urlscan.io logo urlscan.io
SecurityTrails logo

www.avanan.com Open in urlscan Pro
2606:2c40::c73c:67fe  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Submission: On October 09 via manual from IL — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 55 IPs in 5 countries across 45 domains to perform 174 HTTP transactions. The main IP is 2606:2c40::c73c:67fe, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.avanan.com.
TLS certificate: Issued by GTS CA 1P5 on September 20th 2023. Valid for: 3 months.
This is the only time www.avanan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
55 2606:2c40::c7... 209242 (CLOUDFLAR...)
3 2606:4700:e0:... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:2800:233... 15133 (EDGECAST)
1 2606:4700::68... 13335 (CLOUDFLAR...)
8 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
6 13.32.27.95 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 108.138.17.2 16509 (AMAZON-02)
7 2a00:1450:400... 15169 (GOOGLE)
2 141.193.213.21 209242 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
6 146.75.116.157 54113 (FASTLY)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 18.66.97.49 16509 (AMAZON-02)
4 2a03:2880:f08... 32934 (FACEBOOK)
1 143.204.205.137 16509 (AMAZON-02)
2 45.60.13.212 19551 (INCAPSULA)
1 34.107.254.219 396982 (GOOGLE-CL...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 18.66.112.30 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 104.244.42.5 13414 (TWITTER)
1 104.244.42.131 13414 (TWITTER)
1 104.26.11.16 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 52.222.236.63 16509 (AMAZON-02)
2 34.111.208.231 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 13.224.194.132 16509 (AMAZON-02)
1 2600:9000:206... 16509 (AMAZON-02)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 104.244.42.200 13414 (TWITTER)
1 18.66.112.79 16509 (AMAZON-02)
1 2001:4860:480... 15169 (GOOGLE)
1 2 52.213.189.61 16509 (AMAZON-02)
3 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a03:2880:f17... 32934 (FACEBOOK)
3 2600:9000:214... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 54.204.247.246 14618 (AMAZON-AES)
9 2600:9000:225... 16509 (AMAZON-02)
1 143.204.210.101 16509 (AMAZON-02)
2 54.89.126.144 14618 (AMAZON-AES)
174 55
55    2606:2c40::c73c:67fe (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
www.avanan.com
3    2606:4700:e0::ac40:660b (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
3    2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)
platform.linkedin.com
1    2606:4700::6810:6fd1 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn2.hubspot.net
8    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
no-cache.hubspot.com
app.hubspot.com
cta-service-cms2.hubspot.com
track.hubspot.com
forms.hubspot.com
1    2606:4700::6812:d533 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscta.net
6    13.32.27.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-95.fra56.r.cloudfront.net
www.gartner.com
1    2606:4700::6810:e05d (United States)

ASN13335 (CLOUDFLARENET, US)
static.hsappstatic.net
3    2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    108.138.17.2 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-2.fra56.r.cloudfront.net
lftracker.leadfeeder.com
7    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
research.checkpoint.com
3    2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
6    146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
platform.twitter.com
2    2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    18.66.97.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-49.fra56.r.cloudfront.net
static.hotjar.com
4    2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    143.204.205.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-205-137.fra53.r.cloudfront.net
d10lpsik1i8c69.cloudfront.net
2    45.60.13.212 (United States)

ASN19551 (INCAPSULA, US)
px.spiceworks.com
1    34.107.254.219 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 219.254.107.34.bc.googleusercontent.com
www.influ2.com
1    2606:4700:4400::ac40:973c (United States)

ASN13335 (CLOUDFLARENET, US)
trk.techtarget.com
1    18.66.112.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-30.fra56.r.cloudfront.net
tr.lfeeder.com
1    2606:4700::6810:4eba (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700::6811:e6a3 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
1    2606:4700::6812:7b0c (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
1    2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    104.244.42.5 (United States)

ASN13414 (TWITTER, US)
t.co
1    104.244.42.131 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    104.26.11.16 (None, )

