www.fortinet.com
Open in
urlscan Pro
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd
Public Scan
Effective URL: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Submission: On November 13 via api from IN — Scanned from DE
Summary
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 16th 2024. Valid for: a year.
This is the only time www.fortinet.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
38 | 2a05:d014:f3c... 2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 2606:4700::68... 2606:4700::6812:562a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:440... 2606:4700:4400::ac40:9b77 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2a02:26f0:480... 2a02:26f0:480:f9d::1e80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
3 | 2.17.100.193 2.17.100.193 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 34.248.128.122 34.248.128.122 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a02:26f0:b70... 2a02:26f0:b700:4::210:cc55 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 75.2.108.141 75.2.108.141 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 63.140.62.27 63.140.62.27 | 15224 (OMNITURE) (OMNITURE) | |
2 | 13.35.58.23 13.35.58.23 | 16509 (AMAZON-02) (AMAZON-02) | |
60 | 11 |
ASN16509 (AMAZON-02, US)
www.fortinet.com |
ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com
j.6sc.co | |
c.6sc.co | |
b.6sc.co |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-128-122.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: afe865822f884bb48.awsglobalaccelerator.com
eps.6sc.co |
ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-27.data.adobedc.net
metrics.fortinet.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-35-58-23.fra60.r.cloudfront.net
v.eps.6sc.co |
Apex Domain Subdomains |
Transfer | |
---|---|---|
40 |
fortinet.com
1 redirects
www.fortinet.com — Cisco Umbrella Rank: 156385 metrics.fortinet.com — Cisco Umbrella Rank: 444136 |
4 MB |
8 |
6sc.co
j.6sc.co — Cisco Umbrella Rank: 6855 c.6sc.co — Cisco Umbrella Rank: 8270 ipv6.6sc.co — Cisco Umbrella Rank: 6936 eps.6sc.co — Cisco Umbrella Rank: 10972 v.eps.6sc.co — Cisco Umbrella Rank: 20254 b.6sc.co — Cisco Umbrella Rank: 4441 |
21 KB |
6 |
cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 390 |
126 KB |
5 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 468 |
138 KB |
1 |
demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 276 |
543 B |
1 |
onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 610 |
303 B |
60 | 6 |
Domain | Requested by | |
---|---|---|
38 | www.fortinet.com |
www.fortinet.com
|
6 | cdn.cookielaw.org |
www.fortinet.com
cdn.cookielaw.org |
5 | assets.adobedtm.com |
cdn.cookielaw.org
assets.adobedtm.com |
2 | v.eps.6sc.co |
j.6sc.co
|
2 | metrics.fortinet.com | 1 redirects |
2 | eps.6sc.co |
j.6sc.co
|
1 | b.6sc.co | |
1 | ipv6.6sc.co |
j.6sc.co
|
1 | c.6sc.co |
j.6sc.co
|
1 | dpm.demdex.net |
assets.adobedtm.com
|
1 | j.6sc.co |
www.fortinet.com
|
1 | geolocation.onetrust.com |
cdn.cookielaw.org
|
60 | 12 |
This site contains links to these domains. Also see Links.
