 93977
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:03:54 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-8.jpg
www.trellix.com/en-us/img/newsroom/stories/ 293 KB
294 KB 600ms
595ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-8.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f89553b3c0e342a1d4e9f3fd0728a8389747367171482f0c9ae8c79518c336a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "49520-621708672fb00"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=353, origin; dur=0, ak_p; desc="1729766139826_34603341_628695949_44998_11485_38_0_146";dur=1
content-length: 300320
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:03:56 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-9.jpg
www.trellix.com/en-us/img/newsroom/stories/ 86 KB
86 KB 715ms
709ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-9.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9785a7895f41df385f769d0442e02b05b98a900850cc45aaab7667c1fe2ea5a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "15614-6217086917f80"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=381, origin; dur=0, ak_p; desc="1729766139922_34603341_628695950_57328_13288_36_0_146";dur=1
content-length: 87572
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:03:58 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-10.jpg
www.trellix.com/en-us/img/newsroom/stories/ 22 KB
23 KB 520ms
514ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-10.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c658618f3cb0bd727f1c61c25047868aedf72c55e4db33f00ce5231c619c862a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "590b-6217086a0c1c0"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=237, origin; dur=0, ak_p; desc="1729766139838_34603341_628695951_34508_10207_46_0_146";dur=1
content-length: 22795
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:03:59 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-11.jpg
www.trellix.com/en-us/img/newsroom/stories/ 18 KB
19 KB 575ms
570ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-11.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

baaabf07ce7c2e212331a67492310ae823357dd3fb9648c5cc01a63461d17028

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "48d5-6217086b00400"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=257, origin; dur=0, ak_p; desc="1729766139863_34603341_628695952_38996_29026_46_0_146";dur=1
content-length: 18645
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:04:00 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-12.jpg
www.trellix.com/en-us/img/newsroom/stories/ 55 KB
56 KB 577ms
572ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-12.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

82a907df7d2011145eeae84bf54e3b52bdbd4d7081e07bd959afdc00c02c9442

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "dc88-6217086bf4640"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=284, origin; dur=0, ak_p; desc="1729766139845_34603341_628695953_39931_14708_46_0_146";dur=1
content-length: 56456
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:04:01 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-13.jpg
www.trellix.com/en-us/img/newsroom/stories/ 150 KB
150 KB 520ms
515ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-13.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

990eda3367d8ec0727a9760338ec48e5f3bcadf86995d01704962e357da04831

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "256ef-6217086ce8880"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=211, origin; dur=0, ak_p; desc="1729766139856_34603341_628695954_33893_12504_46_0_146";dur=1
content-length: 153327
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:04:02 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-14.jpg
www.trellix.com/en-us/img/newsroom/stories/ 390 KB
390 KB 520ms
515ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-14.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2707847f2f596f7a8515c78311fcd82276bd7cddf1d78e4ebd52879fb24d0cdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "61679-6217086fc4f40"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=252, origin; dur=0, ak_p; desc="1729766139849_34603341_628695955_37137_12984_46_0_146";dur=1
content-length: 398969
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:04:05 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-15.jpg
www.trellix.com/en-us/img/newsroom/stories/ 747 KB
748 KB 545ms
540ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-15.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

126d4c3775f5f82031b74ba1ecf2c94fbcf4b142bfe432ba15275ae593a19653

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "bacbd-62170872a1600"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=275, origin; dur=0, ak_p; desc="1729766139850_34603341_628695956_39535_11373_46_0_146";dur=1
content-length: 765117
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:04:08 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-16.jpg
www.trellix.com/en-us/img/newsroom/stories/ 32 KB
32 KB 520ms
515ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-16.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

aa1c350ba37b90d9c86fa0ca1d07a6a42de9dde809c757fb39da1e3f0ba63403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "7fca-6217087395840"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=199, origin; dur=0, ak_p; desc="1729766139838_34603341_628695957_30684_10134_40_0_146";dur=1
content-length: 32714
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:04:09 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-17.jpg
www.trellix.com/en-us/img/newsroom/stories/ 50 KB
51 KB 547ms
543ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-17.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

793f1dd2a2f316abd36f5482777d6e88686410bba7f3710ff30b681e1d8cc430

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "c897-6217087489a80"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=218, origin; dur=0, ak_p; desc="1729766139908_34603341_628695958_39612_12872_46_0_146";dur=1
content-length: 51351
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:04:10 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-18.jpg
www.trellix.com/en-us/img/newsroom/stories/ 59 KB
60 KB 658ms
654ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/unmasking-the-hidden-threat-18.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f1997570009c48a4a68992b828cb37604c5ac0a52bb28f8c938a690bcd3b9e1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "ecd1-621708757dcc0"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=412, origin; dur=0, ak_p; desc="1729766139827_34603341_628695959_50934_10763_36_0_146";dur=1
content-length: 60625
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Fri, 06 Sep 2024 10:04:11 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 clientlib-jquery.min.css
www.trellix.com/etc.clientlibs/corpcom/clientlibs/ 0
403 B 145ms
128ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/clientlib-jquery.min.css

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2, ak_p; desc="1729766139673_34603341_628695875_1964_13389_38_0_182";dur=1
content-length: 20
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: text/css;charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 clientlibs.min.css
www.trellix.com/etc.clientlibs/corpcom/components/content/recentblogs/ 121 B
532 B 146ms
129ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/components/content/recentblogs/clientlibs.min.css

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9e4b062827b5b7cbc414849dc515073b541f9b72b77dc5ba86f028a9f8112e1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "79-60e8f8e6ec440-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=3, ak_p; desc="1729766139669_34603341_628695876_1590_15735_38_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
last-modified: Wed, 10 Jan 2024 04:06:33 GMT
content-disposition: inline
vary: Accept-Encoding
content-type: text/css;charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 96
x-xss-protection: 1; mode=block

GET
H2 200 clientlibs.min.js Show response
www.trellix.com/etc.clientlibs/corpcom/components/content/recentblogs/ 5 KB
2 KB 145ms
128ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/components/content/recentblogs/clientlibs.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ed4928c93314a279ef7a6bd32a62a1d5dd156580fb4b6f3e1e51860b1854f489

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "1400-60e8f9464a540-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=20, ak_p; desc="1729766139659_34603341_628695877_2252_10763_38_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
last-modified: Wed, 10 Jan 2024 04:08:13 GMT
content-disposition: inline
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 1535
x-xss-protection: 1; mode=block

GET
H2 200 Trellix-x-white.svg
www.trellix.com/en-us/assets/logos/ 877 B
883 B 331ms
327ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/assets/logos/Trellix-x-white.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2f23c0be63796bb9f31674a55a412a7c9e603a95d900291fbfac1175d443b90d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "36d-6214de639a5c0"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=71, ak_p; desc="1729766139837_34603341_628695960_17802_25623_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 04 Sep 2024 16:45:19 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 453
x-xss-protection: 1; mode=block

GET
H2 200 clientlib-base.min.css
www.trellix.com/etc.clientlibs/corpcom/clientlibs/ 2 KB
1 KB 316ms
298ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/clientlib-base.min.css

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

97ac409c93cb6090806f65b329a8c29c9cd3f538b7e401dce27d99691a9937a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "835-620b5cc898d40-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=101, ak_p; desc="1729766139759_34603341_628695878_20484_11722_37_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
last-modified: Wed, 28 Aug 2024 03:17:33 GMT
content-disposition: inline
vary: Accept-Encoding
content-type: text/css;charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 907
x-xss-protection: 1; mode=block

GET
H2 200 clientlib-base.min.js Show response
www.trellix.com/etc.clientlibs/corpcom/clientlibs/ 7 KB
3 KB 145ms
128ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/clientlib-base.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a7267e9045ee2997b3f124f23f60e2e79989c1fb585156b9255c74b59220f582

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "1d5d-620b5d6223780-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=4, ak_p; desc="1729766139659_34603341_628695879_751_10726_37_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
last-modified: Wed, 28 Aug 2024 03:20:14 GMT
content-disposition: inline
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 2225
x-xss-protection: 1; mode=block

GET
H2 200 csrf.min.js Show response
www.trellix.com/etc.clientlibs/corpcom/clientlibs/ 3 KB
2 KB 146ms
129ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7b3ffddd4ed31fafda8372c812fa40d4b7ce3b7ad44e094bf816fec533e06829

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "c8e-60e8f8f075ac0-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=8, ak_p; desc="1729766139661_34603341_628695880_1222_26577_37_0_182";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
last-modified: Wed, 10 Jan 2024 04:06:43 GMT
content-disposition: inline
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 1447
x-xss-protection: 1; mode=block

GET
H2 200 18QeW4B Show response
www.trellix.com/UkX10n06B/Zi7JWNOi/IDY86JOI/0M/N9aSXmkrbLchOQ5c/TisvAQ/DixeL/ 306 KB
107 KB 152ms
136ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/UkX10n06B/Zi7JWNOi/IDY86JOI/0M/N9aSXmkrbLchOQ5c/TisvAQ/DixeL/18QeW4B