ASN13335 (CLOUDFLARENET, US)
settings.luckyorange.net
2    2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    52.222.236.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-63.fra56.r.cloudfront.net
script.hotjar.com
2    34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com
ibc-flow.techtarget.com
1    2a00:1450:4001:80e::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
t.influ2.com
2    2a00:1450:400c:c02::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    13.224.194.132 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-132.fra2.r.cloudfront.net
d26x5ounzdjojj.cloudfront.net
1    2600:9000:206f:e200:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.linkedin.oribi.io
4    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
2    104.244.42.200 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
1    18.66.112.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-79.fra56.r.cloudfront.net
vc.hotjar.io
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
2    52.213.189.61 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-189-61.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
3    2606:4700::6812:b07d (United States)

ASN13335 (CLOUDFLARENET, US)
perf.hsforms.com
3    2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
3    2600:9000:214f:c400:14:c034:4840:93a1 (United States)

ASN16509 (AMAZON-02, US)
reviews.static.gartner.com
1    2606:4700::6811:c9cc (United States)

ASN13335 (CLOUDFLARENET, US)
api.hubapi.com
4    54.204.247.246 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-204-247-246.compute-1.amazonaws.com
com-thebigwillow-prod1.collector.snplow.net
9    2600:9000:225e:6600:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)
checkpointsoftwaretechnologiesincavanan.widget.insent.ai
1    143.204.210.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-210-101.fra53.r.cloudfront.net
js.pusher.com
2    54.89.126.144 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-89-126-144.compute-1.amazonaws.com
bf28149orj.bf.dynatrace.com
Apex Domain
Subdomains		 Transfer
55 avanan.com
www.avanan.com
2 MB
9 insent.ai
checkpointsoftwaretechnologiesincavanan.widget.insent.ai
507 KB
9 gartner.com
www.gartner.com — Cisco Umbrella Rank: 64099
reviews.static.gartner.com — Cisco Umbrella Rank: 164401
205 KB
8 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 1192
analytics.twitter.com — Cisco Umbrella Rank: 869
syndication.twitter.com — Cisco Umbrella Rank: 1427
159 KB
8 hubspot.com
no-cache.hubspot.com — Cisco Umbrella Rank: 13427
app.hubspot.com — Cisco Umbrella Rank: 6214
cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 6556
track.hubspot.com — Cisco Umbrella Rank: 2658
forms.hubspot.com — Cisco Umbrella Rank: 5406
9 KB
7 gstatic.com
fonts.gstatic.com
82 KB
6 linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 4004
px.ads.linkedin.com — Cisco Umbrella Rank: 416
www.linkedin.com — Cisco Umbrella Rank: 708
px4.ads.linkedin.com — Cisco Umbrella Rank: 6066
165 KB
4 snplow.net
com-thebigwillow-prod1.collector.snplow.net — Cisco Umbrella Rank: 91812
639 B
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 187
175 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 116
2 KB
3 hsforms.com
perf.hsforms.com — Cisco Umbrella Rank: 14252
3 KB
3 google.de
www.google.de — Cisco Umbrella Rank: 6147
625 B
3 google.com
www.google.com — Cisco Umbrella Rank: 2
region1.analytics.google.com — Cisco Umbrella Rank: 2714
816 B
3 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 28664
ibc-flow.techtarget.com — Cisco Umbrella Rank: 25250
2 KB
3 cloudfront.net
d10lpsik1i8c69.cloudfront.net
d26x5ounzdjojj.cloudfront.net