Domain |
---|
msrc.microsoft.com |
training.fortinet.com |
www.linkedin.com |
www.x.com |
www.youtube.com |
www.instagram.com |
www.facebook.com |
fortiguard.com |
community.fortinet.com |
investor.fortinet.com |
onetrust.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.fortinet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-07-16 - 2025-07-15 |
a year | crt.sh |
cookielaw.org WE1 |
2024-10-11 - 2025-01-09 |
3 months | crt.sh |
geolocation.onetrust.com WE1 |
2024-10-11 - 2025-01-09 |
3 months | crt.sh |
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-07-09 - 2025-08-09 |
a year | crt.sh |
6sc.co R10 |
2024-09-23 - 2024-12-22 |
3 months | crt.sh |
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-09-25 - 2025-10-26 |
a year | crt.sh |
eps.6sc.co Amazon RSA 2048 M02 |
2024-08-29 - 2025-09-27 |
a year | crt.sh |
v.eps.6sc.co Amazon RSA 2048 M03 |
2024-09-06 - 2025-10-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Frame ID: C65DB3B30A8959E635CBCD40A939318B
Requests: 60 HTTP requests in this frame
Screenshot
Page Title
New Campaign Uses Remcos RAT to Exploit Victims | FortiGuard LabsDetected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- /etc/designs/
- /etc\.clientlibs/
OneTrust (Cookie compliance) Expand
Detected patterns
- cdn\.cookielaw\.org
- otSDKStub\.js
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
Title: CVE-2017-0199
Search URL Search Domain Scan URL
Title: NSE training
Search URL Search Domain Scan URL
Title: NSE 1 – Information Security Awareness
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: FortiGuard Labs
Search URL Search Domain Scan URL
Title: Fortinet Community
Search URL Search Domain Scan URL
Title: Investor Relations
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 57- https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s31175530356225?AQB=1&ndh=1&pf=1&t=13%2F10%2F2024%2011%3A11%3A40%203%20-60&fid=2FF66CA143E345D8-1D28116369355331&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims%3Anew_tab&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims%23new_tab&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims%23new_tab&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims%3Anew_tab&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims%23new_tab&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s31175530356225?AQB=1&pccr=true&vidn=339A3DAE4E3CAED0-40000CD40122B749&ndh=1&pf=1&t=13%2F10%2F2024%2011%3A11%3A40%203%20-60&fid=2FF66CA143E345D8-1D28116369355331&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims%3Anew_tab&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims%23new_tab&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims%23new_tab&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Anew-campaign-uses-remcos-rat-to-exploit-victims%3Anew_tab&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims%23new_tab&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
60 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
new-campaign-uses-remcos-rat-to-exploit-victims
www.fortinet.com/blog/threat-research/ |
81 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
visitorapi.min.js
www.fortinet.com/etc/designs/fortinet/adb-target/ |
64 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
at.js
www.fortinet.com/etc/designs/fortinet/adb-target/ |
104 KB 48 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ |
540 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ |
22 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ |
32 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
toc-icon.jpg
www.fortinet.com/content/dam/fortinet/images/ |
1 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ |
160 KB 74 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f85f39fc-d7aa-467a-b762-fbb722748016.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/ |
5 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ |
32 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
71 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fg-rat-hero.jpg
www.fortinet.com/content/dam/fortinet-blog/article-heros/ |
117 KB 119 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
deep-analysis-of-new-emotet-variant-part-2.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/ |
35 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pdf-phishing-leads-to-nanocore-rat-targets-french-nationals.jpg.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/ |
153 KB 154 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
