www.cyfirma.com Open in urlscan Pro
2606:4700:10::ac43:18d6 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
Submission: On July 30 via api (July 30th 2024, 12:34:10 am UTC) from BY — Scanned from DE

Summary HTTP 133 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 22 IPs in 4 countries across 16 domains to perform 133 HTTP transactions. The main IP is 2606:4700:10::ac43:18d6, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.cyfirma.com.
TLS certificate: Issued by E6 on June 11th 2024. Valid for: 3 months.

This is the only time www.cyfirma.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 97	2606:4700:10:... 2606:4700:10::ac43:18d6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700::68... 2606:4700::6812:5e29	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.9.95.62 65.9.95.62	16509 (AMAZON-02) (AMAZON-02)
3	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:480... 2a02:26f0:480:15::213:7e4a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2620:1ec:bdf::60 2620:1ec:bdf::60	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	51.8.64.151 51.8.64.151	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2a01:4f8:1c17... 2a01:4f8:1c17:6617::1	24940 (HETZNER-AS) (HETZNER-AS)
1 2	13.74.129.1 13.74.129.1	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
133	22

97 2606:4700:10::ac43:18d6 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.cyfirma.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:5e29 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-62.prg50.r.cloudfront.net

in.fw-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:15::213:7e4a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::60 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.8.64.151 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

h.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4f8:1c17:6617::1 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)

moderate4.cleantalk.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.74.129.1 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
97	cyfirma.com 1 redirects www.cyfirma.com	6 MB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1114 h.clarity.ms — Cisco Umbrella Rank: 19880 c.clarity.ms — Cisco Umbrella Rank: 1838	29 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	454 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 669 px4.ads.linkedin.com — Cisco Umbrella Rank: 7330	3 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104 region1.google-analytics.com — Cisco Umbrella Rank: 3123	21 KB
4	gstatic.com fonts.gstatic.com www.gstatic.com	236 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	35 KB
3	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 3877 cdnjs.cloudflare.com — Cisco Umbrella Rank: 336	34 KB
2	google.com www.google.com — Cisco Umbrella Rank: 10 region1.analytics.google.com — Cisco Umbrella Rank: 3773	988 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 341	770 B
1	cleantalk.org moderate4.cleantalk.org — Cisco Umbrella Rank: 595550	265 B
1	google.de www.google.de — Cisco Umbrella Rank: 6716	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 252	254 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	14 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	900 B
1	fw-cdn.com in.fw-cdn.com — Cisco Umbrella Rank: 228400	89 KB
133	16

	Domain	Requested by
97	www.cyfirma.com	1 redirects www.cyfirma.com
5	www.googletagmanager.com	www.cyfirma.com www.googletagmanager.com www.google-analytics.com
4	h.clarity.ms	www.clarity.ms
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	fonts.gstatic.com	fonts.googleapis.com
3	cdn.jsdelivr.net	www.cyfirma.com
2	c.clarity.ms	1 redirects
2	www.clarity.ms	www.cyfirma.com www.clarity.ms
2	challenges.cloudflare.com	1 redirects www.cyfirma.com
1	c.bing.com	1 redirects
1	moderate4.cleantalk.org	www.cyfirma.com
1	www.gstatic.com	www.google.com
1	px4.ads.linkedin.com	www.cyfirma.com
1	www.google.de	www.cyfirma.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	fonts.googleapis.com	www.cyfirma.com
1	www.google.com	www.cyfirma.com
1	cdnjs.cloudflare.com	www.cyfirma.com
1	in.fw-cdn.com	www.cyfirma.com
133	23

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
www.cyfirma.com E6	`2024-06-11` - `2024-09-09`	3 months	crt.sh
*.fw-cdn.com Amazon RSA 2048 M02	`2023-12-24` - `2025-01-21`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
*.google.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
*.google.de WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
*.cleantalk.org Sectigo RSA Domain Validation Secure Server CA	`2023-09-07` - `2024-09-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
Frame ID: 5257FE80475625B78C9AD7F4C2932FE5
Requests: 133 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Exploiting Document Templates: Stego-Campaign Deploying Remcos RAT and Agent Tesla - CYFIRMA

Page URL History Show full URLs

https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-a... HTTP 301
https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-a... Page URL

Detected technologies

particles.js (JavaScript Graphics) Expand

Overall confidence: 100%
Detected patterns

/particles(?:\.min)?\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

133
Requests

97 %
HTTPS

82 %
IPv6

16
Domains

23
Subdomains

22
IPs

4
Countries

7494 kB
Transfer

10239 kB
Size

22
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer.php?u=https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=%27https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/%27&text=Exploiting-Document-Templates-Stego-Campaign-Deploying-Remcos-RAT-and-Agent-Tesla

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/&title=Exploiting-Document-Templates-Stego-Campaign-Deploying-Remcos-RAT-and-Agent-Tesla&source=https://www.cyfirma.com

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyfirma/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/cyfirma/

Search URL Search Domain Scan URL

URL: https://twitter.com/cyfirma?lang=en

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla HTTP 301
https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://challenges.cloudflare.com/turnstile/v0/api.js HTTP 302
https://challenges.cloudflare.com/turnstile/v0/b/8c81cb09042c/api.js

Request Chain 119

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1722299639469&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1722299639469&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla%2F&e_ipv6=AQKsjBE2uDz-fQAAAZEBDucPZHYTOUYLVDp1SOX191xLeWQAYAOqRKk_eCLb91q9cPwKYNdz5AM8gubgSXdBCEbdw3RMgw

Request Chain 129

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=90F4C9212EE54FE99498FA1A194C74E7&RedC=c.clarity.ms&MXFR=057C02C972B467262CE5160576B46995 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=90F4C9212EE54FE99498FA1A194C74E7&MUID=01D33E42198664EB323E2A8E185465FD

133 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
Redirect Chain

https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla
https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

125 KB
37 KB

3086ms
3085ms

Document
text/html

2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12e6fb6f5d9754381711e561bf2d02ba8f143fbad13970f9bea0d95a1c21b9e2

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: https://www.cyfirma.com/
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8ab1428c4c1a1903-FRA
content-encoding: br
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
content-type: text/html; charset=UTF-8
date: Tue, 30 Jul 2024 00:33:57 GMT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://www.cyfirma.com/wp-json/>; rel="https://api.w.org/" <https://www.cyfirma.com/wp-json/wp/v2/out-of-band/25190>; rel="alternate"; type="application/json" <https://www.cyfirma.com/?p=25190>; rel=shortlink
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-origin: https://www.cyfirma.com/
cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 8ab1427879681903-FRA
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
content-type: text/html; charset=UTF-8
date: Tue, 30 Jul 2024 00:33:54 GMT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
expires: Tue, 30 Jul 2024 01:33:54 GMT
location: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
pragma: no-cache
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY
x-redirect-by: WordPress
x-xss-protection: 1; mode=block

GET
H3

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/b/8c81cb09042c/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js
https://challenges.cloudflare.com/turnstile/v0/b/8c81cb09042c/api.js

43 KB
15 KB

15ms
15ms

Script
application/javascript

2606:4700::6812:5e29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/8c81cb09042c/api.js
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
Protocol: H3
Server: 2606:4700::6812:5e29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25b1f543c4682618e2fff0c607d70a896ecfc080ce500c41ce00b7ffad0ec411

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:57 GMT
content-encoding: br
last-modified: Fri, 26 Jul 2024 18:15:35 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
cross-origin-resource-policy: cross-origin
cf-ray: 8ab142a09d1d9f10-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Tue, 30 Jul 2024 00:33:57 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-origin: *
location: /turnstile/v0/b/8c81cb09042c/api.js
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
cf-ray: 8ab142a07d079f10-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 970201.js Show response
in.fw-cdn.com/31855454/ 353 KB
89 KB 100ms
35ms Script
text/javascript 65.9.95.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.fw-cdn.com/31855454/970201.js
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-62.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0d6cbfad423f414457e84247076eaeea86b8272c22ac17ffac2bc9456cf6bdd7

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: QMPtZwGwOQ6UmruY2iNVtyStDwkBquXG
content-encoding: br
via: 1.1 d5da174e34f35b7d1482b8432bf7e084.cloudfront.net (CloudFront)
date: Tue, 30 Jul 2024 00:33:57 GMT
last-modified: Sat, 15 Jun 2024 05:17:48 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
age: 73
x-amz-server-side-encryption: AES256
etag: W/"aa59d3c45a045910d82fc8e43be99664"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=120
x-amz-cf-id: Ej7EE3t_QlvtpR0pb49KPbUQbSwBJzNTNYRfmwY8KRTpkImTBgUjAA==

GET
H2 200 style.min.css
www.cyfirma.com/my_includes/css/dist/block-library/ 108 KB
14 KB 1251ms
1244ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/my_includes/css/dist/block-library/style.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 14501
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:33:48 GMT
server: cloudflare
etag: "1ae43-610b7775e6b00-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03de91903-FRA

GET
H2 200 styles.css
www.cyfirma.com/apps/contact-form-7/includes/css/ 3 KB
1 KB 1000ms
992ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7/includes/css/styles.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 1015
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:44:13 GMT
server: cloudflare
etag: "b4e-610b79c9f2940-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03deb1903-FRA

GET
H2 200 wpcf7-redirect-frontend.min.css
www.cyfirma.com/apps/wpcf7-redirect/build/css/ 316 B
232 B 1019ms
1011ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/wpcf7-redirect/build/css/wpcf7-redirect-frontend.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c0647c53dde19cd56b2dfd0626db41f3db20c92984e1e6a4d469c19e4823adf