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

df88c97f2c560a631ea88036fcf6142b14bf3a412165123f43b35fe3fae85bd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=21600, max-age=21600
content-encoding: br
etag: "b68ba35a342f05ba44e2e31fbec16fb2ece48dd6a3f5ad89b1318c88c9fbfb6b"
server-timing: cdn-cache; desc=HIT, edge; dur=8, ak_p; desc="1729766139717_34603341_628695881_6996_8390_37_0_182";dur=1
content-length: 108788
date: Thu, 24 Oct 2024 10:35:39 GMT
stored-attribute-sha-checksum: df88c97f2c560a631ea88036fcf6142b14bf3a412165123f43b35fe3fae85bd2
last-modified: Tue, 03 Sep 2024 15:50:54 GMT
content-type: application/javascript

GET
H2 200 fancybox.css
www.trellix.com/www/css/fancyapps-v5/ 23 KB
5 KB 117ms
115ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/fancyapps-v5/fancybox.css?v=1.2

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9036ca926f0b2f8ab9ade63bfabc393a47d1ff47da1b29472c49071af8ad8937

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=3, ak_p; desc="1729766139512_34603341_628695801_2488_12625_36_0_255";dur=1
content-length: 4895
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: text/css
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 carousel.css
www.trellix.com/www/css/fancyapps-v5/ 11 KB
3 KB 107ms
106ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/fancyapps-v5/carousel.css?v=1.2

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2f8e4f32fb56783390fe10c09ae3a716d3afc8efb77361de3eeb764908b9174d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=3, ak_p; desc="1729766139499_34603341_628695802_1089_11585_36_0_255";dur=1
content-length: 2384
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: text/css
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 carousel.autoplay.css
www.trellix.com/www/css/fancyapps-v5/ 288 B
575 B 109ms
108ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/fancyapps-v5/carousel.autoplay.css?v=1.2

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b5075ff37d22a6e4456f47ad979e586218253d8c02d38dc8e06fd10296ba4ba7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=7, ak_p; desc="1729766139500_34603341_628695803_1592_10600_36_0_255";dur=1
content-length: 202
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: text/css
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 fancyapps-tweaks.min.css
www.trellix.com/www/css/ 3 KB
1 KB 109ms
108ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/fancyapps-tweaks.min.css?v=1.2

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ec0b429836f9d838f2a4970c24eeaf0295ccf76f5024a0860430eee1418c5534

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=15, ak_p; desc="1729766139499_34603341_628695804_2263_12481_36_0_255";dur=1
content-length: 900
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: text/css
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 bootstrap-trellix.min.css
www.trellix.com/www/css/ 362 KB
45 KB 109ms
108ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/bootstrap-trellix.min.css?v=1.5

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

53eeb2383acb9e289ea307fbbd92ca770307fe035550601e44d1c0c4ae6a6d6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=3, ak_p; desc="1729766139499_34603341_628695805_1090_11508_36_0_255";dur=1
content-length: 45218
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: text/css
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 icons.min.css
www.trellix.com/www/css/ 201 KB
18 KB 118ms
117ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/icons.min.css?v=1.2

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

99c9abe9c61eee2bea48e90c5cf3cd3bd97894a5b0f27fb6f96d9600a5e52f81

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=16, ak_p; desc="1729766139503_34603341_628695806_2848_11256_36_0_255";dur=1
content-length: 17784
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: text/css
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 newsroom.min.css
www.trellix.com/www/css/ 3 KB
1 KB 115ms
114ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/newsroom.min.css?v=1.1

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5caa39ce9d372d511d9cfbf4aece7e11470e65342945ed3091462f0d8ef97a0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=6, ak_p; desc="1729766139499_34603341_628695807_1425_21405_36_0_255";dur=1
content-length: 821
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: text/css
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 tables-charts.min.css
www.trellix.com/www/css/ 23 KB
4 KB 120ms
119ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/tables-charts.min.css?v=1.2

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

68b482a2d5d6760bb15c2acd99cf2e9c3758fa0f95e5c50053626ca7f0c2d4e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=7, ak_p; desc="1729766139514_34603341_628695808_3009_14416_36_0_255";dur=1
content-length: 4120
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: text/css
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 forms.min.css
www.trellix.com/www/css/ 8 KB
2 KB 115ms
115ms Stylesheet
text/css 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/forms.min.css?v=1.4

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

204135be6258483e24ad474577fc57ce477214f13f810765181bcae83b4b890f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=16, ak_p; desc="1729766139499_34603341_628695809_2385_11421_36_0_255";dur=1
content-length: 1975
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: text/css
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 5PV9T-ULLTF-YKBNY-PXFLK-CCTPF Show response
s.go-mpulse.net/boomerang/ 205 KB
49 KB 138ms
39ms Script
application/javascript 2a02:26f0:3500:c81::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/5PV9T-ULLTF-YKBNY-PXFLK-CCTPF
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:c81::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cache-control: max-age=604800
timing-allow-origin: *
content-encoding: br
customappheader: mpulse-ab-boomr__git__361fdb1__git__361fdb1__p19.alsi10-lite
content-length: 50393
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Jul 2024 05:35:09 GMT
vary: Accept-Encoding

GET
H2 200 bootstrap-icons.woff2
www.trellix.com/www/css/fonts/ 128 KB
128 KB 258ms
258ms Font
application/octet-stream 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d029b51d694d1b0b226cacde588b0dd3c0cd0be4b9ead38b4e6e728442b2b8d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.trellix.com
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139861_34603341_628695961_13106_14087_37_0_255";dur=1
content-length: 130856
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
content-type: application/octet-stream
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 Montserrat-VF.woff2
www.trellix.com/www/css/fonts/ 120 KB
120 KB 268ms
267ms Font
application/octet-stream 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/fonts/Montserrat-VF.woff2

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

30340b72c6991d891792731fb1dd492ff6a2c530adee3b22d13c5fbc522601e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.trellix.com
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

content-encoding: gzip
etag: "1dfc4-604b4f3ca26c0"
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766139842_34603341_628695962_11214_13226_37_0_255";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Wed, 06 Sep 2023 18:31:31 GMT
vary: Accept-Encoding
content-type: application/octet-stream
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 122871
x-xss-protection: 1; mode=block

GET
H2 200 fancybox.esm.js Show response
www.trellix.com/www/js/fancyapps-v5/ 137 KB
39 KB 276ms
276ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/fancyapps-v5/fancybox.esm.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

08291c6ef031d49f46614bf9b0ada572ce07cbc4c0c44fea568510f07a9a7806

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.trellix.com
Referer: https://www.trellix.com/www/js/fancyapps-control-v5.min.js?v=1.0

Response headers

content-encoding: gzip
etag: "22365-5f6c9b9588980-gzip"
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=30, ak_p; desc="1729766139833_34603341_628695963_13346_15315_38_0_219";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Mon, 13 Mar 2023 15:25:42 GMT
vary: Accept-Encoding
content-type: application/javascript
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 39511
x-xss-protection: 1; mode=block

GET
H2 200 carousel.esm.js Show response
www.trellix.com/www/js/fancyapps-v5/ 66 KB
19 KB 311ms
310ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/fancyapps-v5/carousel.esm.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b86567b335e849be66dee7b31ef5098615cf75ccd991adbf887947b2c00b8101

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.trellix.com
Referer: https://www.trellix.com/www/js/fancyapps-control-v5.min.js?v=1.0

Response headers

content-encoding: gzip
etag: "10773-5f6c9b9494740-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=12, ak_p; desc="1729766139909_34603341_628695972_19082_14901_37_0_219";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Mon, 13 Mar 2023 15:25:41 GMT
vary: Accept-Encoding
content-type: application/javascript
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 19059
x-xss-protection: 1; mode=block

GET
H2 200 carousel.autoplay.esm.js Show response
www.trellix.com/www/js/fancyapps-v5/ 6 KB
3 KB 281ms
280ms Script
application/javascript 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/fancyapps-v5/carousel.autoplay.esm.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1ad9b67129a03f8776a561bd51b1487d570568ac221f127061d8c36935ab1118

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.trellix.com
Referer: https://www.trellix.com/www/js/fancyapps-control-v5.min.js?v=1.0

Response headers

content-encoding: gzip
etag: "194d-5f6c9b93a0500-gzip"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=7, ak_p; desc="1729766139876_34603341_628695973_15359_13632_38_0_219";dur=1
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Mon, 13 Mar 2023 15:25:40 GMT
vary: Accept-Encoding
content-type: application/javascript
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 2185
x-xss-protection: 1; mode=block

GET
H2 200 nr_newsroom_2.jpg
www.trellix.com/en-us/img/hero/ 38 KB
39 KB 300ms
299ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/hero/nr_newsroom_2.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