113 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 45
stats.g.doubleclick.net — Cisco Umbrella Rank: 98
2 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 427
14 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 42
71 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 56
296 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 49
3 KB
3 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1214
136 KB
2 dynatrace.com
bf28149orj.bf.dynatrace.com — Cisco Umbrella Rank: 100822
941 B
2 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 624
1 KB
2 influ2.com
www.influ2.com — Cisco Umbrella Rank: 64961
t.influ2.com — Cisco Umbrella Rank: 61685
3 KB
2 spiceworks.com
px.spiceworks.com — Cisco Umbrella Rank: 45441
7 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 901
script.hotjar.com — Cisco Umbrella Rank: 1101
60 KB
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 981
9 KB
2 checkpoint.com
research.checkpoint.com — Cisco Umbrella Rank: 590385
67 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 250
9 KB
1 pusher.com
js.pusher.com — Cisco Umbrella Rank: 16218
18 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 3870
1 KB
1 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 2992
259 B
1 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1230
367 B
1 luckyorange.net
settings.luckyorange.net — Cisco Umbrella Rank: 11237
747 B
1 t.co
t.co — Cisco Umbrella Rank: 614
377 B
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2528
16 KB
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 5142
86 KB
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3531
4 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2519
21 KB
1 lfeeder.com
tr.lfeeder.com — Cisco Umbrella Rank: 33201
293 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 792
15 KB
1 leadfeeder.com
lftracker.leadfeeder.com — Cisco Umbrella Rank: 97081
11 KB
1 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 6516
6 KB
1 hscta.net
js.hscta.net — Cisco Umbrella Rank: 24323
7 KB
1 hubspot.net
cdn2.hubspot.net — Cisco Umbrella Rank: 9766
2 KB
174 45
Domain Requested by
55 www.avanan.com www.avanan.com
9 checkpointsoftwaretechnologiesincavanan.widget.insent.ai www.avanan.com
checkpointsoftwaretechnologiesincavanan.widget.insent.ai
7 fonts.gstatic.com fonts.googleapis.com
6 www.gartner.com www.avanan.com
www.gartner.com
5 platform.twitter.com www.avanan.com
platform.twitter.com
4 com-thebigwillow-prod1.collector.snplow.net d26x5ounzdjojj.cloudfront.net
4 connect.facebook.net www.avanan.com
connect.facebook.net
3 track.hubspot.com
3 reviews.static.gartner.com www.gartner.com
3 www.facebook.com www.avanan.com
connect.facebook.net
3 perf.hsforms.com www.avanan.com
3 px.ads.linkedin.com 3 redirects
3 www.google.de www.avanan.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
www.avanan.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 www.googletagmanager.com www.avanan.com
www.google-analytics.com
3 fonts.googleapis.com www.avanan.com
3 use.fontawesome.com www.avanan.com
use.fontawesome.com
2 bf28149orj.bf.dynatrace.com www.gartner.com
2 match.prod.bidr.io 1 redirects www.avanan.com
2 syndication.twitter.com platform.twitter.com
www.avanan.com
2 cta-service-cms2.hubspot.com js.hscta.net
2 d26x5ounzdjojj.cloudfront.net www.avanan.com
d26x5ounzdjojj.cloudfront.net
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 ibc-flow.techtarget.com trk.techtarget.com
2 www.google.com www.avanan.com
2 px.spiceworks.com www.googletagmanager.com
www.avanan.com
2 snap.licdn.com www.googletagmanager.com
snap.licdn.com
2 research.checkpoint.com www.avanan.com
2 cdnjs.cloudflare.com www.avanan.com