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 124
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:14:53 GMT
server: cloudflare
etag: "13c-610b733b7b140-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03ded1903-FRA

GET
H2 200 cleantalk-public.min.css
www.cyfirma.com/apps/cleantalk-spam-protect/css/ 2 KB
877 B 976ms
969ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/cleantalk-spam-protect/css/cleantalk-public.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f2c1f098f7a28dbab913d292da562c06b45d6495ec9a60e6cbc6b99564ef5e4

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 768
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Mar 2024 09:12:14 GMT
server: cloudflare
etag: "876-61295c58c5780-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03dee1903-FRA

GET
H2 200 cf7msm.css
www.cyfirma.com/apps/contact-form-7-multi-step-module/resources/ 99 B
250 B 1027ms
1020ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7-multi-step-module/resources/cf7msm.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

503f9aa8675e396e6feec3369148a12f5c863c5068d573e72a3f2f4d217ac0d3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 107
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:12:42 GMT
server: cloudflare
etag: "63-610b72be8ca80-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03def1903-FRA

GET
H2 200 style.min.css
www.cyfirma.com/apps/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/ 2 KB
644 B 999ms
992ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/style.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aeb9107928bb523947c28e17358efb50a07b942e15ed0a72259a5794ea2ca96

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 535
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 13:50:19 GMT
server: cloudflare
etag: "6b4-610b6dbdc3cc0-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03df01903-FRA

GET
H2 200 uacf7-frontend.css
www.cyfirma.com/apps/ultimate-addons-for-contact-form-7/assets/css/ 72 B
199 B 981ms
974ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/ultimate-addons-for-contact-form-7/assets/css/uacf7-frontend.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb159f0e64f868842c4076aa1bad566f788936364cd8766e60e63c61f7b5d88e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 92
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Mar 2024 09:12:35 GMT
server: cloudflare
etag: "48-61295c6ccc6c0-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03df21903-FRA

GET
H2 200 font-awesome.min.css
cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/ 30 KB
7 KB 66ms
10ms Stylesheet
text/css 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/font-awesome.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 30 Jul 2024 00:33:57 GMT
x-content-type-options: nosniff
content-encoding: br
age: 171929
x-jsd-version: 4.7.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6643
x-served-by: cache-fra-eddf8230047-FRA
x-jsd-version-type: version
etag: W/"7918-USx9eQM+MCipvmG1QM8aaHDIlvg"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 all.min.css
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.4/css/ 58 KB
13 KB 67ms
11ms Stylesheet
text/css 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.4/css/all.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 30 Jul 2024 00:33:57 GMT
x-content-type-options: nosniff
content-encoding: br
age: 485661
x-jsd-version: 5.15.4
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 13056
x-served-by: cache-fra-eddf8230047-FRA
x-jsd-version-type: version
etag: W/"e7a9-pX7mjRFgGw/Y5QN/wkH/ZadURzw"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/ 99 KB
19 KB 64ms
19ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 465624
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 18688
last-modified: Tue, 30 Aug 2022 20:09:06 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "630e6e62-4900"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jjUYdPS5WKZanmIC9mK2GXJHuHuImhLGr7ikSVJMSSYx%2Fd%2F5XU1213RCzdjQpnlqzbbPbKguwz4mPzkLGFEw8FgzVU4x327E%2FiztiE0a6DhCQsq6O5ErIZ0zBl4woumMJZaeuEi%2FvvkuVxi4eykQo%2FNK"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8ab142a07a53bba9-FRA
expires: Sun, 20 Jul 2025 00:33:57 GMT

GET
H2 200 remixicon.css
cdn.jsdelivr.net/npm/remixicon@3.2.0/fonts/ 117 KB
15 KB 64ms
9ms Stylesheet
text/css 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/remixicon@3.2.0/fonts/remixicon.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f317ff168377c5b94d740f17e27e8859d4f89abd2ff2416c0041684adcfa1004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 30 Jul 2024 00:33:57 GMT
x-content-type-options: nosniff
content-encoding: br
age: 2405526
x-jsd-version: 3.2.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 15081
x-served-by: cache-fra-eddf8230047-FRA
x-jsd-version-type: version
etag: W/"1d55c-0a0+Yx2s2C7k3XacPCH2+Iflc94"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 skin.css
www.cyfirma.com/template/ 0
72 B 996ms
990ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/skin.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-length: 0
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "0-5e56a3f9b7500"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03df31903-FRA

GET
H2 200 blocks.css
www.cyfirma.com/template/assets/css/ 8 KB
2 KB 1011ms
1006ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/blocks.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

738d4cf265345f71cce17d9a69eb8f20df5de1fa2a6e5be1c6ca76824cf8745a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 1447
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "1e35-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03df41903-FRA

GET
H2 200 bootstrap.min.css
www.cyfirma.com/template/assets/css/ 156 KB
23 KB 1199ms
1193ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/bootstrap.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b23a5e62bb16bd36bfa1555d3f741821201496ac4b6d2cc974549568adadec88

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 23649
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "26eee-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03df51903-FRA

GET
H2 200 fontawesome.min.css
www.cyfirma.com/template/assets/css/ 55 KB
12 KB 1004ms
999ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/fontawesome.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

425a515894a7215256e54706cc640acbb4fb34fd17eb29b374846d8b106e6f8e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 12157
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "da62-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03dfa1903-FRA

GET
H2 200 all.css
www.cyfirma.com/template/assets/css/ 77 KB
16 KB 1215ms
1210ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/all.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4948aa9fd1875b6f894bf7ac085914baf38bc27d8b0699864a849c7b7f233ca7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 16190
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "135ba-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03dfb1903-FRA

GET
H2 200 jquery.fancybox.css
www.cyfirma.com/template/assets/css/ 14 KB
4 KB 970ms
966ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/jquery.fancybox.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cf8b2588497dcd12fa96a75731c6ec327491f8d55f18da0af72b70afa6713af

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 3486
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "382f-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03dfc1903-FRA

GET
H2 200 slick.css
www.cyfirma.com/template/assets/css/ 1 KB
599 B 1051ms
1047ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/slick.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c1f806310322c848c4c996ca568a03b3b16cf9487cbccf09aef3cf17e2c643d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 490
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "534-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03dfd1903-FRA

GET
H2 200 jquery.mCustomScrollbar.css
www.cyfirma.com/template/assets/css/ 42 KB
4 KB 974ms
970ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/jquery.mCustomScrollbar.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40790d44e3deecffafb17b8cdd23a754eabb0faee9c6dfeb3a3b7b17c2fbaa6a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 3989
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "a8a2-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03dfe1903-FRA

GET
H2 200 custom-style.css
www.cyfirma.com/template/assets/css/ 92 KB
16 KB 1257ms
1253ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/custom-style.css?v=11.73

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c40ab757e586668e665046ee7b65fadb360379607677de549111d1eb412096fd

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 15874
x-xss-protection: 1; mode=block
last-modified: Mon, 08 Apr 2024 11:03:17 GMT
server: cloudflare
etag: "171f5-61593c0a9e740-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03e001903-FRA

GET
H2 200 new-custom-style.css
www.cyfirma.com/template/assets/css/ 257 B
252 B 990ms
986ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/new-custom-style.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8e5aea71b92d5bc2e05586277048d2b3b558e75aa7df216a28e4b77bceecc8d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 145
x-xss-protection: 1; mode=block
last-modified: Mon, 05 Sep 2022 12:51:37 GMT
server: cloudflare
etag: "101-5e7ed8a4b2840-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03e021903-FRA

GET
H2 200 responsive.css
www.cyfirma.com/template/assets/css/ 37 KB
8 KB 973ms
970ms Stylesheet
text/css 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/responsive.css?v=12.14

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

734eb66ec42044d294644d6e06b73eb7723ec74db2f6dd89c5bc98f0775695cf

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 7610
x-xss-protection: 1; mode=block
last-modified: Tue, 05 Mar 2024 09:52:16 GMT
server: cloudflare
etag: "93da-612e6cc157400-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03e031903-FRA

GET
H2 200 jquery.min.js Show response
www.cyfirma.com/template/assets/js/ 87 KB
30 KB 1243ms
1240ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/jquery.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 30910
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "15d84-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03e041903-FRA

GET
H2 200 devtools-detect.js Show response
www.cyfirma.com/apps/wp-hide-security-enhancer/assets/js/ 1 KB
674 B 1020ms
1017ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/wp-hide-security-enhancer/assets/js/devtools-detect.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa4c3d21c2a86169948b5acc1bf4a8589bd4898c5bca6f46a20ae8727b30179

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 536
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:16:11 GMT
server: cloudflare
etag: "59f-610b7385de0c0-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03e051903-FRA

GET
H2 200 apbct-public-bundle.min.js Show response
www.cyfirma.com/apps/cleantalk-spam-protect/js/ 68 KB
18 KB 1276ms
1273ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/cleantalk-spam-protect/js/apbct-public-bundle.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b70afed08e44bc1907904f7e27c6bdd98b8808d18295b603fa173aecbf3a6964

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 17668
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Mar 2024 09:12:14 GMT
server: cloudflare
etag: "1107a-61295c58c5780-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03e061903-FRA

GET
H2 200 script.min.js Show response
www.cyfirma.com/apps/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/ 409 B
360 B 1039ms
1037ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/script.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7bb442b06bfb13ecfee3c3ec2b6b19440a33e080ca9378f8d6f161281bd01ed

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 274
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 13:50:19 GMT
server: cloudflare
etag: "199-610b6dbdc3cc0-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03e071903-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 208 KB
75 KB 157ms
22ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-80179732-4