06f9399ec6cfc9bbc44add22cef77f3f720e3995464c5420ab374a71208b784d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "9933-5d839ae25c680"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=13, ak_p; desc="1729766139939_34603341_628695974_22076_12525_37_0_219";dur=1
content-length: 39219
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:39 GMT
content-disposition: inline
last-modified: Thu, 17 Feb 2022 16:58:50 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 62d02fdf987470001990b50c.js Show response
buttons-config.sharethis.com/js/ 1 KB
954 B 510ms
415ms Script
text/javascript 2600:9000:206f:9e00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/62d02fdf987470001990b50c.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:9e00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2397adc18869c073b061188ae7fff44a00863c0062a9f36920de42cd773dd8b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cache-control: public, max-age=60
content-encoding: gzip
etag: W/"0bd2fc93ce95e1c3635ff934074ab72d"
via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
x-cache: RefreshHit from cloudfront
x-amz-cf-id: H65b4GC5_sXHBw8BFjG7X8IeIOd19cRKUt32w-Dm8_sFky3k06IRgQ==
date: Thu, 24 Oct 2024 10:35:41 GMT
content-type: text/javascript
last-modified: Fri, 06 Oct 2023 19:44:38 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
x-amz-server-side-encryption: AES256

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
402 B 181ms
39ms XHR
text/plain 18.195.217.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/pview?event=pview&hostname=www.trellix.com&location=%2Fblogs%2Fresearch%2Funmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat%2F&product=inline-share-buttons&url=https%3A%2F%2Fwww.trellix.com%2Fblogs%2Fresearch%2Funmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat%2F&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Unmasking%20the%20Hidden%20Threat%3A%20Inside%20a%20Sophisticated%20Excel-Based%20Attack%20Delivering%20Fileless%20Remcos%20RAT&cms=unknown&publisher=62d02fdf987470001990b50c&sop=true&version=st_sop.js&lang=en&description=This%20blog%20dissects%20a%20recent%20advanced%20malware%20campaign%20that%20leverages%20a%20seemingly%20benign%20Excel%20file%20delivered%20via%20phishing%20that%20exploits%20CVE-2017-0199%2C%20a%20critical%20vulnerability%20in%20Microsoft%20Office%20and%20WordPad%20that%20allows%20attackers%20to%20execute%20arbitrary%20code%20when%20a%20user%20opens%20a%20specially%20crafted%20document.%20&ua=&ua_mobile=false&ua_full_version_list=&uuid=7315dde6-490e-4f83-ab70-eb24fcb21fc6

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.195.217.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-195-217-231.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Max-Age: 1728000
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.trellix.com
Date: Thu, 24 Oct 2024 10:35:39 GMT
Access-Control-Allow-Headers: *

GET
H2 200 config.json Show response
c.go-mpulse.net/api/ 772 B
936 B 189ms
85ms XHR
application/json 2a02:26f0:7100:594::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=5PV9T-ULLTF-YKBNY-PXFLK-CCTPF&d=www.trellix.com&t=5765887&v=1.720.0&sl=0&si=e8c927b4-b7e7-4c9f-84e7-0cf78c3f5f2c-sluw3f&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=765692
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/5PV9T-ULLTF-YKBNY-PXFLK-CCTPF
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:594::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4d044a47cf090c6ee8a085ed68bf00bac25ba03cd874f64f62581080248213e5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
content-length: 772
alt-svc: h3=":443"; ma=93600
timing-allow-origin: *
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/json

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 322 KB
107 KB 65ms
63ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-P2K9CJ3DRL&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K45F7Q73

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3da6045768a6195fe14319c11ed92f9c08674f2210120d788a7e783070e13624

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 24 Oct 2024 10:35:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 109428
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.49/ 64 KB
27 KB 87ms
86ms Script
application/javascript 2620:1ec:29:1::64
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.49/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hkgsujld4i
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 09fa04e84d7038cc32f19bedcba454b9e637a35f4de496e8ec9148c47550f0fc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

x-azure-ref: 20241024T103539Z-er1787bdbf4n4rqr19kxyrd2g40000000avg00000001r3wh
cache-control: public, max-age=86400
x-ms-version: 2018-03-28
content-encoding: br
etag: W/"0x8DCF0FBF8E94E61"
x-fd-int-roxy-purgeid: 51562430
x-ms-request-id: 490d94a4-501e-0029-41e8-2210af000000
access-control-allow-origin: *
x-cache: TCP_HIT
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Sun, 20 Oct 2024 11:40:18 GMT

GET
H2 200 id Show response
dpm.demdex.net/ 555 B
1009 B 193ms
60ms XHR
application/json 34.250.93.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=0FD024EB6135CAAB0A495CAF%40AdobeOrg&d_nsid=0&ts=1729766139909

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/launch-675ffef2af24.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.250.93.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-250-93-70.eu-west-1.compute.amazonaws.com

Software

Resource Hash

14225150fddc63214b714c396d99003cbb4d321157373a569c3458aee6939214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-irl1-1-v067-0e8f5c947.edge-irl1.demdex.com 2 ms
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
x-tid: 6l6zzhtfT2U=
expires: Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin: https://www.trellix.com
content-length: 405
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Thu, 24 Oct 2024 10:35:40 GMT
content-type: application/json;charset=utf-8
vary: Origin

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 34 KB
12 KB 45ms
44ms Script
application/x-javascript 2a02:26f0:3500:597::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/launch-675ffef2af24.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:597::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cache-control: no-cache
timing-allow-origin: *
content-encoding: gzip
etag: "dfdd9e1f988805f0c2fbb10cd6b8f034:1663863409.614694"
expires: Thu, 24 Oct 2024 11:35:39 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.trellix.com
content-length: 12384
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/x-javascript
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 3 KB
2 KB 48ms
47ms Script
application/x-javascript 2a02:26f0:3500:597::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/launch-675ffef2af24.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:597::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cache-control: no-cache
timing-allow-origin: *
content-encoding: gzip
etag: "b89fcb8870ac40eecb6d3cc844d35389:1663863409.92483"
expires: Thu, 24 Oct 2024 11:35:39 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.trellix.com
content-length: 1598
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/x-javascript
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 25 KB
9 KB 50ms
50ms Script
application/x-javascript 2a02:26f0:3500:597::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/launch-675ffef2af24.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:597::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b01bd01687b15585b2740273c8c3c6674dd9f559cfe52eeffdf43b1f93a12d05

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cache-control: no-cache
timing-allow-origin: *
content-encoding: gzip
etag: "d220d501715e0484d0dddeac614f902c:1663863410.217006"
expires: Thu, 24 Oct 2024 11:35:39 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.trellix.com
content-length: 8755
date: Thu, 24 Oct 2024 10:35:39 GMT
content-type: application/x-javascript
last-modified: Thu, 22 Sep 2022 16:16:50 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 204 / Show response
api2932.d41.co/sync/ 0
468 B 417ms
134ms Script
text/plain 52.203.56.255
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api2932.d41.co/sync/

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/launch-675ffef2af24.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.203.56.255 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-203-56-255.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self';
cache-control: no-store
pragma: no-cache
expect-ct: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: https://www.trellix.com
date: Thu, 24 Oct 2024 10:35:40 GMT
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 142ms
49ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-P2K9CJ3DRL&gtm=45je4al0v9135067743za200zb9135072756&_p=1729766139249&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101686685~101794737~101823848&cid=1940540804.1729766140&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1729766140&sct=1&seg=0&dl=https%3A%2F%2Fwww.trellix.com%2Fblogs%2Fresearch%2Funmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat%2F&dt=Unmasking%20the%20Hidden%20Threat%3A%20Inside%20a%20Sophisticated%20Excel-Based%20Attack%20Delivering%20Fileless%20Remcos%20RAT&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1252
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P2K9CJ3DRL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.trellix.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 10:35:40 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 getForm Show response
627-oog-590.mktoweb.com/index.php/form/ 40 KB
7 KB 609ms
609ms Script
application/javascript 104.16.93.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://627-oog-590.mktoweb.com/index.php/form/getForm?munchkinId=627-OOG-590&form=1075&url=https%3A%2F%2Fwww.trellix.com%2Fblogs%2Fresearch%2Funmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat%2F&callback=jQuery37102511188866919227_1729766139948&_=1729766139949
Requested by: Host: 627-oog-590.mktoweb.com
URL: https://627-oog-590.mktoweb.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.93.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d41287a8a177f145d49b81d576c73064c2bf91f1c0a4c379c6e1418dff8443a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cached: false
x-form-service-request-id: 6e17#192be18a92c
content-encoding: gzip
cf-cache-status: DYNAMIC
cf-ray: 8d7952478d0cca70-HAM
date: Thu, 24 Oct 2024 10:35:40 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
x-marketo-source: Form Service
server: cloudflare

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/lqsTZ5beIbCkK4uGEGv9JmUR/ 546 KB
217 KB 91ms
38ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/lqsTZ5beIbCkK4uGEGv9JmUR/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LfqXqAlAAAAAOcuwHMDX6Uo3mWxPTJUxjh8kcZu&onload=grecaptchaListeners_ready

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

9361aaa99bd2f940d92294185a2f3d081c1bda58c28f031e7e6c6367f99c23af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.trellix.com
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
age: 19497
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Fri, 24 Oct 2025 05:10:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 05:10:43 GMT
last-modified: Mon, 14 Oct 2024 18:32:27 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 221971
x-xss-protection: 0
server: sffe

GET
H2 200 getRecentBlogsFromWarpper Show response
www.trellix.com/corpcomsvc/ 3 KB
2 KB 1818ms
1817ms Fetch
application/json 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/corpcomsvc/getRecentBlogsFromWarpper?blogsCount=5