www.gartner.com
1 js.pusher.com checkpointsoftwaretechnologiesincavanan.widget.insent.ai
1 forms.hubspot.com js.hsleadflows.net
1 api.hubapi.com js.hsadspixel.net
1 region1.analytics.google.com www.googletagmanager.com
1 vc.hotjar.io script.hotjar.com
1 px4.ads.linkedin.com www.avanan.com
1 www.linkedin.com 1 redirects
1 cdn.linkedin.oribi.io snap.licdn.com
1 t.influ2.com www.influ2.com
1 app.hubspot.com www.avanan.com
1 script.hotjar.com static.hotjar.com
1 settings.luckyorange.net d10lpsik1i8c69.cloudfront.net
1 analytics.twitter.com www.avanan.com
1 t.co www.avanan.com
1 js.hs-banner.com www.avanan.com
1 js.hsleadflows.net www.avanan.com
1 js.hsadspixel.net www.avanan.com
1 js.hs-analytics.net www.avanan.com
1 tr.lfeeder.com www.avanan.com
1 trk.techtarget.com www.avanan.com
1 www.influ2.com www.googletagmanager.com
1 d10lpsik1i8c69.cloudfront.net www.avanan.com
1 static.hotjar.com www.googletagmanager.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 lftracker.leadfeeder.com www.avanan.com
1 static.hsappstatic.net www.avanan.com
1 js.hscta.net www.avanan.com
1 no-cache.hubspot.com www.avanan.com
1 cdn2.hubspot.net www.avanan.com
1 platform.linkedin.com www.avanan.com
174 61
Subject Issuer Validity Valid
www.avanan.com
GTS CA 1P5		 2023-09-20 -
2023-12-19		 3 months crt.sh
use.fontawesome.com
GTS CA 1P5		 2023-09-01 -
2023-11-30		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2023-07-11 -
2024-07-10		 a year crt.sh
hubspot.net
Cloudflare Inc ECC CA-3		 2023-04-06 -
2024-04-05		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2023-02-05 -
2024-02-05		 a year crt.sh
www.gartner.com
Amazon RSA 2048 M01		 2023-02-22 -
2024-02-05		 a year crt.sh
hsappstatic.net
Cloudflare Inc ECC CA-3		 2023-04-10 -
2024-04-09		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
*.leadfeeder.com
Amazon RSA 2048 M01		 2023-02-02 -
2024-03-02		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
research.checkpoint.com
Cloudflare Inc ECC CA-3		 2023-06-15 -
2024-06-13		 a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-21 -
2024-07-19		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 05		 2023-07-26 -
2024-01-22		 6 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-07-17 -
2023-10-15		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
imperva.com
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-08-07 -
2024-02-03		 6 months crt.sh
influ2.com
GTS CA 1D4		 2023-10-03 -
2024-01-01		 3 months crt.sh
*.lfeeder.com
Amazon RSA 2048 M01		 2023-03-22 -
2024-04-19		 a year crt.sh
*.twimg.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-21 -
2024-08-20		 a year crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
ibc-flow.techtarget.com
GTS CA 1D4		 2023-09-21 -
2023-12-20		 3 months crt.sh
t.influ2.com
GTS CA 1D4		 2023-09-01 -
2023-11-30		 3 months crt.sh
linkedin.oribi.io
Amazon RSA 2048 M01		 2023-06-08 -
2024-07-07		 a year crt.sh
syndication.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
*.hotjar.io
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
*.google.de
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
reviews.static.gartner.com
Amazon RSA 2048 M02		 2023-03-16 -
2024-04-13		 a year crt.sh
hubapi.com
Cloudflare Inc ECC CA-3		 2023-04-07 -
2024-04-06		 a year crt.sh
com-thebigwillow-prod1.collector.snplow.net
Amazon RSA 2048 M01		 2023-02-21 -
2023-12-10		 10 months crt.sh
*.widget.insent.ai
Amazon RSA 2048 M01		 2023-03-01 -
2024-03-29		 a year crt.sh
js.pusher.com
Amazon RSA 2048 M01		 2023-04-13 -
2024-05-11		 a year crt.sh
*.bf.dynatrace.com
Amazon RSA 2048 M02		 2023-03-01 -
2024-01-07		 10 months crt.sh