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bd120ee4034fc0f6b97ae314280bcc385d8911123a56d14481ae04f73dcf7ce8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76494
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 00:16:41 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 00:33:59 GMT

GET
H2 200 CyfirmaLogoWhite.svg
www.cyfirma.com/media/2022/08/ 18 KB
7 KB 1021ms
1018ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/CyfirmaLogoWhite.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07ce60e24df059952c6c4f6a82cdb94603280a563a2c2e467f71dc712d0892a7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Mon, 08 Aug 2022 05:08:58 GMT
server: cloudflare
content-encoding: br
etag: W/"465e-5e5b3d02bee80"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a03e081903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 selfassessment.png
www.cyfirma.com/media/2024/03/ 2 KB
2 KB 1024ms
1022ms Image
image/png 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/selfassessment.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f0bf6c7c4247fa5a2100058e45c6fe238c225fd1b73233a7dc30281c521926c

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:58 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-length: 1700
x-xss-protection: 1; mode=block
last-modified: Sat, 16 Mar 2024 08:59:56 GMT
server: cloudflare
etag: "6a4-613c359382490"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a03e091903-FRA

GET
H2 200 en.png
www.cyfirma.com/media/flags/ 1012 B
1 KB 5921ms
5905ms Image
image/png 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/flags/en.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b82368a28809e066c7a394775e69bc6ce1ca857317222b8b0ea4ffe53ae5b5f3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:05 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 1012
x-xss-protection: 1; mode=block
last-modified: Fri, 23 Sep 2022 07:10:14 GMT
server: cloudflare
etag: "3f4-5e952de8e2180"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a891903-FRA

GET
H2 200 tesla4-fe.jpg
www.cyfirma.com/media/2024/03/ 462 KB
463 KB 1469ms
1468ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-fe.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96575fc32b3231fa7aeac61378dfc07747746689208ef45e5ad58972c1d6f8b8

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 473562
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:07 GMT
server: cloudflare
etag: "739da-612d92cb6e5b8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a699851903-FRA

GET
H2 200 tesla4-1.jpg
www.cyfirma.com/media/2024/03/ 78 KB
78 KB 1575ms
1575ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-1.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

330321d8aa1a7fc5524f93a2ccface65b49bd25fcb8e8bfb249cc08019512358

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 79696
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:22 GMT
server: cloudflare
etag: "13750-612d92d91d880"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a6a9891903-FRA

GET
H2 200 tesla4-2.jpg
www.cyfirma.com/media/2024/03/ 259 KB
260 KB 1430ms
1414ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-2.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

211a4933b82b2b053eb29b74740a019346277aec04320ce0bbb019474c1ea674

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 265377
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:23 GMT
server: cloudflare
etag: "40ca1-612d9313793a8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a8a1903-FRA

GET
H2 200 tesla4-3.jpg
www.cyfirma.com/media/2024/03/ 55 KB
55 KB 3718ms
3702ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-3.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbd49a5b319631b451c6b5e4a8e5f31fec01719ee09c2f6b191d11f32cc4173e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:02 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 55999
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:21 GMT
server: cloudflare
etag: "dabf-612d9311b2e20"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a8b1903-FRA

GET
H2 200 tesla4-4.jpg
www.cyfirma.com/media/2024/03/ 70 KB
71 KB 1536ms
1521ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-4.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66869accdf5a15de0689a27981924e35f802ab79647713d0065a7aa652318d25

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 72029
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:19 GMT
server: cloudflare
etag: "1195d-612d9310008e8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a8c1903-FRA

GET
H2 200 tesla4-5.jpg
www.cyfirma.com/media/2024/03/ 126 KB
127 KB 6424ms
6409ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-5.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ab5ac8b0dde07ae9c068abd9363ae8fe9a36fd83b91eb4b2fe242e520a6593b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:05 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 129471
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:17 GMT
server: cloudflare
etag: "1f9bf-612d930e72da0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a8d1903-FRA

GET
H2 200 tesla4-6.jpg
www.cyfirma.com/media/2024/03/ 220 KB
221 KB 5386ms
5371ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-6.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

011f4f213aac2e9e1d6117d74cd568bdad3e1a2a52e499bdf0b5e3c4114561a3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:04 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 225481
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:16 GMT
server: cloudflare
etag: "370c9-612d930ce7d50"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a8e1903-FRA

GET
H2 200 tesla4-7.jpg
www.cyfirma.com/media/2024/03/ 48 KB
48 KB 1470ms
1455ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-7.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61a87614d13c027331e36d1a1e6814c161a0919b4a76b563949f79b92ff6d17a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 49474
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:14 GMT
server: cloudflare
etag: "c142-612d930b13538"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a8f1903-FRA

GET
H2 200 tesla4-8.jpg
www.cyfirma.com/media/2024/03/ 35 KB
35 KB 1229ms
1214ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-8.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b4d3cc016f2015d6a1aee9679b30a4f3919d56b1feb8e1974b2e46da8c5f5a1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 36050
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:12 GMT
server: cloudflare
etag: "8cd2-612d930988cb8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a901903-FRA

GET
H2 200 tesla4-9.jpg
www.cyfirma.com/media/2024/03/ 114 KB
115 KB 4342ms
4327ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-9.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88aa21ee8ac94f3d8e85fcbf785e3e08111726daf5a8e73e67c2dc780ca06666

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:03 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 117041
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:10 GMT
server: cloudflare
etag: "1c931-612d9307d2ce8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a921903-FRA

GET
H2 200 tesla4-10.jpg
www.cyfirma.com/media/2024/03/ 51 KB
51 KB 4338ms
4324ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-10.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43da9799bbe67a64a3bfd02b898454b7c89ce3298bb3cab76d7866da95e1e879

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:03 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 52440
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:09 GMT
server: cloudflare
etag: "ccd8-612d93062bb60"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a931903-FRA

GET
H2 200 tesla4-11.jpg
www.cyfirma.com/media/2024/03/ 101 KB
101 KB 3688ms
3674ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-11.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec694ad852a4688eef1b5a3d78bb6bb2b8b9a20c38c0ca04931011d3197ef90d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:02 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 102963
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:06 GMT
server: cloudflare
etag: "19233-612d9303788c8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a941903-FRA

GET
H2 200 tesla4-12.jpg
www.cyfirma.com/media/2024/03/ 63 KB
63 KB 1461ms
1446ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-12.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62cfa5430669b875bbb11045d6b1a8ff5113da2e72a7e73ba0cb01d6aa221808

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 64519
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:04 GMT
server: cloudflare
etag: "fc07-612d9301cd4d8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a951903-FRA

GET
H2 200 tesla4-13.jpg
www.cyfirma.com/media/2024/03/ 422 KB
422 KB 745ms
731ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-13.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

32d5667749aff94b3af090304e96b40c6b7179c3b9b369817b217fe7233489bc

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 432015
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:03 GMT
server: cloudflare
etag: "6978f-612d9300499b8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a971903-FRA

GET
H2 200 tesla4-14.jpg
www.cyfirma.com/media/2024/03/ 155 KB
156 KB 1620ms
1606ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-14.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6a46e3a2b2551b90ba6bce8bfffe8e0c37018ac4eed75770eb51cfb91211d55

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 159199
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:38:01 GMT
server: cloudflare
etag: "26ddf-612d92fe6c8e8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a991903-FRA

GET
H2 200 tesla4-15.jpg
www.cyfirma.com/media/2024/03/ 274 KB
274 KB 1679ms
1666ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-15.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5393fd59732a20bb6b40329de050068dd7df0bcfcd6165d0f42520138ee02eea

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 280403
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:59 GMT
server: cloudflare
etag: "44753-612d92fcac8f0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a9a1903-FRA

GET
H2 200 tesla4-16.jpg
www.cyfirma.com/media/2024/03/ 117 KB
117 KB 2651ms
2638ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-16.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

945471eb08458482d01c9bfb3ce13ee149f3af05dfe1da2f167d8c134b626c02

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:01 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 119413
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:57 GMT
server: cloudflare
etag: "1d275-612d92fad80d8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a9c1903-FRA

GET
H2 200 tesla4-17.jpg
www.cyfirma.com/media/2024/03/ 129 KB
129 KB 1584ms
1570ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-17.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e613dd5c80b55dc9667f965bb4c7f20b69215dbb9e57201dfd1cbb92e41f2fd

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 132304
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:55 GMT
server: cloudflare
etag: "204d0-612d92f92b190"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a9d1903-FRA

GET
H2 200 tesla4-18.jpg
www.cyfirma.com/media/2024/03/ 590 KB
591 KB 4571ms
4558ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-18.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d915659e8eb2b3c9052ceace39a8c518fc0981a80e77b05e4665d465ebfdc30d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:03 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 604272
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:53 GMT
server: cloudflare
etag: "93870-612d92f77fda0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a9f1903-FRA

GET
H2 200 tesla4-19.jpg
www.cyfirma.com/media/2024/03/ 104 KB
104 KB 1578ms
1565ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-19.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a7481fc60706bde0fd4d79432b8898850472957b171dcd729bedc6a6bb95013

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 106610
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:51 GMT
server: cloudflare
etag: "1a072-612d92f58d128"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aa01903-FRA

GET
H2 200 tesla4-20.jpg
www.cyfirma.com/media/2024/03/ 86 KB
87 KB 1568ms
1555ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-20.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a95607980589fcab32cb63082bc0ad17fa6069f31dbdb543f6a5f0932e7991a8

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 88345
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:50 GMT
server: cloudflare
etag: "15919-612d92f3f03b0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aa11903-FRA