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/components/content/recentblogs/clientlibs.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

111e2223a19e33561e1e3bdf7d9294235c2e6f78a1e5bffb98d9958f2809ec31

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: Thu, 24 Oct 2024 10:35:41 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=515, origin; dur=1132, ak_p; desc="1729766140177_34603341_628696108_168354_39143_37_0_219";dur=1
content-length: 1367
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:41 GMT
content-type: application/json
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 arrow-right.b66e9741c7b691ba607d3943c547b468.svg
www.trellix.com/en-us/img/v1/ 225 B
605 B 183ms
182ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/v1/arrow-right.b66e9741c7b691ba607d3943c547b468.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/bootstrap-trellix.min.css?v=1.5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2f2e3fbca639ff26c4a87bfa14ec5997a87fb8a3e64951c3c7d521f86fdf04a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/bootstrap-trellix.min.css?v=1.5

Response headers

content-encoding: gzip
etag: "e1-5d5e6ce300080"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=21, ak_p; desc="1729766140187_34603341_628696109_6757_17850_38_0_219";dur=1
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Wed, 19 Jan 2022 03:16:02 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 177
x-xss-protection: 1; mode=block

GET
H2 200 h-slashes-6-left.png
www.trellix.com/en-us/img/v1/ 3 KB
4 KB 125ms
123ms Image
image/png 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/v1/h-slashes-6-left.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e6276a81bbb6e8b0af3ce931e952e331ac3f1c79ef9aae49a8cd0f880ca5e72a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "da6-5d5e6cd1d5800"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766140150_34603341_628696110_965_11341_41_0_146";dur=1
content-length: 3494
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Wed, 19 Jan 2022 03:15:44 GMT
content-type: image/png
x-frame-options: SAMEORIGIN

GET
H2 200 h-slashes-6-right.png
www.trellix.com/en-us/img/v1/ 4 KB
4 KB 125ms
123ms Image
image/png 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/v1/h-slashes-6-right.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

43d6145272090a7d6c896942ea0df4035ba3ecbac5232acd381bd00da17c6815

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "e8b-5d5e6ce20be40"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=2, ak_p; desc="1729766140149_34603341_628696111_1056_11684_41_0_146";dur=1
content-length: 3723
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Wed, 19 Jan 2022 03:16:01 GMT
content-type: image/png
x-frame-options: SAMEORIGIN

GET
H2 200 secure-endpoints-with-industry-leading-platform-card.jpg
www.trellix.com/en-us/img/cards/ 45 KB
46 KB 126ms
125ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/cards/secure-endpoints-with-industry-leading-platform-card.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

209b033eae428427637f150bb203967d75651e9d2c1917da0249060d83b55bce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "b52f-623ea8f31f800"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766140149_34603341_628696112_957_11286_41_0_146";dur=1
content-length: 46383
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Mon, 07 Oct 2024 22:29:52 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 mind-of-the-ciso-initiative-card.jpg
www.trellix.com/en-us/img/cards/ 19 KB
20 KB 125ms
124ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/cards/mind-of-the-ciso-initiative-card.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

88a2b76f053b707d38126b7c054ba6f74f7e5902d4deae5a231ac212f57bf33d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "4de9-61031fc06a600"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766140149_34603341_628696113_874_11532_41_0_146";dur=1
content-length: 19945
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Tue, 30 Jan 2024 23:18:48 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 unmasking-the-hidden-threat-card.jpg
www.trellix.com/en-us/img/cards/ 49 KB
50 KB 148ms
147ms Image
image/jpeg 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/cards/unmasking-the-hidden-threat-card.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c22d7282df871def585164c2a94ed42406e264d184f363c60bb233d7d65b023b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
etag: "c502-623ea8f507c80"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=13, ak_p; desc="1729766140159_34603341_628696114_3103_15151_38_0_146";dur=1
content-length: 50434
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Mon, 07 Oct 2024 22:29:54 GMT
content-type: image/jpeg
x-frame-options: SAMEORIGIN

GET
H2 200 Montserrat-Italic-VF.woff2
www.trellix.com/www/css/fonts/ 124 KB
124 KB 98ms
97ms Font
application/octet-stream 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/fonts/Montserrat-Italic-VF.woff2

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/common.min.css?v=5.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

958bba9c3821b4a519215228b9beafd3198361968f118b68c68921bce448d6da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.trellix.com
Referer: https://www.trellix.com/www/css/common.min.css?v=5.0

Response headers

content-encoding: gzip
etag: "1ef54-604b4f3bae480"
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=15, ak_p; desc="1729766140149_34603341_628696115_2373_17782_41_0_255";dur=1
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Wed, 06 Sep 2023 18:31:30 GMT
vary: Accept-Encoding
content-type: application/octet-stream
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 126798
x-xss-protection: 1; mode=block

GET
H2 200 token.json Show response
www.trellix.com/libs/granite/csrf/ 2 B
730 B 193ms
193ms XHR
application/json 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/libs/granite/csrf/token.json

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
expires: -1
server-timing: cdn-cache; desc=HIT, edge; dur=124, origin; dur=0, ak_p; desc="1729766140222_34603341_628696147_12850_15192_37_0_219";dur=1
content-length: 22
x-xss-protection: 1; mode=block
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
content-type: application/json;charset=iso-8859-1
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 dest5.html
musarubra.demdex.net/ Frame ADAC 0
0 181ms
55ms Document
text/html 34.250.93.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://musarubra.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.250.93.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-250-93-70.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Thu, 24 Oct 2024 10:35:40 GMT
dcs: dcs-prod-irl1-2-v067-0ab6d4c8f.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 16 Oct 2024 09:34:53 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: 5laqMcUcQ2Y=

GET
H2 200 id Show response
smetrics.trellix.com/ 48 B
458 B 182ms
52ms XHR
application/x-javascript 63.140.62.27
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.trellix.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=0FD024EB6135CAAB0A495CAF%40AdobeOrg&mid=22558719439412650652472222506167161405&ts=1729766140328

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.27 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-27.data.adobedc.net

Software

jag /

Resource Hash

f435707eb6a156d21e374eeccbab8d07f66419ad636d236044f78719b84454c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-origin: https://www.trellix.com
p3p: CP="This is not a P3P policy"
content-length: 48
date: Thu, 24 Oct 2024 10:35:40 GMT
x-xss-protection: 1; mode=block
content-type: application/x-javascript;charset=utf-8
vary: Origin
server: jag

GET
H2

200

ibs:dpid=411&dpuuid=Zxoi-AAAAFZuvgN-
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=15040623255615104383017110925251841714
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zxoi-AAAAFZuvgN-

42 B
715 B

60ms
60ms

Image
image/gif

34.250.93.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zxoi-AAAAFZuvgN-

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Protocol

Server

34.250.93.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-250-93-70.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-irl1-1-v067-09aebd3ae.edge-irl1.demdex.com 4 ms
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
x-tid: L5PeYrIxTsc=
expires: Thu, 01 Jan 1970 00:00:00 UTC
content-length: 59
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Thu, 24 Oct 2024 10:35:40 GMT
content-type: image/gif

Redirect headers

Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zxoi-AAAAFZuvgN-
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Length: 0
Date: Thu, 24 Oct 2024 10:35:40 GMT
Connection: keep-alive
Server: AMO-cookiemap/1.1

POST
H/1.1 204
No Content collect Show response
r.clarity.ms/ 0
279 B 479ms
159ms XHR
text/plain 20.119.174.243
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://r.clarity.ms/collect
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.119.174.243 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

Request-Context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
Access-Control-Allow-Origin: https://www.trellix.com
Date: Thu, 24 Oct 2024 10:35:40 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 157 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

POST
H2 200 delivery Show response
trellix.tt.omtrdc.net/rest/v1/ 352 B
844 B 338ms
71ms XHR
application/json 66.235.152.156
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://trellix.tt.omtrdc.net/rest/v1/delivery?client=musarubra&sessionId=2afdc880daca48f187f5978206637d51&version=2.8.2

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.156 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-66-235-152-156.data.adobedc.net

Software

jag /

Resource Hash

756a3870daa06c555a993795eb5ec852df23524020aaffbfd7976fa0cbd47805

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 8e827d1e-0bdc-40e5-a1dc-f8fb870d9520
cache-control: no-cache, no-store, max-age=0, no-transform, private
timing-allow-origin: *
content-encoding: gzip
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
access-control-allow-origin: https://www.trellix.com
date: Thu, 24 Oct 2024 10:35:40 GMT
x-xss-protection: 1; mode=block
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
server: jag

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame 5DB7 0
0 262ms
73ms Document
text/html 216.58.206.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfqXqAlAAAAAOcuwHMDX6Uo3mWxPTJUxjh8kcZu&co=aHR0cHM6Ly93d3cudHJlbGxpeC5jb206NDQz&hl=de&v=lqsTZ5beIbCkK4uGEGv9JmUR&size=invisible&cb=fs7reydjjmbb