a_deep_dive_analysis_of_fallchill_remote_admin_tool.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
www.fortinet.com/etc/designs/fortinet/gfonts/ |
37 KB 38 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ |
66 B 303 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig01-remcos-rat-software-website.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image.img.jpeg/1730856265174/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig02-remcos-phishing-email.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_2145042393.img.jpeg/1730856285752/ |
77 KB 78 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig03-remcos-excel-file.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1526230262.img.jpeg/1730856306653/ |
77 KB 79 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig04-remcos-crafted-ole.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_978323627.img.jpeg/1730856324452/ |
146 KB 147 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig05-remcos-downloaded-hta.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_214426422.img.jpeg/1730856341252/ |
108 KB 110 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig06-remcos-examples-script.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_215710500.img.jpeg/1730856359157/ |
169 KB 171 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig07-remcos-extracted-files.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1869023178.img.jpeg/1730856378002/ |
66 KB 67 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig08-remcos-dllhost-powershell.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1494152091.img.jpeg/1730856395632/ |
137 KB 138 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig09-remcos-debugging-aerognosy.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1263028014.img.jpeg/1730856420367/ |
99 KB 100 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig10-remcos-decrypted-code.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1245682691.img.jpeg/1730856441657/ |
106 KB 107 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig11-remcos-exception.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1504675537.img.jpeg/1730856457579/ |
91 KB 92 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig12-remcos-zwsetinformation.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1264330218.img.jpeg/1730856485385/ |
91 KB 92 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig12a-remcos.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1026353546.img.jpeg/1730856721310/ |
37 KB 38 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig12b-remcos.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_2010556436.img.jpeg/1730856715090/ |
52 KB 53 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig13-remcos-display.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_759706181.img.jpeg/1730856571640/ |
132 KB 133 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig14-remcos-autorun.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_116464583.img.jpeg/1730856593234/ |
193 KB 194 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig15-remcos-payload.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1244753560.img.jpeg/1730856614418/ |
94 KB 96 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig16-remcos-memory-view-decrypted-setting-blocl.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_116539316.img.jpeg/1730856630902/ |
209 KB 211 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig17-remcos-register-packet.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_320814119.img.jpeg/1730856652374/ |
266 KB 268 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig17b-remcos-command.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1144901365.img.jpeg/1730856733204/ |
8 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig18-remcos-send-process-list-c2.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_42816202.img.jpeg/1730856755219/ |
219 KB 220 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig19-remcos-process-manager.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_1820712132.img.jpeg/1730856776798/ |
122 KB 124 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig19-remcos-table.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_988305437.img.jpeg/1730856801764/ |
577 KB 578 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fig20-remcos-workflow.jpeg