GET
H2 200 tesla4-21.jpg
www.cyfirma.com/media/2024/03/ 245 KB
246 KB 1436ms
1424ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-21.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48e191992412dbe973031c776bd3dbae8032210dbb5be4186fcc48c617be4f26

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 251209
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:48 GMT
server: cloudflare
etag: "3d549-612d92f267a70"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aa41903-FRA

GET
H2 200 tesla4-22.jpg
www.cyfirma.com/media/2024/03/ 277 KB
277 KB 1590ms
1578ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-22.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfc19ced464d34ba05abbc34c1b2575d5cc2ed9f008fc40d9f845fe3da6c436b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 283647
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:46 GMT
server: cloudflare
etag: "453ff-612d92f0601f0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aa51903-FRA

GET
H2 200 tesla4-23.jpg
www.cyfirma.com/media/2024/03/ 118 KB
118 KB 3697ms
3685ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-23.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23090ff780e502f7bac9c3dbf50d91dd63a665351be33dd3197bf4d501fcbd8b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:02 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 121044
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:44 GMT
server: cloudflare
etag: "1d8d4-612d92ee677b8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aa71903-FRA

GET
H2 200 tesla4-24.jpg
www.cyfirma.com/media/2024/03/ 127 KB
128 KB 6388ms
6377ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-24.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a848bcd8c29957ca62bb6e5032734809193c40e124a708070070683aaa5f347

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:05 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 130506
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:42 GMT
server: cloudflare
etag: "1fdca-612d92ecb8548"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aa81903-FRA

GET
H2 200 tesla4-25.jpg
www.cyfirma.com/media/2024/03/ 29 KB
29 KB 5127ms
5116ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-25.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58fa60668c2562286383d16d9a3a7e9d6849e415e8f8fd73f095c15aacd69210

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:04 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 29787
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:39 GMT
server: cloudflare
etag: "745b-612d92ea338e0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aa91903-FRA

GET
H2 200 tesla4-26.jpg
www.cyfirma.com/media/2024/03/ 117 KB
117 KB 3689ms
3677ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-26.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8b783a757e8ed473f678af15b621bbaa46d743c6702270f7763b463a903c7b3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:02 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 119659
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:38 GMT
server: cloudflare
etag: "1d36b-612d92e8c49c8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aab1903-FRA

GET
H2 200 tesla4-27.jpg
www.cyfirma.com/media/2024/03/ 286 KB
287 KB 1668ms
1656ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-27.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7aeff177a11910f7de89896fdb1969beeaaf2d51df457c5af9dc5151133033bd

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 293257
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:36 GMT
server: cloudflare
etag: "47989-612d92e6ff7c8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aac1903-FRA

GET
H2 200 tesla4-28.jpg
www.cyfirma.com/media/2024/03/ 311 KB
312 KB 1568ms
1557ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-28.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b1c66c9e511bcac4fbdc1b93b5097065ed2c0217cd168978fd0712feb21ffec

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 318618
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:34 GMT
server: cloudflare
etag: "4dc9a-612d92e51ec60"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aad1903-FRA

GET
H2 200 tesla4-29.jpg
www.cyfirma.com/media/2024/03/ 48 KB
49 KB 1586ms
1575ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-29.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5883751ba841492bf98ae944f60db3a138cb581cc49008f0a4e9b590af6ae5e7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 49487
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:31 GMT
server: cloudflare
etag: "c14f-612d92e274280"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aae1903-FRA

GET
H2 200 tesla4-30.jpg
www.cyfirma.com/media/2024/03/ 68 KB
68 KB 1595ms
1584ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-30.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d546b18fff8b61e4e34781a90c550c4ed98c0864697e7b5133225d7071f00b3c

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 69388
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:30 GMT
server: cloudflare
etag: "10f0c-612d92e12d020"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aaf1903-FRA

GET
H2 200 tesla4-31.jpg
www.cyfirma.com/media/2024/03/ 211 KB
212 KB 1608ms
1598ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-31.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d549bfb423819d6837ccb25a390cc6bcd7ce8db08ba271890cf9cc582baa2d22

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 216492
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:29 GMT
server: cloudflare
etag: "34dac-612d92dfd2158"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89ab01903-FRA

GET
H2 200 tesla4-32.jpg
www.cyfirma.com/media/2024/03/ 207 KB
208 KB 1561ms
1551ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-32.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

300e43366d900a851503cb865170c108c91241fcda3c85011c55995bf6e05603

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 212162
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:27 GMT
server: cloudflare
etag: "33cc2-612d92de35bb0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89ab21903-FRA

GET
H2 200 tesla4-33.jpg
www.cyfirma.com/media/2024/03/ 33 KB
33 KB 1301ms
1291ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-33.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

365460a1f46f0554cf647b95b6b86977c10b7a55820145205208809e9ebe4a87

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 33892
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:25 GMT
server: cloudflare
etag: "8464-612d92dc61398"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89ab31903-FRA

GET
H2 200 tesla4-34.jpg
www.cyfirma.com/media/2024/03/ 69 KB
69 KB 531ms
522ms Image
image/jpeg 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/tesla4-34.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcab2726111aa294256812fcdb46178fe1ee42fe6830341bb5cb75d2c6834292

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 70146
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 17:37:23 GMT
server: cloudflare
etag: "11202-612d92dacc320"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89ab41903-FRA

GET
H2 200 linkedin-in.svg
www.cyfirma.com/media/2024/03/ 692 B
562 B 5909ms
5900ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/linkedin-in.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc3b59c278627cdb29d8975817ed927204ced9233e8776df01625d775637d226

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:05 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Wed, 27 Mar 2024 07:22:07 GMT
server: cloudflare
content-encoding: br
etag: W/"2b4-6149f439e8de0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89ab51903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 facebook-f.svg
www.cyfirma.com/media/2024/03/ 563 B
484 B 280ms
271ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/facebook-f.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a11f55caea154cdc5bb990fbc8cfcca5bacdde16cc1fb7bcd6d594576d65a812

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Wed, 27 Mar 2024 07:22:05 GMT
server: cloudflare
content-encoding: br
etag: W/"233-6149f4381b710"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89ab61903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 x-twitter.svg
www.cyfirma.com/media/2024/03/ 564 B
496 B 4886ms
4877ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/x-twitter.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3eede500590266592b52e0bb9b9ce990674d3c692e6291f19fa2ed2973789cd

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:04 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Wed, 27 Mar 2024 07:22:02 GMT
server: cloudflare
content-encoding: br
etag: W/"234-6149f435ee8e8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89ab71903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 Singapore.svg
www.cyfirma.com/media/2022/08/ 2 KB
722 B 1188ms
1179ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/Singapore.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c57362794ada29200eaf4fe57394ee81787ad537dc2bf73eae86954954b9beb3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Mon, 22 Aug 2022 06:44:58 GMT
server: cloudflare
content-encoding: br
etag: W/"637-5e6cec945ce80"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89ab81903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 IN.svg
www.cyfirma.com/media/2022/08/ 1 KB
692 B 2858ms
2849ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/IN.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2134b4b272bc464e6e24c4349d5ad4b2046234f8dc1291e8127e4c52d6c1723

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:01 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Mon, 22 Aug 2022 06:44:58 GMT
server: cloudflare
content-encoding: br
etag: W/"566-5e6cec945ce80"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89ab91903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 JP.svg
www.cyfirma.com/media/2022/08/ 459 B
380 B 1100ms
1091ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/JP.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4ca6310bab0846e407ba41ba9664c5a1e35ec39abaf980849ea7eb101416499

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Mon, 22 Aug 2022 06:44:58 GMT
server: cloudflare
content-encoding: br
etag: W/"1cb-5e6cec945ce80"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89aba1903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 US.svg
www.cyfirma.com/media/2022/08/ 2 KB
1021 B 2189ms
2181ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/US.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84cc57d3cc87630aa3180ee548f38d33ea73969ff46765d7446e07df029abfd3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:01 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Mon, 22 Aug 2022 06:44:59 GMT
server: cloudflare
content-encoding: br
etag: W/"8be-5e6cec95510c0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89abc1903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 DE.svg
www.cyfirma.com/media/2022/08/ 882 B
539 B 3191ms
3183ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/DE.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5d082a8a8042007ac2f3b4e5e0eee1f0b24d8d5c1fbf304275ef72d87a11d07

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:02 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Mon, 22 Aug 2022 06:44:59 GMT
server: cloudflare
content-encoding: br
etag: W/"372-5e6cec95510c0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89abd1903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 KR.svg
www.cyfirma.com/media/2024/03/ 3 KB
1 KB 1075ms
1068ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/KR.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

759975539752ee86c2b252c115886ddf8ec8b9eaefd05dfb858db0f8f4a042a5

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 16 Mar 2024 16:28:07 GMT
server: cloudflare
content-encoding: br
etag: W/"b80-613c99c0290c0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89abe1903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 AU.svg
www.cyfirma.com/media/2024/03/ 3 KB
1 KB 2185ms
2177ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/AU.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b905e0fbcc7a6ad1c69672ccd6782c66b23f9393b79de7b58f24eb631cc1dccf

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:01 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 16 Mar 2024 16:28:00 GMT
server: cloudflare
content-encoding: br
etag: W/"b3c-613c99b9c3d70"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89ac01903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 TW.svg
www.cyfirma.com/media/2024/03/ 1 KB
752 B 1018ms
1011ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/TW.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b37d315dcea0fbeea45df259f6e857e674da51c9618efc9928b6cd5205189da