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s11-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jB5m0xpBn83lnmadm0ECBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-jB5m0xpBn83lnmadm0ECBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Thu, 24 Oct 2024 10:35:40 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 201 18QeW4B Show response
www.trellix.com/UkX10n06B/Zi7JWNOi/IDY86JOI/0M/N9aSXmkrbLchOQ5c/TisvAQ/DixeL/ 18 B
860 B 604ms
601ms XHR
application/json 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/UkX10n06B/Zi7JWNOi/IDY86JOI/0M/N9aSXmkrbLchOQ5c/TisvAQ/DixeL/18QeW4B

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
CSRF-Token: undefined

Response headers

strict-transport-security: max-age=15768000
access-control-allow-credentials: true
x_req_id: ba608691-6cdc-4f57-b197-2b3a10bb4ad1
access-control-allow-origin: https://www.trellix.com
server-timing: edge; dur=4, origin; dur=552, cdn-cache; desc=MISS, ak_p; desc="1729766140509_34603341_628696243_55567_8039_37_0_219";dur=1
content-length: 18
date: Thu, 24 Oct 2024 10:35:41 GMT
content-type: application/json
vary: Origin
access-control-allow-headers: Content-Type

GET
H/1.1 200
OK dnb_coretag_v4.min.js Show response
cdn-0.d41.co/tags/ 74 KB
25 KB 205ms
44ms Script
application/javascript 143.204.98.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/launch-675ffef2af24.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-107.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 52c766d175703482411d165b1339220aac1167e3315b792928eb51de6d6b3183

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

Transfer-Encoding: chunked
Content-Encoding: br
x-amz-version-id: null
ETag: W/"c5b0d60b7c887bcae6d8897835a15d14"
Age: 1286
Connection: keep-alive
Via: 1.1 b44e2902bb3501d47514e51618f1bda4.cloudfront.net (CloudFront)
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: _Ng6F6m7jrKXzUs9pY547ubXcHlxLZGjNNrr5MAiq6S3zkozhgGaTA==
Date: Thu, 24 Oct 2024 10:14:15 GMT
Content-Type: application/javascript
Last-Modified: Thu, 18 Nov 2021 14:57:32 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA50-C1
Vary: Accept-Encoding

POST
H/1.1 204
No Content collect Show response
r.clarity.ms/ 0
279 B 502ms
369ms XHR
text/plain 20.119.174.243
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://r.clarity.ms/collect
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.119.174.243 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

Request-Context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
Access-Control-Allow-Origin: https://www.trellix.com
Date: Thu, 24 Oct 2024 10:35:41 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 forms2.css
627-oog-590.mktoweb.com/js/forms2/css/ 13 KB
3 KB 68ms
68ms Stylesheet
text/css 104.16.93.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://627-oog-590.mktoweb.com/js/forms2/css/forms2.css

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.93.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "14e0306-3437-62370c030d900"
age: 5256
x-content-type-options: nosniff
cf-ray: 8d79524b999eca70-HAM
expires: Thu, 24 Oct 2024 14:35:40 GMT
accept-ranges: bytes
content-length: 2623
date: Thu, 24 Oct 2024 10:35:40 GMT
content-type: text/css
last-modified: Tue, 01 Oct 2024 21:10:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 forms2-theme-plain.css
627-oog-590.mktoweb.com/js/forms2/css/ 828 B
331 B 75ms
75ms Stylesheet
text/css 104.16.93.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://627-oog-590.mktoweb.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.93.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "14e0304-33c-62370c030d900"
age: 5256
x-content-type-options: nosniff
cf-ray: 8d79524b99a0ca70-HAM
expires: Thu, 24 Oct 2024 14:35:40 GMT
accept-ranges: bytes
content-length: 246
date: Thu, 24 Oct 2024 10:35:40 GMT
content-type: text/css
last-modified: Tue, 01 Oct 2024 21:10:28 GMT
vary: Accept-Encoding
server: cloudflare

POST
H2 201 18QeW4B Show response
www.trellix.com/UkX10n06B/Zi7JWNOi/IDY86JOI/0M/N9aSXmkrbLchOQ5c/TisvAQ/DixeL/ 18 B
859 B 429ms
428ms XHR
application/json 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/UkX10n06B/Zi7JWNOi/IDY86JOI/0M/N9aSXmkrbLchOQ5c/TisvAQ/DixeL/18QeW4B

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
CSRF-Token: undefined

Response headers

strict-transport-security: max-age=15768000
access-control-allow-credentials: true
x_req_id: 2b8737e7-a9a3-494e-b295-6f45b0c4b95c
access-control-allow-origin: https://www.trellix.com
server-timing: edge; dur=4, origin; dur=378, cdn-cache; desc=MISS, ak_p; desc="1729766140877_34603341_628696357_38206_8206_37_0_219";dur=1
content-length: 18
date: Thu, 24 Oct 2024 10:35:41 GMT
content-type: application/json
vary: Origin
access-control-allow-headers: Content-Type

GET
H2 200 chevron-down.svg
www.trellix.com/en-us/img/icons/ 290 B
1 KB 57ms
56ms Image
image/svg+xml 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/icons/chevron-down.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/forms.min.css?v=1.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

13f7d60ab56cc83e0235a2d3a69573104bff1bbc3cbe386bb57063ed59247535

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/www/css/forms.min.css?v=1.4

Response headers

content-encoding: gzip
etag: "122-5e0cc20839dc0"
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729766140893_34603341_628696365_129_16502_37_0_146";dur=1
date: Thu, 24 Oct 2024 10:35:40 GMT
content-disposition: inline
last-modified: Mon, 06 Jun 2022 19:03:27 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 217
x-xss-protection: 1; mode=block

POST
H2 200 pixel_a8ad0b8 Show response
www.trellix.com/akam/13/ 0
919 B 55ms
52ms XHR
text/html 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/akam/13/pixel_a8ad0b8

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
CSRF-Token: undefined

Response headers

strict-transport-security: max-age=15768000
server-timing: cdn-cache; desc=HIT, edge; dur=7, ak_p; desc="1729766140942_34603341_628696376_667_7299_37_0_219";dur=1
content-length: 0
date: Thu, 24 Oct 2024 10:35:40 GMT
content-type: text/html

GET
H2 200 XDFrame
627-oog-590.mktoweb.com/index.php/form/ Frame 9F0D 0
0 261ms
165ms Document
text/html 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://627-oog-590.mktoweb.com/index.php/form/XDFrame

Requested by

Host: 627-oog-590.mktoweb.com
URL: https://627-oog-590.mktoweb.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 8d79524d9eed62c5-HAM
content-encoding: gzip
content-length: 659
content-type: text/html; charset=utf-8
date: Thu, 24 Oct 2024 10:35:41 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 favicon.ico
www.trellix.com/ 48 KB
10 KB 57ms
57ms Other
image/x-icon 2a02:26f0:7100::210:151
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/favicon.ico?v=2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::210:151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e874a202a7bb31e434e9f4acf7e1392edeb739a7263b6b99c2d611537ee79560

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

content-encoding: gzip
etag: "bfd4-5de0ccca39f96"
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=4, ak_p; desc="1729766141406_34603341_628696555_362_14271_36_0_219";dur=1
date: Thu, 24 Oct 2024 10:35:41 GMT
last-modified: Mon, 02 May 2022 19:57:17 GMT
content-disposition: inline
vary: Accept-Encoding
content-type: image/x-icon
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cache-control: max-age=14400, s-maxage=14400
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 9910
x-xss-protection: 1; mode=block

POST
H2 200 s33587792673127 Show response
smetrics.trellix.com/b/ss/musarubratrellixcom/10/JS-2.23.0-LEWM/ 305 B
638 B 85ms
83ms XHR
application/x-javascript 63.140.62.27
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.trellix.com/b/ss/musarubratrellixcom/10/JS-2.23.0-LEWM/s33587792673127

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.27 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-27.data.adobedc.net

Software

jag /

Resource Hash

41835131c26478e6ba65a8389b935978dfe6fe886a66006945dcd79ed479591e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

x-aam-tid: sq2qTdUcR+c=
etag: 3714644504495751168-4618279900285059163
x-content-type-options: nosniff
expires: Wed, 23 Oct 2024 10:35:41 GMT
p3p: CP="This is not a P3P policy"
date: Thu, 24 Oct 2024 10:35:41 GMT
last-modified: Fri, 25 Oct 2024 10:35:41 GMT
vary: *
content-type: application/x-javascript;charset=utf-8
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
dcs: dcs-prod-irl1-1-v067-09aebd3ae.edge-irl1.demdex.com 4 ms
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.trellix.com
content-length: 305
x-xss-protection: 1; mode=block
server: jag

GET
H/1.1

200
OK

results.txt Show response
kd7qo5qcccuayzy2el6q-pakm38-2e8c99089-clientnsv4-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pakm38b75
https://kd7qo5qcccuayzy2el6q-pakm38-2e8c99089-clientnsv4-s.akamaihd.net/eum/results.txt

8 B
312 B

179ms
39ms

XHR
text/plain

2.16.168.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://kd7qo5qcccuayzy2el6q-pakm38-2e8c99089-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 2.16.168.12 , Netherlands, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-168-12.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 8
Date: Thu, 24 Oct 2024 10:35:41 GMT
Content-Type: text/plain
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage

Redirect headers

Access-Control-Allow-Origin: *
Location: https://kd7qo5qcccuayzy2el6q-pakm38-2e8c99089-clientnsv4-s.akamaihd.net/eum/results.txt
Content-Length: 0
Date: Thu, 24 Oct 2024 10:35:41 GMT
Server: AkamaiGHost
Connection: keep-alive

GET
H/1.1

200
OK

results.txt Show response
fiaqjiathaajgkqce3yajaaab5truix5-pakm38-0e707c105-clienttons-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pakm38b75
https://fiaqjiathaajgkqce3yajaaab5truix5-pakm38-0e707c105-clienttons-s.akamaihd.net/eum/results.txt

8 B
312 B

180ms
39ms

XHR
text/plain

2a02:26f0:480:f::213:7ec8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://fiaqjiathaajgkqce3yajaaab5truix5-pakm38-0e707c105-clienttons-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 2a02:26f0:480:f::213:7ec8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 8
Date: Thu, 24 Oct 2024 10:35:41 GMT
Content-Type: text/plain
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage

Redirect headers

Access-Control-Allow-Origin: *
Location: https://fiaqjiathaajgkqce3yajaaab5truix5-pakm38-0e707c105-clienttons-s.akamaihd.net/eum/results.txt
Content-Length: 0
Date: Thu, 24 Oct 2024 10:35:41 GMT
Server: AkamaiGHost
Connection: keep-alive

POST
H2 200 event Show response
musarubra.demdex.net/ 304 B
869 B 67ms
64ms XHR
application/json 34.250.93.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://musarubra.demdex.net/event?d_dil_ver=9.5&_ts=1729766141869

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.250.93.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-250-93-70.eu-west-1.compute.amazonaws.com

Software

Resource Hash

52869316bce7658284e5e2f6627a451c96f563f5cbccaede206d4a7088bbcae2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-irl1-2-v067-0b0a8a455.edge-irl1.demdex.com 4 ms
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
x-tid: ZnK35Y/2Q+Q=
expires: Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin: https://www.trellix.com
content-length: 265
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Thu, 24 Oct 2024 10:35:41 GMT
content-type: application/json;charset=utf-8
vary: Origin

POST
H/1.1 204
No Content collect Show response
r.clarity.ms/ 0
279 B 254ms
250ms XHR
text/plain 20.119.174.243
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://r.clarity.ms/collect
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.119.174.243 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/

Response headers

Request-Context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
Access-Control-Allow-Origin: https://www.trellix.com
Date: Thu, 24 Oct 2024 10:35:42 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

Verdicts & Comments Add Verdict or Comment

127 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.trellix.com/	1970-01-21 00:29:33	Name: bm_mi Value: 90E64140916B8A99E925758ED1C23885~YAAQTQEQAkvqZ5eSAQAAR6UYvhktXBlAIRcFy2YnU8QOJKl7nvwH8cT3kw6rDSa75IYX852LBOnPrAgPRZqZNGEnKpbExmEuaPVk8Ggu29SfRh9gnSdAfZ1LiwCwB5SK8yFPTu14fopxi1x4ulZI7bBcXjqHFkDELIULbKTzk2cqBCKCBv0Vs1g/TqT/sWObboDxLL1iBSwZz82IMnCytMEkW2wr5yuWaGhAXMgmrHJ4J92gjsyPtFUeEY4IPfpXlrP96dwpWtHsxLVaPnfxahm1/d4QzEKsNg+lIMYpv9wTLWxYjptuu2NHGx1vLztkX0SFa0pH/HAXfdvSBvBelQY0O0uHdqMoDAw1d/fJTFJgexieRmamiXZR8xJSI4WtrIwrFwie3Z6GkC0Ndx/dRpaTFod82aYUdwdCLCOsZKK+1TCldy9ZvHG+EP9fVeiU0Xu7FC+nr/AbDy6Eh7bDexA=~1
.trellix.com/	1970-01-21 00:29:40	Name: bm_sz Value: BB14FD802209B3328F7F1252E969B09C~YAAQTQEQAk3qZ5eSAQAAR6UYvhnrU1weGJTC3PlOAPevgdezYU0Od7tNgJTWryUqdL6XaxkBJCH//n2QqfqT5oNk1vlXSd/avofqew3uCMElgzKTu/R05E5ZBveqWEvljqir49xU/EKV7P/CWcc5ZbHAStQLgKAJ312XYT2fb0kOa7YHvZo6R1sNwrFo7/5NmZCpeAkDhHpon5dVoncwyXQOrvEK3lSysc+FCEMGTsog6Rg1mIdKQegcxAcxqmFhQU8KwS94tvhNe0ugLmAkCGzfF4394u5KgL2vQumoWG8u3vTuSJh5EZqwz7iffSlPdjQQTbA70/p4dp8pfdU4kct9ln/hAc6ph63pCDyMO6uMaljwy2Ork8n2WcytrgI9oV4AFtQJ3/QoxTbMMXKLpyK9e1Ub~4470851~4343365
.trellix.com/	1970-01-21 10:05:26	Name: _ga_P2K9CJ3DRL Value: GS1.1.1729766140.1.0.1729766140.0.0.0
.trellix.com/	1970-01-21 10:05:26	Name: _ga Value: GA1.1.1940540804.1729766140
.demdex.net/	1970-01-21 04:48:38	Name: demdex Value: 15040623255615104383017110925251841714
.trellix.com/	1969-12-31 23:59:59	Name: AMCVS_0FD024EB6135CAAB0A495CAF%40AdobeOrg Value: 1
www.trellix.com/	1970-01-21 00:30:52	Name: utm_medium Value: dir
.trellix.com/	1969-12-31 23:59:59	Name: at_check Value: true
.trellix.com/	1970-01-21 10:05:26	Name: s_ecid Value: MCMID%7C22558719439412650652472222506167161405
.dpm.demdex.net/	1970-01-21 04:48:38	Name: dpm Value: 15040623255615104383017110925251841714
.trellix.com/	1970-01-21 10:05:26	Name: AMCV_0FD024EB6135CAAB0A495CAF%40AdobeOrg Value: 1176715910%7CMCIDTS%7C20021%7CMCMID%7C22558719439412650652472222506167161405%7CMCAAMLH-1730370940%7C6%7CMCAAMB-1730370940%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1729773340s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-20028%7CvVersion%7C5.4.0
.demdex.net/	1970-01-21 04:48:38	Name: dextp Value: 903-1-1729766140699
.trellix.com/	1970-01-21 10:05:26	Name: mbox Value: session#2afdc880daca48f187f5978206637d51#1729768001\|PC#2afdc880daca48f187f5978206637d51.37_0#1793010941
.trellix.com/	1970-01-21 00:29:33	Name: ak_bmsc Value: 72807C0A6E81AD68AF051179FE6B89C1~000000000000000000000000000000~YAAQTQEQApvqZ5eSAQAAHKwYvhkYnvBZHudVG0Rar/gXWeRUhJ7tumOMiBMPENn3u+5ROn875GJ+O7O8+qngbvFcKiQT6jhSdf8gAqLv1a9EDCDvd5ntP3vXqw+FOlWfABlpMsWx6OqwPNc9NhUQjCxcyBx7TfKALdYDu7nze3udnTDkDdysQeRfsVny+yuW2+QNsMti/PF6ixAAPKNrcV4Pg9iM5TPLPlWu2sNNMk4dBxYZ2kVVxI0zu2KFclhjZQBk35CQt1r/d6w6jeICSfb6/qD3HqGtqVEZeRG0TklovqyvP5r87Jl8VdWnrPNVjPOLNov3ojI2nJ3kJ+n66ArkKGD7+PcpxZn4hnikPE0G9wEw9KxmDfYza7eMeNeUowxXJ9aj/1dFHdH9To9WlttLxW/5M60+DwfaZ6gdXEPuz7pLpXPKNDvjRJthh+JWERhStVPv5M5SnCtyrTEw1mkn7kaeZbwW7fugCtmw31Tl9mZvnChWKUiNvXnmCd3EDxNjQlY3ilI2GweGrGx0E2uwJUKavywuAgljI1JdJ//MW+sMEhXoPNbUGAotUymafPLvtL/Q+v2yfFeT6AE3tnMD3BQpX6HIhyCQSJemMybuNliyw/blqc5NyrXl9PaPJg1rgI/Z4HBFuYsy2TClOnQslLZdOKhk7kHmGcPFg/e95NWogpSwHdwA5Ror1RdrGnFpDkckDCVC7JGSJVu9XTtiwA9pdFzeLoLOopK762ja7Q==
.627-oog-590.mktoweb.com/	1970-01-21 00:29:27	Name: __cf_bm Value: w1R0gc_cO9y9SUh50nN_q8RrOISmMs1kCWdb7DRh9Og-1729766141-1.0.1.1-0qSNpaSSCgYnrfANnRsfJg.mBr4UOmFw1pXKhfpc8rpcTUHKC3I6qCPwUO3ajG6voKkhIgQcAViMel.TbkfL3g
.trellix.com/	1970-01-21 09:15:02	Name: _abck Value: C6AB5D24C36323F269AF9DDACD0B9438~0~YAAQTQEQAqnqZ5eSAQAAVK0YvgxkXFLRYxyIXD++IM/GQeh4hR6zPEzSl8pfBOR3c8VYf9xr3ypPTWhDP2EXetQzC0F8ih7bQCh0SxqDne2q5fTd25BJOm+kz5oyFHG4Z76oew90UTdWobbKmNnCaCI+ks8KXWVrT07EAxRG9QKlkVDMZravVi9l6CORvSzXI4VCyJZfSiUGEjoTRntrxaKgttxR3lPWdblc0InJS56TFMcm6Kx3m/DWXH8Ws2veHlFeHEbs/Sd9LIwSn6pMO8K11ry9gMHPFFkSmN717K10WotFndvqhXDw2LOnGxhxdtZsbRFCGzs6DzDsFyRHE7R3w9IownIZCUP2MWkyNQrEpTotP5MGKHM6cfnqjy4tSfaazwwqITMWpM2w9vZgFQZPEvjOCgvJZsxUtcElXbCCHV6lgsZUAqJuTvEbuHGRo88Igykti2Ft~-1~\|\|0\|\|~-1
.www.trellix.com/	1970-01-21 00:39:30	Name: RT Value: "z=1&dm=www.trellix.com&si=d8039179-dac0-45b2-97d0-e2a8fc59d676&ss=m2n63iqb&sl=1&tt=208&bcn=%2F%2F684dd327.akstat.io%2F&ld=209"
.trellix.com/	1970-01-21 09:15:02	Name: s_nr Value: 1729766141473-New
.trellix.com/	1970-01-21 00:29:27	Name: gpv Value: en-us%3Ablogs%3Aresearch%3Aunmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat
.trellix.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.trellix.com/	1969-12-31 23:59:59	Name: tp Value: 18725
.trellix.com/	1969-12-31 23:59:59	Name: s_ppv Value: en-us%253Ablogs%253Aresearch%253Aunmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat%2C9%2C9%2C1662
www.trellix.com/	1969-12-31 23:59:59	Name: renderid Value: rend-dnvappaempub12
www.trellix.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: node011e7ocemn1pr2eqrm3i5ys8qk487689.node0
.trellix.com/	1970-01-21 00:29:33	Name: bm_sv Value: 1E6FAAFF422087A1333706882E7288EF~YAAQTQEQArzqZ5eSAQAAqa8YvhkfckcUmEaYUzPmMiU9p+JquZZjofhJuOcSlQ+mMU+l8gFdAFoOj3mu/Hh13E1UCp1lm2yp5h+ScDGqO6HjTcu6wb36bQqDzEeNuSfWJtQ33xS3ZnldoMWyaz40qmi0ZPypJTp66acDTdbHFL0BeGYH4MK/3dAl93+PyaDezj/a/1RwkOmhFIkyylUXD0ICkytt6t+fcZiaOjYsBpeDZY5yzFME62shtAlaEuqGVw==~1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/ Message: [GroupMarkerNotSet(crbug.com/242999)!:A0008A02B4290000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://www.trellix.com/blogs/research/unmasking-the-hidden-threat-inside-a-sophisticated-excel-based-attack-delivering-fileless-remcos-rat/ Message: [GroupMarkerNotSet(crbug.com/242999)!:A0108F02B4290000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