www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims/_jcr_content/root/responsivegrid/table_content/par/image_109718400.img.jpeg/1730856820846/ |
69 KB 71 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.10.0/ |
356 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/4ee482d4-0cd8-4c59-918a-90483d5b8131/ |
100 KB 24 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/ |
9 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otPcTab.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/ |
45 KB 12 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
assets.adobedtm.com/ |
506 KB 122 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP31dbb9c60e404ba1aa6e746d49be6f29/ |
35 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP31dbb9c60e404ba1aa6e746d49be6f29/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6si.min.js
j.6sc.co/ |
68 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/ |
358 B 509 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
optOutStatus
dpm.demdex.net/ |
41 B 543 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
c.6sc.co/ |
7 B 194 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
ipv6.6sc.co/ |
36 B 340 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/e65b3d3bd1f9/ |
2 KB 1005 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
details
eps.6sc.co/v3/company/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
www.fortinet.com/etc/designs/fortinet-blog/ |
318 B 2 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
details
eps.6sc.co/v3/company/ |
760 B 664 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s31175530356225
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/ Redirect Chain
|
43 B 249 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
v
v.eps.6sc.co/ |
12 B 522 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img.gif
b.6sc.co/v1/beacon/ |
43 B 257 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
v
v.eps.6sc.co/ |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
54 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| OptanonWrapper object| OtTrustedType object| fortinet_blog object| EasyAutocomplete object| search_config boolean| blogFilter string| documentsQuery function| htmlEncode function| hideAutoComplete function| sitesearch_init function| sitesearch_search_callback function| sitesearch_countall_callback function| sitesearch_do_search function| sitesearch_do_force_search function| sitesearch_spellcheck_callback function| sitesearch_do_spellcheck function| sitesearch_do_suggest_search function| sitesearch_query_searchresult_callback function| sitesearch_do_query_searchresult function| sitesearch_click_page_callback function| sitesearch_click_page function| search_action function| sitesearch_search_fortiguard function| count_facets_type function| shuffle_facets function| setImmediate function| clearImmediate function| $ function| jQuery string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| Optanon object| OneTrust object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in number| timer_e object| _6si function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq function| liberatedGetOptOut object| Sixsct object| t boolean| _storagePopulated object| s_i_fortinetincproduction object| targetGlobalSettings13 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.fortinet.com/ | Name: cookiesession1 Value: 678A3E2203607A9665AFAB6F90336885 |
|
.fortinet.com/ | Name: OptanonConsent Value: isIABGlobal=false&datestamp=Wed+Nov+13+2024+11%3A11%3A39+GMT%2B0100+(Mitteleurop%C3%A4ische+Normalzeit)&version=6.10.0&hosts=&consentId=849cb68e-9b06-4b5d-bfe1-5d32bebdc07d&interactionCount=0&landingPath=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims%23new_tab&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0 |
|
www.fortinet.com/ | Name: aa_cc Value: DE |
|
www.fortinet.com/ | Name: aa_cn Value: DE |
|
www.fortinet.com/ | Name: AWSALB Value: 4eKUfSteg1S9b3tYVRBXFEEPYR8Qdm6nVchFdOI3laym82Kc/atBmcFlGm25sN4ynoX2FVgRmVYSQ14LdVfI/nDm0mMP5+bedFB21kQAUsvUjlKlRV7ItzUcVzuzxsKUa5aAzXzfQspre57E8kFaXXoIPF/MrupUccTk59+GL+5WIwseDGuaRYwMU/Yv9uHBCthdZy+mmQ1NfCX6Y0C2sZV6YdSAey2n |
|
www.fortinet.com/ | Name: AWSALBCORS Value: BLgeHKcBSlna3spLa+lJ/oUSCB0tQG3w4Vk31kCW8cFb5ARQQ0w4EdXrFzz0tLmSjNw9J934TGpvWfkrtQP3UlJNiDiFkun7xHxz/4wInOfGc61+6TLV8Bo+EoClVaU498FHIFUCOSH1W0J6H4n3XjoJf9gLAeTS8xn8pttlC5K9y6KeGePUpoZIsgOloOlnOibWW+IYjFVAODcdV5VH/psAXzmQ9NTS |
|
.fortinet.com/ | Name: s_fid Value: 2FF66CA143E345D8-1D28116369355331 |