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 16 Mar 2024 16:28:04 GMT
server: cloudflare
content-encoding: br
etag: W/"599-613c99bdda3a0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89ac11903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 VN.svg
www.cyfirma.com/media/2024/03/ 663 B
475 B 4895ms
4888ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/VN.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1dcab65b9993e052b1144e982a61f761add74cd404b717830a3449d7f2d4c522

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:04 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 16 Mar 2024 16:27:58 GMT
server: cloudflare
content-encoding: br
etag: W/"297-613c99b857568"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89ac31903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 AE.svg
www.cyfirma.com/media/2024/03/ 961 B
575 B 1146ms
1139ms Image
image/svg+xml 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/AE.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a98855ff9dd707b642bd4510039182325edbd4a1bf745eccde5a0a1d15b5b783

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 16 Mar 2024 16:28:02 GMT
server: cloudflare
content-encoding: br
etag: W/"3c1-613c99bbfbf48"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 8ab142a89ac51903-FRA
x-xss-protection: 1; mode=block

GET
H2 200 iso-27001.png
www.cyfirma.com/media/2023/12/ 51 KB
51 KB 3199ms
3192ms Image
image/png 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2023/12/iso-27001.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

86e08c2b8e9027640e44408d0840e35f8d3ea353352aeed3aa390f78ad96d23b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:02 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-length: 51921
x-xss-protection: 1; mode=block
last-modified: Thu, 28 Dec 2023 11:57:37 GMT
server: cloudflare
etag: "cad1-60d909f2bee20"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89ac61903-FRA

GET
H2 200 eugdpr.png
www.cyfirma.com/media/2024/02/ 78 KB
78 KB 1853ms
1846ms Image
image/png 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/02/eugdpr.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4e4572b48ee33a09c5296563555166ea2bedc103f79e046748d39ab86dc8591

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-length: 79413
x-xss-protection: 1; mode=block
last-modified: Thu, 01 Feb 2024 03:36:17 GMT
server: cloudflare
etag: "13635-61049b2b42398"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89ac71903-FRA

GET
H2 200 iso4001-w.png
www.cyfirma.com/media/2024/02/ 16 KB
16 KB 5911ms
5905ms Image
image/png 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/02/iso4001-w.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

108def0528b188d78212d66957bd99f7bef9309a3e697f78c8a0255fa10fec87

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:05 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-length: 16151
x-xss-protection: 1; mode=block
last-modified: Thu, 01 Feb 2024 04:16:15 GMT
server: cloudflare
etag: "3f17-6104a41a5a130"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89ac91903-FRA

GET
H2 200 AICPASOC.png
www.cyfirma.com/media/2024/05/ 78 KB
78 KB 3229ms
3223ms Image
image/png 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/05/AICPASOC.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a9166d49e739e0f1b735aa60f31faf2f7efd09b50101d9bac4a255ba17724ef

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:02 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-length: 79491
x-xss-protection: 1; mode=block
last-modified: Fri, 17 May 2024 03:30:20 GMT
server: cloudflare
etag: "13683-6189df8a11bc0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89aca1903-FRA

GET
H2 200 index.js Show response
www.cyfirma.com/apps/contact-form-7/includes/swv/js/ 11 KB
3 KB 965ms
948ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7/includes/swv/js/index.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 3212
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:44:13 GMT
server: cloudflare
etag: "2b6d-610b79c9f2940-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a88a791903-FRA

GET
H2 200 index.js Show response
www.cyfirma.com/apps/contact-form-7/includes/js/ 13 KB
5 KB 2195ms
2178ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7/includes/js/index.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 4191
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:44:13 GMT
server: cloudflare
etag: "337e-610b79c9f2940-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a88a7b1903-FRA

GET
H2 200 wpcf7r-fe.js Show response
www.cyfirma.com/apps/wpcf7-redirect/build/js/ 8 KB
2 KB 1033ms
1016ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/wpcf7-redirect/build/js/wpcf7r-fe.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecac4fc801141ce552220be4bb12969e2ee625e2cf08cf0edbac579a279b28f1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 1617
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:14:53 GMT
server: cloudflare
etag: "1f8a-610b733b7b140-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a88a7c1903-FRA

GET
H2 200 cf7msm.min.js Show response
www.cyfirma.com/apps/contact-form-7-multi-step-module/resources/ 5 KB
2 KB 4875ms
4859ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7-multi-step-module/resources/cf7msm.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cba79732c9d0e64aa7a033590990e73fe8bbf3da12e72a0376cd68aeda1acbfb

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 2020
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:12:42 GMT
server: cloudflare
etag: "1457-610b72be8ca80-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a7e1903-FRA

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
988 B 129ms
17ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f8a3c405e08c33a28d1a01eb589bb53b02c3b727958d349d6b14776a4f786651

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 30 Jul 2024 00:33:59 GMT

GET
H2 200 particles.js Show response
www.cyfirma.com/template/assets/js/ 22 KB
6 KB 4909ms
4893ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/particles.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b336cf8710d8097c7de836d5534ff7c803b00c260c9500a4cb4b95f1905230c1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 5721
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "591e-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a7f1903-FRA

GET
H2 200 jquery.matchHeight-min.js Show response
www.cyfirma.com/template/assets/js/ 3 KB
1 KB 1087ms
1071ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/jquery.matchHeight-min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63ab9a2fb6fb65ca5debaa8686408bab41a073db2d5abcf0db248279d944ac51

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 1372
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "d29-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a801903-FRA

GET
H2 200 bootstrap.min.js Show response
www.cyfirma.com/template/assets/js/ 58 KB
15 KB 1393ms
1377ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/bootstrap.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

974e81270e14d0829929fe7cf9e20bd0ad6c651a6c4203b6799740b970174a52

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 15406
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "e6b4-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a811903-FRA

GET
H2 200 jquery.custom-scroll.min.js Show response
www.cyfirma.com/template/assets/js/ 44 KB
13 KB 1231ms
1215ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/jquery.custom-scroll.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd8027b53a97cbd5782e85c5908e563c39776703ff9279f50658e630927b4167

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 12940
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "b1a7-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a821903-FRA

GET
H2 200 jquery.fancybox.js Show response
www.cyfirma.com/template/assets/js/ 60 KB
20 KB 4114ms
4098ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/jquery.fancybox.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

539f5ac9dfd20b0944a5dcbf121289df379e4197e9263006b96b931c7bc18c5b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 19666
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "f154-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a831903-FRA

GET
H2 200 slick.js Show response
www.cyfirma.com/template/assets/js/ 42 KB
11 KB 1194ms
1178ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/slick.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e55b451621a060d376f1b31af3b370ea3d65ab7532ca82e875e52882deefbae

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 10485
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "a88a-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a861903-FRA

GET
H2 200 custom.js Show response
www.cyfirma.com/template/assets/js/ 5 KB
1 KB 985ms
968ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/custom.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

290dc8deb77632ee52a3e08c01def62f5fb715b5c85fbc4afaa99a3c8b4d1a4e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 1318
x-xss-protection: 1; mode=block
last-modified: Wed, 14 Sep 2022 12:15:07 GMT
server: cloudflare
etag: "144a-5e8a21454c8c0-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a89a881903-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 256 KB
84 KB 153ms
30ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5GT46FN

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a75825b7bdd1c7d7c84cc3190c12547ffddc65aadfae8d03576cfc06013a3c9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85924
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 00:16:41 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 00:33:59 GMT

GET
BLOB 200
OK 8b4a6971-d3f6-4b37-ba0e-f11e397e7d04
https://www.cyfirma.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.cyfirma.com/8b4a6971-d3f6-4b37-ba0e-f11e397e7d04
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
900 B 54ms
16ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/custom-style.css?v=11.73

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0817e1810c8de83ebc932bde0bd8094fb48bf0ecc906b8bef8caa5b9ad5b1fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 00:12:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Jul 2024 00:33:59 GMT

GET
H2 404 footerbg.png
www.cyfirma.com/template/assets/media/2022/09/ 3 KB
3 KB 6101ms
6101ms Image
text/html 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/template/assets/media/2022/09/footerbg.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/custom-style.css?v=11.73

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

761412267d704dd401d3a8de15ae129076ab989136a930ee9e2adec861999442

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/template/assets/css/custom-style.css?v=11.73
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:05 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: EXPIRED
content-encoding: br
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.cyfirma.com/
cache-control: max-age=28800, must-revalidate
cf-ray: 8ab142a89acb1903-FRA
link: <https://www.cyfirma.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 87ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyfirma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 23 Jul 2024 15:14:37 GMT
x-content-type-options: nosniff
age: 551962
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Jul 2025 15:14:37 GMT

GET
H2 200 fa-light-300.woff2
www.cyfirma.com/template/assets/fonts/ 153 KB
154 KB 4822ms
4820ms Font
font/woff2 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/fonts/fa-light-300.woff2

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99bbc5cbd07c3d36c28f1a02bc0f1e7e7f3f4423ec93f07a13ffc884b8aa1a34

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/template/assets/css/all.css
Origin: https://www.cyfirma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:03 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-length: 156980
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "26534-5e56a3f9b7500"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a8dada1903-FRA

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 88ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyfirma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 23 Jul 2024 07:58:24 GMT
x-content-type-options: nosniff
age: 578135
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7840
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:02:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Jul 2025 07:58:24 GMT

GET
H2 200 fa-solid-900.woff2
www.cyfirma.com/template/assets/fonts/ 115 KB
115 KB 2810ms
2809ms Font
font/woff2 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/fonts/fa-solid-900.woff2

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47c58e41e2f38d9813c39b6641c96e12408522bf774779cb58973f67303875a7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/template/assets/css/all.css
Origin: https://www.cyfirma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:01 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-length: 117616
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "1cb70-5e56a3f9b7500"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a8dadc1903-FRA