627-oog-590.mktoweb.com
api2932.d41.co
assets.adobedtm.com
buttons-config.sharethis.com
c.go-mpulse.net
cdn-0.d41.co
cdn.jsdelivr.net
cdnjs.cloudflare.com
cm.everesttech.net
dpm.demdex.net
fiaqjiathaajgkqce3yajaaab5truix5-pakm38-0e707c105-clienttons-s.akamaihd.net
kd7qo5qcccuayzy2el6q-pakm38-2e8c99089-clientnsv4-s.akamaihd.net
l.sharethis.com
musarubra.demdex.net
platform-api.sharethis.com
r.clarity.ms
region1.google-analytics.com
s.go-mpulse.net
smetrics.trellix.com
trellix.tt.omtrdc.net
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
www.clarity.ms
www.google.com
www.googletagmanager.com
www.gstatic.com
www.trellix.com
104.16.92.80
104.16.93.80
104.17.25.14
142.250.186.67
143.204.98.107
18.195.217.231
2.16.168.12
20.119.174.243
2001:4860:4802:32::36
216.58.206.68
2600:9000:206f:9e00:c:abe:f440:93a1
2620:1ec:29:1::64
2a00:1450:4001:80f::2008
2a02:26f0:3500:597::1e80
2a02:26f0:3500:c81::11a6
2a02:26f0:480:f::213:7ec8
2a02:26f0:480:f::213:7ee3
2a02:26f0:7100:594::11a6
2a02:26f0:7100::210:151
2a04:4e42:400::485
3.160.150.115
34.250.93.70
52.17.97.65
52.203.56.255
63.140.62.27
66.235.152.156
010834276c6952fe62d380759fe229f60933c58e0760e9424572f3bd38eb9be2
038fa1a8af5f60561b6ea646418bc465200c65e8c2325cfb54573faec07a7c01
050572c4702c51dd080efe7c0d3860163d6784e16216cb4df9cfb9b1d212d87d
0602c4fb1597b7e6e111fe79777e195cacbc73774fcaf233a7835b33372dceae
06f9399ec6cfc9bbc44add22cef77f3f720e3995464c5420ab374a71208b784d
08291c6ef031d49f46614bf9b0ada572ce07cbc4c0c44fea568510f07a9a7806
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
09fa04e84d7038cc32f19bedcba454b9e637a35f4de496e8ec9148c47550f0fc
111e2223a19e33561e1e3bdf7d9294235c2e6f78a1e5bffb98d9958f2809ec31
11f59915c5e02c29fb22980a76c5994bafa5379b73483442ec25b5edf1d7d076
126d4c3775f5f82031b74ba1ecf2c94fbcf4b142bfe432ba15275ae593a19653
13f7d60ab56cc83e0235a2d3a69573104bff1bbc3cbe386bb57063ed59247535
14225150fddc63214b714c396d99003cbb4d321157373a569c3458aee6939214
17cea0bab5029d578ee10727a9d9b93ab89720e394241ff6d59b5744d44f3d9c
1ad9b67129a03f8776a561bd51b1487d570568ac221f127061d8c36935ab1118
1d0c12a2157fc4a25fb7eb4e989b7555289c118fcb20c5eacebbfe0dafcbe30c
204135be6258483e24ad474577fc57ce477214f13f810765181bcae83b4b890f
209b033eae428427637f150bb203967d75651e9d2c1917da0249060d83b55bce
2236c2e4a37163e53ab7328e2516d2cd0615406cc42e84c9e8ce78a4c9ce8c17
2333b293cbc44e8b736565ac84d4bd03cb136f017e5194d321dcc8ca46aa0464
2348643e40a35e21443e9913eec800683a12acdad9aa96ba07d786fe1747e192
2397adc18869c073b061188ae7fff44a00863c0062a9f36920de42cd773dd8b2
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2707847f2f596f7a8515c78311fcd82276bd7cddf1d78e4ebd52879fb24d0cdc
28033e449a31ebcc396e5be8b13b63152bf03094288fb5867034321927bce087
28142ec3f3a440b8687bc30d70ef377dbfccf286cb4d326ebeb5eb7a3c4f8b70
2be3c9e333c016d1449decbf1abf10d4d4aef32099dcf5cb61bb23ee7e6aec64
2ca4c5390345dec3c0c86d73c1f40e798027600ffbb5a96653f7799a7f71896c
2dca728e7e70fffba5efeb1d7f5230f9fad0a4851c5b4daeb187f84f775e845d
2df966377ac21760d4162cec7e8a0049acfbb29421934c5a52efa99188273c7f
2f23c0be63796bb9f31674a55a412a7c9e603a95d900291fbfac1175d443b90d
2f2e3fbca639ff26c4a87bfa14ec5997a87fb8a3e64951c3c7d521f86fdf04a4
2f8e4f32fb56783390fe10c09ae3a716d3afc8efb77361de3eeb764908b9174d
30340b72c6991d891792731fb1dd492ff6a2c530adee3b22d13c5fbc522601e8
30545707854a2822b07daed1aae8e94b571f673adac8e661762b125ae1350de5
35d5c7cdbecbf3a7affa221bf7ff7e61a61d57b0187693a2bf9ea65835878812
3a001c14356b470b8c7ef544144aed6db1298b95cf33303d0471afeae26f197e
3d41287a8a177f145d49b81d576c73064c2bf91f1c0a4c379c6e1418dff8443a
3da6045768a6195fe14319c11ed92f9c08674f2210120d788a7e783070e13624
3f6dc3fa445f3225e6ed2a1b4bcdb6b74684b5804e6bb2cb6b50aa0325b8d81a
401732863df92f5da9850291f234e01cf3c9b24587c13020a5505d6554b2c1a7
41835131c26478e6ba65a8389b935978dfe6fe886a66006945dcd79ed479591e
419e8d55d3c9dc42570b5aef98d606fab8aeb82b1620f02c98b882ccf46b017e
41ff9779305bdc6ddb5a5e7eeff448010e4dc8372402114b4ce4b312b26f869d
43d6145272090a7d6c896942ea0df4035ba3ecbac5232acd381bd00da17c6815
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4d044a47cf090c6ee8a085ed68bf00bac25ba03cd874f64f62581080248213e5
516580cb2ff8b38b4319ed3840509e5ecae6c7bea3157f5e50cb21c4b96895e4
52869316bce7658284e5e2f6627a451c96f563f5cbccaede206d4a7088bbcae2
52c766d175703482411d165b1339220aac1167e3315b792928eb51de6d6b3183
53eeb2383acb9e289ea307fbbd92ca770307fe035550601e44d1c0c4ae6a6d6d
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
584c91e67284c0975554752f88e15aaab71790454091a4d2bacc7eb193245dd9
58da02b9270de8619cda29e7973946a213d979931270beefddbad2ead61730ca
5caa39ce9d372d511d9cfbf4aece7e11470e65342945ed3091462f0d8ef97a0e
6627ca25d87ed46fa552d611de1512c7d1bfbaad2ef3517fd3134b3d43d2c68e
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
6802b345a7a0a8598d73665be12bd678f2ebcee723b9082e93409f8a4d2fdbaf
68b482a2d5d6760bb15c2acd99cf2e9c3758fa0f95e5c50053626ca7f0c2d4e7
6e569ead156ce6bd5cce2f9ec9a5a6efb4439889cdb718c2a14b4e23b021a1fd
756a3870daa06c555a993795eb5ec852df23524020aaffbfd7976fa0cbd47805