|
.fortinet.com/ | Name: gpv_pn Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fnew-campaign-uses-remcos-rat-to-exploit-victims%23new_tab |
|
.fortinet.com/ | Name: s_getNewRepeat Value: 1731492700243-New |
|
.fortinet.com/ | Name: s_cc Value: true |
|
www.fortinet.com/ | Name: _gd_visitor Value: ea568de4-4fb4-4ca3-8f37-055db15b90e0 |
|
www.fortinet.com/ | Name: _gd_session Value: f676cc19-3059-4a75-8d18-4a227d2aa33b |
|
.fortinet.com/ | Name: s_vi Value: [CS]v1|339A3DAE4E3CAED0-40000CD40122B749[CE] |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'self' https://www.fortinet.com |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
b.6sc.co
c.6sc.co
cdn.cookielaw.org
dpm.demdex.net
eps.6sc.co
geolocation.onetrust.com
ipv6.6sc.co
j.6sc.co
metrics.fortinet.com
v.eps.6sc.co
www.fortinet.com
13.35.58.23
2.17.100.193
2606:4700:4400::ac40:9b77
2606:4700::6812:562a
2a02:26f0:480:f9d::1e80
2a02:26f0:b700:4::210:cc55
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd
34.248.128.122
63.140.62.27
75.2.108.141
0cd344605a83e699d26efaf3206c882e108d1197292e2f3b4c327a24ed53e613
0cf246d6cd139b795a60b01f5d66885f3a685b2433222bd698371d429418d5ea
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
23ca5578686d651deed4508b104fe16de675ab296becda560dc17d741f090af1
259bd74127f3150b5dbe1c2f9da49d1dbeeecce06bd0152f333839f448722ae2
2a250e2f225e48cf583d54a0a42d623c700847de17323bf23ea372e5d9e89cb2
2bc3f32248814e53fb0792922dae3d54ebbeb6c7be7d95d20df0e2fa6a69ae67
30e3ee538441256091bfe54048cdb9883bd4509a9e6e4b68827771ddb1cf4207
32b4931413d5ce2afcf4ef52b12d39c3d6dd7247bd73c3a160c734b67c1a4c95
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
38a4d98e8a644d2a59d5f709452915bec15b125de944590af7fcaeb06b2472ca
3923bff4786ef686d8dd4376b99c73c72b93e302b1dfb68243c7b620c4c27b99
3cafe408bf18e918d7daac870762a97244d03a73aca8ed7fe6a17141dfe34dad
3e75053eb73861e42602ca4075a48ad1a004f507ca9949210cfd09517114cc72
452ee2471448cc6b716090a014cf7fc9cc515998bda9dcc334aa073a72a591e7
46ef912a5bf1fec350dc9d14102bcf1965471f16a57a890bdc5fc06bc4404370
4874fa9fd13dc1a03d79114835648fcad2a4ea5f9e53a72a19f7a1c2f002de34
512a4f403d30a587ad5ab0b9fa7b2fd4f078249ee03f9c23c445332838f6a436
526ce96eca2acb0ad95fb1142504f90ed1a4127de5770bed7503f940921e7dd5
56df5bf2317bc2156b954c3fd2913afcce23eb4947c47f3ac401017dc4a0151d
5a922a2c59c77d6ae5ce67413c452540ffe00b468d240ab6928531bab15fce2b
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
5f13d75795dbc9a02d514d38afb282a463efe4698b22c820a040b17c132a6127
65a1c8e40f97a72622872b33032cc16d98c9cd61c56d1fe897a0ded9a7375dc4
6f08d97de4c754e557527697c91b30e3165dd470d58c62aecd37da851f2b1bff
75e1826a8d1cd5059e09ca0c508d8da3228ecf159fd01316ec34eaef57543357
789e8ae2f43db57070e47d9ab0ec5ba687cd2e3525084d152b001cb17e36d03c
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
7c502d550f5fe20eee417decbabf97452005f80d5ffe8933e2b0fe8cbcf33fe9
7d8bd939933062935977eeb7af4d11047164be70e17407be8c754458ae19ba4e
7db8d077fc21c20f1449a2603d524e423cfa25d7df6d5fd845a8e5e883aa227e
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
8cbd18186b68edee7ccf8f12acfd296f3752d51cd0ebc04dff271e9d601d744d
910ab43f73b6073142379650feb6de6f77744c9a418754fab9e8c71b12065c10
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
9ce9e23b2f0aff01f3a20cde4e99e014e306dfb3c420bee920ea9e0f323a6ccc
a1050b6624dd64bb43f5b8c093c1363ab2fdc3b0698ee486df2e7d897d2c6ef6
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a5fedaddf8960351b7dcb1bf9b4a2ce58b28a336901d7eebe92b92c9aeb185f8
ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace
b726aa772c609165b5815643b26bb2e91d5d55d337a1cd073a0b9b943d77e869
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
c3b557d8a9405227edbfd04c2f2f199168deceb2806059a02abba860054615a5
c44f719750dd68af8862cbcfa4ab17d67bf462fa44992e5043f073af63c72984
c5e2f3bd6de83dae9307b2eb56380edaef01582a4ca721583ce3c745b15c2388
c93c62ebfd2a7f0e95f77ea558c53c2536ba327c1a28ad4870f2d518476500b6
ced16fb84941eb1582822542d082b1911b669ac0c125c3ba47d55e3521a1514c
d12d6916f244b407ef03c8a770d16da6a3aa60adef4d3ad50c6341c32fe841cc
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e5873dbdaa376d924cfa4b2ba4b1622d4e6e483866e2b7bc24ef3007ff5960e7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2489dc61786cfcc0a7d81d9ef195c9ad53620928e746388f507f59f76cbb258
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
fc0de94620ef9ccacfa68e0c7fef1dd6ad73f7920acd47cc1009713af6f1b703
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a