GET
H2 200 fa-brands-400.woff2
www.cyfirma.com/template/assets/fonts/ 70 KB
71 KB 4834ms
4833ms Font
font/woff2 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/fonts/fa-brands-400.woff2

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3eb2d0caf3502359966882d146b1a75e34bf933cbdace1c286395ea3fd1f567

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/template/assets/css/all.css
Origin: https://www.cyfirma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:03 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-length: 72124
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "119bc-5e56a3f9b7500"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142a8dadd1903-FRA

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 89ms
10ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyfirma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 23 Jul 2024 11:56:33 GMT
x-content-type-options: nosniff
age: 563846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:01:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Jul 2025 11:56:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 281 KB
96 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XN67BK9M7N&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-80179732-4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cd2f12d7d0fdc4c909beb5edd6cb22a0608305825d699f76e518dd98b78c5724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 97896
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 30 Jul 2024 00:33:59 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-80179732-4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 29 Jul 2024 22:53:22 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6037
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 30 Jul 2024 00:53:22 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 306 KB
101 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KBLXRB4PTX&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GT46FN

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

738a5ef458109dbf29991f4b0e04ea4edda4d6dd6d8daf02455474554a02012d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 103874
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 30 Jul 2024 00:33:59 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 60ms
11ms Script
application/javascript 2a02:26f0:480:15::213:7e4a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GT46FN

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:15::213:7e4a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2024 05:33:09 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=68577
accept-ranges: bytes
content-length: 14597

GET
H2 200 jg2ucp2q3y Show response
www.clarity.ms/tag/ 638 B
1002 B 185ms
130ms Script
application/x-javascript 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/jg2ucp2q3y
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 51a9710ceb7cdb40799e74164b611ae54b46da3e22c8f7f08b4ff20bab856f82

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

request-context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81
date: Tue, 30 Jul 2024 00:33:59 GMT
x-azure-ref: 20240730T003359Z-16b8f8f97cfd2fpmbkp914sty400000005z0000000006rn8
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 638
expires: -1

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
206 B 15ms
14ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1988108421&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla%2F&ul=de-de&de=UTF-8&dt=Exploiting%20Document%20Templates%3A%20Stego-Campaign%20Deploying%20Remcos%20RAT%20and%20Agent%20Tesla%20-%20CYFIRMA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=337314581&gjid=131914442&cid=1440403969.1722299639&tid=UA-80179732-4&_gid=1615929119.1722299639&_r=1&gtm=457e47t0za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=95250752&jsscut=1&npa=1&z=1224372890

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Jul 2024 00:33:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyfirma.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
83 B 15ms
15ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1988108421&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla%2F&ul=de-de&de=UTF-8&dt=Exploiting%20Document%20Templates%3A%20Stego-Campaign%20Deploying%20Remcos%20RAT%20and%20Agent%20Tesla%20-%20CYFIRMA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=879558831&gjid=1247293404&cid=1440403969.1722299639&tid=UA-80179732-4&_gid=1615929119.1722299639&_r=1&_slc=1&gtm=45He47t0n815GT46FNv852032066za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=95250753&npa=1&z=1923809334

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

bb2ccb10404cc6a241da8ff58b2ccb32e483c021f9123c09d4e5f565af4fc718

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Jul 2024 00:33:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyfirma.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 39ms
16ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-XN67BK9M7N&gtm=45je47t0v9135687612za200&_p=1722299637927&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250752&cid=1440403969.1722299639&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1722299639&sct=1&seg=0&dl=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla%2F&dt=Exploiting%20Document%20Templates%3A%20Stego-Campaign%20Deploying%20Remcos%20RAT%20and%20Agent%20Tesla%20-%20CYFIRMA&en=page_view&_fv=1&_ss=1&tfd=8341
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XN67BK9M7N&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jul 2024 00:33:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyfirma.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 285 KB
97 KB 25ms
25ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XN67BK9M7N&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6f8b7603f2d9ffe874630f6c465d0c4d0a8583bc102bfcbea7534a3516af3070

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99544
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 30 Jul 2024 00:33:59 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 21ms
14ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-KBLXRB4PTX&gtm=45je47t0v897044746z8852032066za200zb852032066&_p=1722299637927&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250752&cid=1440403969.1722299639&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1722299639&sct=1&seg=0&dl=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla%2F&dt=Exploiting%20Document%20Templates%3A%20Stego-Campaign%20Deploying%20Remcos%20RAT%20and%20Agent%20Tesla%20-%20CYFIRMA&en=page_view&_fv=1&_ss=1&tfd=8385
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KBLXRB4PTX&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jul 2024 00:33:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyfirma.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 64ms
20ms Ping
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-KBLXRB4PTX&cid=1440403969.1722299639&gtm=45je47t0v897044746z8852032066za200zb852032066&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&tag_exp=95250752
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KBLXRB4PTX&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jul 2024 00:33:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyfirma.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 35ms
19ms Image
image/gif 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KBLXRB4PTX&cid=1440403969.1722299639&gtm=45je47t0v897044746z8852032066za200zb852032066&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&tag_exp=95250752&tag_exp=95250752&z=643060566

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jul 2024 00:33:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
817 B 346ms
306ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=4091476&time=1722299639469&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 8C4EACD30B1A4BCA8F8B3B416F2BDB97 Ref B: FRAEDGE1111 Ref C: 2024-07-30T00:33:59Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lva1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYebCI5OejryGRZ4Gh5GA==
x-fs-uuid: 00061e6c223939e8ebc86459e0687918

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1722299639469&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-ag...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1722299639469&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-a...

0
481 B

149ms
105ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1722299639469&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla%2F&e_ipv6=AQKsjBE2uDz-fQAAAZEBDucPZHYTOUYLVDp1SOX191xLeWQAYAOqRKk_eCLb91q9cPwKYNdz5AM8gubgSXdBCEbdw3RMgw
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: DBA51DFBF7434C7EA7575B01295CA31C Ref B: FRAEDGE1521 Ref C: 2024-07-30T00:33:59Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-lva1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYebCI4wYND/qLHFnuWrg==

Redirect headers

date: Tue, 30 Jul 2024 00:33:59 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 794EBB0BFFAE440C859367A41E02D0CE Ref B: FRAEDGE1819 Ref C: 2024-07-30T00:33:59Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1722299639469&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla%2F&e_ipv6=AQKsjBE2uDz-fQAAAZEBDucPZHYTOUYLVDp1SOX191xLeWQAYAOqRKk_eCLb91q9cPwKYNdz5AM8gubgSXdBCEbdw3RMgw
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYebCI2eWIO6uzRPLyGTg==

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.41/ 62 KB
26 KB 25ms
25ms Script
application/javascript 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.41/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/jg2ucp2q3y
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 63bb2e926bb71d9af20024a237718b3cbd8bcb03af6fe3510132024571005f69

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
content-encoding: br
last-modified: Fri, 26 Jul 2024 23:49:00 GMT
etag: W/"0x8DCADCD85F8E42A"
vary: Accept-Encoding
x-azure-ref: 20240730T003359Z-16b8f8f97cfd2fpmbkp914sty400000005z0000000006rnf
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: f43bf423-101e-0028-05d3-df4f73000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

POST
H/1.1 204
No Content collect Show response
h.clarity.ms/ 0
279 B 505ms
239ms XHR
text/plain 51.8.64.151
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://h.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.41/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.8.64.151 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.cyfirma.com
Date: Tue, 30 Jul 2024 00:34:00 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
197 B 109ms
107ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 30 Jul 2024 00:33:59 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: C61E0CE0D9544F2D9FE1DE6C56B0271E Ref B: FRAEDGE1819 Ref C: 2024-07-30T00:33:59Z
linkedin-action: 1
vary: Origin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.cyfirma.com
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYebCI6cgFY2md8WugIsA==

POST
H/1.1 204
No Content collect Show response
h.clarity.ms/ 0
279 B 93ms
92ms XHR
text/plain 51.8.64.151
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://h.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.41/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.8.64.151 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.cyfirma.com
Date: Tue, 30 Jul 2024 00:34:01 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8

POST
H/1.1 204
No Content collect Show response
h.clarity.ms/ 0
279 B 100ms
93ms XHR
text/plain 51.8.64.151
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://h.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.41/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.8.64.151 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.cyfirma.com
Date: Tue, 30 Jul 2024 00:34:03 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/Xv-KF0LlBu_a0FJ9I5YSlX5m/ 533 KB
213 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Xv-KF0LlBu_a0FJ9I5YSlX5m/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19df4102c07ecfc86052b3ba527e800df1b34fff4b23a7cde8268f6de0729e03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyfirma.com/
Origin: https://www.cyfirma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 10:06:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52067
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 216982
x-xss-protection: 0
last-modified: Mon, 22 Jul 2024 21:52:36 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Jul 2025 10:06:17 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.cyfirma.com/my_includes/js/ 18 KB
5 KB 1003ms
1003ms Script
application/javascript 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/my_includes/js/wp-emoji-release.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: EXPIRED
content-length: 5039
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:32:18 GMT
server: cloudflare
etag: "4904-610b772012080-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142c77c9e1903-FRA

POST
H2 200 apbct_get_pixel_url Show response
www.cyfirma.com/wp-json/cleantalk-antispam/v1/ 80 B
497 B 1226ms
1226ms XHR
application/json 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/wp-json/cleantalk-antispam/v1/apbct_get_pixel_url

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/apps/cleantalk-spam-protect/js/apbct-public-bundle.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee7291c0ca39e00d534414af620894996f7876bf386c4efa87677ed66cc3fb3d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