78ac4d2a654f89abd04afbc49a220020660b70464e4826e39673de4e37cc95bb
78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa
791b87e15baa22bedacfcdc48292787390d530e8462366dc6351caff2069188a
793f1dd2a2f316abd36f5482777d6e88686410bba7f3710ff30b681e1d8cc430
7ab491a2f3105aa299a74df2993d21b1d90113e151ab397da33f3b6aa22ca7e4
7b3ffddd4ed31fafda8372c812fa40d4b7ce3b7ad44e094bf816fec533e06829
7f3012f520e4aefcff6acbb8cc7198fee604f3f806fd228f59c94077437bda82
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
82a907df7d2011145eeae84bf54e3b52bdbd4d7081e07bd959afdc00c02c9442
88169c656c516ac6374fe2a7988e103f6eb99db165ce6478aa68ce1b74e67ba9
88a2b76f053b707d38126b7c054ba6f74f7e5902d4deae5a231ac212f57bf33d
8c3a1927bf00edb2ad50aec1d493925daa858bf15b22dcb6f69dd7e902978446
8f3ce99568a7c2e2560aa69cb825ac34a68dd483ffcb5c71a1204d52f882f45e
8fb4d49c66b26a87070b52ff59ad02931f9d3dbc3029c0a378a108dd9689166d
9036ca926f0b2f8ab9ade63bfabc393a47d1ff47da1b29472c49071af8ad8937
9361aaa99bd2f940d92294185a2f3d081c1bda58c28f031e7e6c6367f99c23af
958bba9c3821b4a519215228b9beafd3198361968f118b68c68921bce448d6da
9785a7895f41df385f769d0442e02b05b98a900850cc45aaab7667c1fe2ea5a8
97ac409c93cb6090806f65b329a8c29c9cd3f538b7e401dce27d99691a9937a8
9882b3610fdb82cf681ea3464bc031d127e3a3f8b24242f0d471b8ff40de4241
9885d0fa075819d785e2bffb9d001b53b6730c4812e259b1c93b9cd1e5f05a02
98d32b00fca86fc6994df33302e051a6ad03461a43ff5797d5b10ace4cf4772f
990eda3367d8ec0727a9760338ec48e5f3bcadf86995d01704962e357da04831
99c9abe9c61eee2bea48e90c5cf3cd3bd97894a5b0f27fb6f96d9600a5e52f81
9e4b062827b5b7cbc414849dc515073b541f9b72b77dc5ba86f028a9f8112e1b
9febcf4a23351d2662253aa22007bb307431d2ba5bd4925adb7161dd4aed2965
a0176d1f7b6aefb13f9233976b017ba8a8da82634b03e8150ccf5f78f4db9494
a0ab6e29ce917d2091bced7e47d2328c45d50979f1eadb56ae265cec49107b1f
a7267e9045ee2997b3f124f23f60e2e79989c1fb585156b9255c74b59220f582
aa1c350ba37b90d9c86fa0ca1d07a6a42de9dde809c757fb39da1e3f0ba63403
aa45926035087a6965de2cda5390ea25175cc55e531a5a22d54acc1150f8563e
acd1fe5f7f9f6dcbf1e8336ff1e922a33373cb8e2c2a805c3b2e650749bd91eb
ad33c2df9ada8a663c2147357828f980d0b7ca731ef33eb3c6e4f327c3b2cda5
b01bd01687b15585b2740273c8c3c6674dd9f559cfe52eeffdf43b1f93a12d05
b1d4cd6637e955cbfbe5ef3d33bf3e177ac5520d81a0a62c1294d3805796c41d
b2bf76499598162ec1fa1ee40899b2c2bee1810f0bf286798a6d3dd8eb1a6181
b5075ff37d22a6e4456f47ad979e586218253d8c02d38dc8e06fd10296ba4ba7
b5d92d039d7e5b586da380cd3972abbfb70da8f47d460fc8bad00b7ef8ee590b
b86567b335e849be66dee7b31ef5098615cf75ccd991adbf887947b2c00b8101
baaabf07ce7c2e212331a67492310ae823357dd3fb9648c5cc01a63461d17028
be435f09cf3e411f2436202801a90d127800cc5f7b970fdd95aa4f177f8075a9
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
c22d7282df871def585164c2a94ed42406e264d184f363c60bb233d7d65b023b
c540fc745aa98b3688ae932469d410b80fe059453fb4caaa8375dc98b56b2d77
c658618f3cb0bd727f1c61c25047868aedf72c55e4db33f00ce5231c619c862a
c6ce16a2b1eddee2b9f005b419e5e7c0882743dd7550260c6e35073c4607990b
c7131ad766bfa86711bac0d9aaaebbe378fd22e2d46417a3ec330deec9584685
c82b40567e9093a0ef5749ac800d9014cbcaf35820d1dd464cd16bdc4636d965
c9e2b515dbd3297d3582f93d2379df40fb1f622cedd8a0bfd68d5ba3a4887eac
d029b51d694d1b0b226cacde588b0dd3c0cd0be4b9ead38b4e6e728442b2b8d9
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
d899dcbc7eaea8bddf03382c290f577abc55f04dbaf498f1f33c32fd1a69269a
dcc64728657d8a221d4d98b440fa1754f08088732bf487aef530c0db45bfe8c4
df88c97f2c560a631ea88036fcf6142b14bf3a412165123f43b35fe3fae85bd2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52fe8dc347f5b0cb9583c614bf3888a85701b27aafb61b6530d2f451df5f15f
e6276a81bbb6e8b0af3ce931e952e331ac3f1c79ef9aae49a8cd0f880ca5e72a
e82f1a686ce2f7a62a7078bf101a386c58bd4e3b0b2e99f5774b7c1e54f8440f
e874a202a7bb31e434e9f4acf7e1392edeb739a7263b6b99c2d611537ee79560
ec0b429836f9d838f2a4970c24eeaf0295ccf76f5024a0860430eee1418c5534
ed4928c93314a279ef7a6bd32a62a1d5dd156580fb4b6f3e1e51860b1854f489
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1997570009c48a4a68992b828cb37604c5ac0a52bb28f8c938a690bcd3b9e1a
f1db9226a29ed07a02ee3a1743c325277f2248cfdb8315ba8602418c5c1610db
f306b61b8e4ed1fb3b4a0fa93193fbfc635d9fa116084f60c78db961ea2ecd2c
f435707eb6a156d21e374eeccbab8d07f66419ad636d236044f78719b84454c3
f5220de08601a1ac90a232b88b0d39488905190d45535bcc5fefbe9b100eba32
f89553b3c0e342a1d4e9f3fd0728a8389747367171482f0c9ae8c79518c336a5

www.trellix.com Open in urlscan Pro 2a02:26f0:7100::210:151 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

143 Requests

98 %HTTPS

42 %IPv6

17 Domains

27 Subdomains

25 IPs

5 Countries

5191 kBTransfer

9525 kBSize

25 Cookies

32 Outgoing links

Page URL History

Redirected requests

143 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.trellix.com Open in urlscan Pro
2a02:26f0:7100::210:151 Public Scan

Screenshot
Live screenshot

Full Image

143
Requests

98 %
HTTPS

42 %
IPv6

17
Domains

27
Subdomains

25
IPs

5
Countries

5191 kB
Transfer

9525 kB
Size

25
Cookies

143 HTTP transactions
2 data transactions