X-WP-Nonce: aa18cecee4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/

Response headers

date: Tue, 30 Jul 2024 00:34:05 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
allow: POST
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.cyfirma.com
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
vary: Origin
x-robots-tag: noindex
link: <https://www.cyfirma.com/wp-json/>; rel="https://api.w.org/"
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
cf-ray: 8ab142c77ca01903-FRA
x-wp-nonce: aa18cecee4
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK 5bd3c7c741701dc619d7337c355fc44c.gif
moderate4.cleantalk.org/pixel/ 43 B
265 B 61ms
12ms Image
image/gif 2a01:4f8:1c17:6617::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://moderate4.cleantalk.org/pixel/5bd3c7c741701dc619d7337c355fc44c.gif
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a01:4f8:1c17:6617::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Tue, 30 Jul 2024 00:34:05 GMT
X-Server-IP: 2a01:4f8:1c17:6617::1
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=90F4C9212EE54FE99498FA1A194C74E7&RedC=c.clarity.ms&MXFR=057C02C972B467262CE5160576B46995
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=90F4C9212EE54FE99498FA1A194C74E7&MUID=01D33E42198664EB323E2A8E185465FD

42 B
442 B

31ms
31ms

Image
image/gif

13.74.129.1
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=90F4C9212EE54FE99498FA1A194C74E7&MUID=01D33E42198664EB323E2A8E185465FD
Protocol: H2
Server: 13.74.129.1 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jul 2024 00:34:05 GMT
last-modified: Tue, 25 Jun 2024 19:30:12 GMT
server: Microsoft-IIS/10.0
etag: "7473f1936c7da1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 30 Jul 2024 00:34:05 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D0247B0819834E1AA5422DECDD10CED5 Ref B: FRAEDGE1206 Ref C: 2024-07-30T00:34:05Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=90F4C9212EE54FE99498FA1A194C74E7&MUID=01D33E42198664EB323E2A8E185465FD
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 fevicon-black.png
www.cyfirma.com/media/2020/03/ 5 KB
5 KB 991ms
990ms Other
image/png 2606:4700:10::ac43:18d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/media/2020/03/fevicon-black.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:18d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47cd1bd50cbb69fd9eb4be85e06efc3fb46d41d0f5ddfe4ff97f96efa99e101a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 00:34:06 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-length: 5188
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:21:06 GMT
server: cloudflare
etag: "1444-5e56a38cff480"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 8ab142d23a7c1903-FRA

POST
H/1.1 204
No Content collect Show response
h.clarity.ms/ 0
279 B 188ms
183ms XHR
text/plain 51.8.64.151
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://h.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.41/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.8.64.151 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.cyfirma.com
Date: Tue, 30 Jul 2024 00:34:07 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8

Verdicts & Comments Add Verdict or Comment

196 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.cyfirma.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: kl9db0d2bdqsmp689dcht561uu
.cyfirma.com/	1970-01-21 07:10:35	Name: _fw_crm_v Value: a1426f9b-369c-445a-e930-4bb3056e25e7
www.cyfirma.com/	1970-01-20 23:11:04	Name: first_session Value: %7B%22visits%22%3A1%2C%22start%22%3A1722299637924%2C%22last_visit%22%3A1722299637924%2C%22url%22%3A%22https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla%2F%22%2C%22path%22%3A%22%2Fresearch%2Fexploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla%2F%22%2C%22referrer%22%3A%22%22%2C%22referrer_info%22%3A%7B%22host%22%3A%22%22%2C%22path%22%3A%22blank%22%2C%22protocol%22%3A%22about%3A%22%2C%22port%22%3A80%2C%22search%22%3A%22%22%2C%22query%22%3A%7B%7D%7D%2C%22search%22%3A%7B%22engine%22%3Anull%2C%22query%22%3Anull%7D%2C%22version%22%3A0.4%7D
.cyfirma.com/	1970-01-20 22:26:26	Name: _gid Value: GA1.2.1615929119.1722299639
.cyfirma.com/	1970-01-20 22:24:59	Name: _gat_gtag_UA_80179732_4 Value: 1
.www.cyfirma.com/	1970-01-21 08:00:59	Name: _ga Value: GA1.3.1440403969.1722299639
.www.cyfirma.com/	1970-01-20 22:26:26	Name: _gid Value: GA1.3.1615929119.1722299639
.www.cyfirma.com/	1970-01-20 22:24:59	Name: _gat_UA-80179732-4 Value: 1
.cyfirma.com/	1970-01-21 08:00:59	Name: _ga_XN67BK9M7N Value: GS1.1.1722299639.1.0.1722299639.0.0.0
.cyfirma.com/	1970-01-21 08:00:59	Name: _ga Value: GA1.1.1440403969.1722299639
.cyfirma.com/	1970-01-21 08:00:59	Name: _ga_KBLXRB4PTX Value: GS1.1.1722299639.1.0.1722299639.60.0.0
www.clarity.ms/	1970-01-21 07:10:35	Name: CLID Value: 6a0a454b506648b18e77597d6406d390.20240730.20250730
.linkedin.com/	1970-01-21 07:10:35	Name: bcookie Value: "v=2&dc8e6312-764b-4782-86d2-a2165bc4fa82"
.linkedin.com/	1970-01-21 02:44:11	Name: li_gc Value: MTswOzE3MjIyOTk2Mzk7MjswMjHfepAtYRcNntKoOtIxslZeUrhhUQKmqMvrpDug8rBD7A==
.linkedin.com/	1970-01-20 22:26:26	Name: lidc Value: "b=VGST01:s=V:r=V:a=V:p=V:g=3314:u=1:x=1:i=1722299639:t=1722386039:v=2:sig=AQEdb87JwLnaNS0Ft2LuEPQCQURNvIy8"
.bing.com/	1970-01-21 07:46:35	Name: MUID Value: 01D33E42198664EB323E2A8E185465FD
.c.bing.com/	1970-01-20 22:35:04	Name: MR Value: 0
.c.bing.com/	1970-01-21 07:46:35	Name: SRM_B Value: 01D33E42198664EB323E2A8E185465FD
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 07:46:35	Name: MUID Value: 01D33E42198664EB323E2A8E185465FD
.c.clarity.ms/	1970-01-20 22:35:04	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 22:25:00	Name: ANONCHK Value: 0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.cyfirma.com/template/assets/media/2022/09/footerbg.png Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.bing.com
c.clarity.ms
cdn.jsdelivr.net
cdnjs.cloudflare.com
challenges.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
h.clarity.ms
in.fw-cdn.com
moderate4.cleantalk.org
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
snap.licdn.com
stats.g.doubleclick.net
www.clarity.ms
www.cyfirma.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
13.107.42.14
13.74.129.1
2001:4860:4802:34::36
2606:4700:10::ac43:18d6
2606:4700::6811:190e
2606:4700::6812:5e29
2620:1ec:21::14
2620:1ec:bdf::60
2620:1ec:c11::237
2a00:1450:4001:806::200e
2a00:1450:4001:80b::2003
2a00:1450:4001:80b::200a
2a00:1450:4001:810::2003
2a00:1450:4001:81c::2003
2a00:1450:4001:81d::2008
2a00:1450:4001:829::2004
2a00:1450:400c:c0c::9a
2a01:4f8:1c17:6617::1
2a02:26f0:480:15::213:7e4a
2a04:4e42::485
51.8.64.151
65.9.95.62
0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180
011f4f213aac2e9e1d6117d74cd568bdad3e1a2a52e499bdf0b5e3c4114561a3
01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349
07ce60e24df059952c6c4f6a82cdb94603280a563a2c2e467f71dc712d0892a7
0817e1810c8de83ebc932bde0bd8094fb48bf0ecc906b8bef8caa5b9ad5b1fd4
0a9166d49e739e0f1b735aa60f31faf2f7efd09b50101d9bac4a255ba17724ef
0d6cbfad423f414457e84247076eaeea86b8272c22ac17ffac2bc9456cf6bdd7
108def0528b188d78212d66957bd99f7bef9309a3e697f78c8a0255fa10fec87
12e6fb6f5d9754381711e561bf2d02ba8f143fbad13970f9bea0d95a1c21b9e2
19df4102c07ecfc86052b3ba527e800df1b34fff4b23a7cde8268f6de0729e03
1aa4c3d21c2a86169948b5acc1bf4a8589bd4898c5bca6f46a20ae8727b30179
1aeb9107928bb523947c28e17358efb50a07b942e15ed0a72259a5794ea2ca96
1dcab65b9993e052b1144e982a61f761add74cd404b717830a3449d7f2d4c522
211a4933b82b2b053eb29b74740a019346277aec04320ce0bbb019474c1ea674
23090ff780e502f7bac9c3dbf50d91dd63a665351be33dd3197bf4d501fcbd8b
25b1f543c4682618e2fff0c607d70a896ecfc080ce500c41ce00b7ffad0ec411
290dc8deb77632ee52a3e08c01def62f5fb715b5c85fbc4afaa99a3c8b4d1a4e
300e43366d900a851503cb865170c108c91241fcda3c85011c55995bf6e05603
32d5667749aff94b3af090304e96b40c6b7179c3b9b369817b217fe7233489bc
330321d8aa1a7fc5524f93a2ccface65b49bd25fcb8e8bfb249cc08019512358
365460a1f46f0554cf647b95b6b86977c10b7a55820145205208809e9ebe4a87
3b37d315dcea0fbeea45df259f6e857e674da51c9618efc9928b6cd5205189da
3f0bf6c7c4247fa5a2100058e45c6fe238c225fd1b73233a7dc30281c521926c
40790d44e3deecffafb17b8cdd23a754eabb0faee9c6dfeb3a3b7b17c2fbaa6a
425a515894a7215256e54706cc640acbb4fb34fd17eb29b374846d8b106e6f8e
43da9799bbe67a64a3bfd02b898454b7c89ce3298bb3cab76d7866da95e1e879
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
47c58e41e2f38d9813c39b6641c96e12408522bf774779cb58973f67303875a7
47cd1bd50cbb69fd9eb4be85e06efc3fb46d41d0f5ddfe4ff97f96efa99e101a
48e191992412dbe973031c776bd3dbae8032210dbb5be4186fcc48c617be4f26
4948aa9fd1875b6f894bf7ac085914baf38bc27d8b0699864a849c7b7f233ca7
4e55b451621a060d376f1b31af3b370ea3d65ab7532ca82e875e52882deefbae
4f2c1f098f7a28dbab913d292da562c06b45d6495ec9a60e6cbc6b99564ef5e4
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
503f9aa8675e396e6feec3369148a12f5c863c5068d573e72a3f2f4d217ac0d3
51a9710ceb7cdb40799e74164b611ae54b46da3e22c8f7f08b4ff20bab856f82
5393fd59732a20bb6b40329de050068dd7df0bcfcd6165d0f42520138ee02eea
539f5ac9dfd20b0944a5dcbf121289df379e4197e9263006b96b931c7bc18c5b
5883751ba841492bf98ae944f60db3a138cb581cc49008f0a4e9b590af6ae5e7
58fa60668c2562286383d16d9a3a7e9d6849e415e8f8fd73f095c15aacd69210
5a7481fc60706bde0fd4d79432b8898850472957b171dcd729bedc6a6bb95013
5ab5ac8b0dde07ae9c068abd9363ae8fe9a36fd83b91eb4b2fe242e520a6593b
5b4d3cc016f2015d6a1aee9679b30a4f3919d56b1feb8e1974b2e46da8c5f5a1
61a87614d13c027331e36d1a1e6814c161a0919b4a76b563949f79b92ff6d17a
62cfa5430669b875bbb11045d6b1a8ff5113da2e72a7e73ba0cb01d6aa221808
63ab9a2fb6fb65ca5debaa8686408bab41a073db2d5abcf0db248279d944ac51
63bb2e926bb71d9af20024a237718b3cbd8bcb03af6fe3510132024571005f69
66869accdf5a15de0689a27981924e35f802ab79647713d0065a7aa652318d25
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e613dd5c80b55dc9667f965bb4c7f20b69215dbb9e57201dfd1cbb92e41f2fd
6f8b7603f2d9ffe874630f6c465d0c4d0a8583bc102bfcbea7534a3516af3070
734eb66ec42044d294644d6e06b73eb7723ec74db2f6dd89c5bc98f0775695cf
738a5ef458109dbf29991f4b0e04ea4edda4d6dd6d8daf02455474554a02012d
738d4cf265345f71cce17d9a69eb8f20df5de1fa2a6e5be1c6ca76824cf8745a
759975539752ee86c2b252c115886ddf8ec8b9eaefd05dfb858db0f8f4a042a5
761412267d704dd401d3a8de15ae129076ab989136a930ee9e2adec861999442
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a848bcd8c29957ca62bb6e5032734809193c40e124a708070070683aaa5f347
7aeff177a11910f7de89896fdb1969beeaaf2d51df457c5af9dc5151133033bd
7cf8b2588497dcd12fa96a75731c6ec327491f8d55f18da0af72b70afa6713af
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1
84cc57d3cc87630aa3180ee548f38d33ea73969ff46765d7446e07df029abfd3
86e08c2b8e9027640e44408d0840e35f8d3ea353352aeed3aa390f78ad96d23b
88aa21ee8ac94f3d8e85fcbf785e3e08111726daf5a8e73e67c2dc780ca06666
8b1c66c9e511bcac4fbdc1b93b5097065ed2c0217cd168978fd0712feb21ffec
8c1f806310322c848c4c996ca568a03b3b16cf9487cbccf09aef3cf17e2c643d
945471eb08458482d01c9bfb3ce13ee149f3af05dfe1da2f167d8c134b626c02
96575fc32b3231fa7aeac61378dfc07747746689208ef45e5ad58972c1d6f8b8
974e81270e14d0829929fe7cf9e20bd0ad6c651a6c4203b6799740b970174a52
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
99bbc5cbd07c3d36c28f1a02bc0f1e7e7f3f4423ec93f07a13ffc884b8aa1a34
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9c0647c53dde19cd56b2dfd0626db41f3db20c92984e1e6a4d469c19e4823adf
9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d
a11f55caea154cdc5bb990fbc8cfcca5bacdde16cc1fb7bcd6d594576d65a812
a3eb2d0caf3502359966882d146b1a75e34bf933cbdace1c286395ea3fd1f567
a5d082a8a8042007ac2f3b4e5e0eee1f0b24d8d5c1fbf304275ef72d87a11d07
a6a46e3a2b2551b90ba6bce8bfffe8e0c37018ac4eed75770eb51cfb91211d55
a75825b7bdd1c7d7c84cc3190c12547ffddc65aadfae8d03576cfc06013a3c9f
a95607980589fcab32cb63082bc0ad17fa6069f31dbdb543f6a5f0932e7991a8
a98855ff9dd707b642bd4510039182325edbd4a1bf745eccde5a0a1d15b5b783
b2134b4b272bc464e6e24c4349d5ad4b2046234f8dc1291e8127e4c52d6c1723
b23a5e62bb16bd36bfa1555d3f741821201496ac4b6d2cc974549568adadec88
b336cf8710d8097c7de836d5534ff7c803b00c260c9500a4cb4b95f1905230c1
b3eede500590266592b52e0bb9b9ce990674d3c692e6291f19fa2ed2973789cd
b70afed08e44bc1907904f7e27c6bdd98b8808d18295b603fa173aecbf3a6964
b82368a28809e066c7a394775e69bc6ce1ca857317222b8b0ea4ffe53ae5b5f3
b8b783a757e8ed473f678af15b621bbaa46d743c6702270f7763b463a903c7b3
b905e0fbcc7a6ad1c69672ccd6782c66b23f9393b79de7b58f24eb631cc1dccf
bb2ccb10404cc6a241da8ff58b2ccb32e483c021f9123c09d4e5f565af4fc718
bc3b59c278627cdb29d8975817ed927204ced9233e8776df01625d775637d226
bcab2726111aa294256812fcdb46178fe1ee42fe6830341bb5cb75d2c6834292
bd120ee4034fc0f6b97ae314280bcc385d8911123a56d14481ae04f73dcf7ce8
bfc19ced464d34ba05abbc34c1b2575d5cc2ed9f008fc40d9f845fe3da6c436b
c40ab757e586668e665046ee7b65fadb360379607677de549111d1eb412096fd
c57362794ada29200eaf4fe57394ee81787ad537dc2bf73eae86954954b9beb3
cba79732c9d0e64aa7a033590990e73fe8bbf3da12e72a0376cd68aeda1acbfb
ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b
cd2f12d7d0fdc4c909beb5edd6cb22a0608305825d699f76e518dd98b78c5724
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d4ca6310bab0846e407ba41ba9664c5a1e35ec39abaf980849ea7eb101416499
d546b18fff8b61e4e34781a90c550c4ed98c0864697e7b5133225d7071f00b3c
d549bfb423819d6837ccb25a390cc6bcd7ce8db08ba271890cf9cc582baa2d22
d915659e8eb2b3c9052ceace39a8c518fc0981a80e77b05e4665d465ebfdc30d
dbd49a5b319631b451c6b5e4a8e5f31fec01719ee09c2f6b191d11f32cc4173e
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e4572b48ee33a09c5296563555166ea2bedc103f79e046748d39ab86dc8591
e8e5aea71b92d5bc2e05586277048d2b3b558e75aa7df216a28e4b77bceecc8d
eb159f0e64f868842c4076aa1bad566f788936364cd8766e60e63c61f7b5d88e
ec694ad852a4688eef1b5a3d78bb6bb2b8b9a20c38c0ca04931011d3197ef90d
ecac4fc801141ce552220be4bb12969e2ee625e2cf08cf0edbac579a279b28f1
edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49
ee7291c0ca39e00d534414af620894996f7876bf386c4efa87677ed66cc3fb3d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f317ff168377c5b94d740f17e27e8859d4f89abd2ff2416c0041684adcfa1004
f7bb442b06bfb13ecfee3c3ec2b6b19440a33e080ca9378f8d6f161281bd01ed
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8a3c405e08c33a28d1a01eb589bb53b02c3b727958d349d6b14776a4f786651
fd8027b53a97cbd5782e85c5908e563c39776703ff9279f50658e630927b4167

www.cyfirma.com Open in urlscan Pro 2606:4700:10::ac43:18d6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

133 Requests

97 %HTTPS

82 %IPv6

16 Domains

23 Subdomains

22 IPs

4 Countries

7494 kBTransfer

10239 kBSize

22 Cookies

6 Outgoing links

Page URL History

Redirected requests

133 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cyfirma.com Open in urlscan Pro
2606:4700:10::ac43:18d6 Public Scan

Screenshot
Live screenshot

Full Image

133
Requests

97 %
HTTPS

82 %
IPv6

16
Domains

23
Subdomains

22
IPs

4
Countries

7494 kB
Transfer

10239 kB
Size

22
Cookies

133 HTTP transactions
0 data transactions