This page contains 8 frames:

Primary Page: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Frame ID: D6A563C9D26E0AEDF95CAC9D276BF929
Requests: 151 HTTP requests in this frame

Frame: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Frame ID: CBB3E37C9BE7F982C536C46C6A72CE76
Requests: 6 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.34999e64cd909e9be3bbd826bafcd2c4.html?origin=https%3A%2F%2Fwww.avanan.com
Frame ID: 4A03FBE21732BDF217FB23274752C6A2
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.34999e64cd909e9be3bbd826bafcd2c4.en.html
Frame ID: B2F5843AB766729E8ECE24F5048DBA9D
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.34999e64cd909e9be3bbd826bafcd2c4.en.html
Frame ID: 7262C335B17D60A263A0EBBF5D3B0401
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2251f0e70687dc%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff224ed894fcfcf8%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Frame ID: 3FAFA069E97A929444EDF8BD78CC7C18
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3130de8fe55458%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff224ed894fcfcf8%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Frame ID: DDA5EDE83929A3046D138B3BFBAEE2C9
Requests: 1 HTTP requests in this frame

Frame: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Frame ID: 3ACF7C0DC895A2A81EC49B5313113CD0
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Breaking Down the Remcos Malware Attempts on Colombian Banks

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
  • googleapis\.com/.+webfont
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

174
Requests

98 %
HTTPS

60 %
IPv6

45
Domains

61
Subdomains

55
IPs

5
Countries

4771 kB
Transfer

10746 kB
Size

45
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 120
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1696849121891&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999 HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1696849121891&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D110528%26time%3D1696849121891%26url%3Dhttps%253A%252F%252Fwww.avanan.com%252Fblog%252Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%253Fhss_channel%253Dtw-2986152999%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1696849121891&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1696849121891&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&cookiesTest=true&liSync=true&e_ipv6=AQLnR-o6TUxZAwAAAYsUFtRJT6_3dJ-8b2m0-0Ql3RD4dUkYmNOOJPGZ9d2PZiKBXq8AHdG_JNuVLg
Request Chain 128
  • https://match.prod.bidr.io/cookie-sync/tbw HTTP 303
  • https://match.prod.bidr.io/cookie-sync/tbw?_bee_ppp=1

174 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request breaking-down-the-remcos-malware-attempts-on-colombian-banks
www.avanan.com/blog/ 		88 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7df4b027925d68c28b72f0c81fb8ae8f10943bff26dfec0309b6fbef1849326
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
s-maxage=10800, max-age=0
cf-ray
81361c1d7a832c3d-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Mon, 09 Oct 2023 10:58:40 GMT
edge-cache-tag
CT-135072397071,CG-4153530738,P-1835778,L-6416153737,CW-10828273430,CW-10828758285,CW-11124227288,CW-38920737000,E-5097885803,E-6067151804,E-6073351973,E-6073918834,E-6084513730,E-6476923280,PGS-ALL,SW-2,B-4153530738
etag
W/"07d39896c5a76e5f89c3c29b23002ee3"
last-modified
Sat, 07 Oct 2023 19:24:41 GMT
link
</hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gCac1EQ%2BZk%2B81YDRafBQeGUGVd5bSfCxlAMk7XSBU5TjEHn%2FJWhyikYLuVEVX8IlIwPm2aePNWyMl%2BzpAX6J0jEsFBC63J7qVHsyJzeIYQDDiPtJHLytMOBtZm4YHi226jlJyssMs6n8%2FjzS"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=10800, max-age=0
x-hs-cf-cache-status
REVALIDATED
x-hs-content-id
135072397071
x-hs-https-only
worker
x-hs-hub-id
1835778
x-hs-prerendered
Sat, 07 Oct 2023 19:24:41 GMT
index.js
www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 5cb605e8100138acccc04f094724133e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
13067542
x-amz-cf-pop
CDG52-P4
x-amz-server-side-encryption
AES256
x-amz-version-id
inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 21 Apr 2023 15:17:56 GMT
server
cloudflare
etag
W/"0bbd63c0750f141fd5cec04a9393647e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SHqZombXn8xQPxMn%2BrY2g2JJuUSYvDTZXJpY7H%2FxgrV48NddVqkQiajM%2FsBcbXZDGLbhv4kPP3CMiuBiq1fGAHYrGCtyiWg3wBynZVbjgpwyBsRdxPtBZe9fj3EJer3nqg8REht5qhvQNzmK"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
81361c1dfb1f2c3d-FRA
x-amz-cf-id
1HpAFXqvL-enGli7aFtbEYFS9QYd6YvOX2Rnrw2xQ2piSsJZzYKgAg==
expires
Tue, 08 Oct 2024 10:58:40 GMT
project.js
www.avanan.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 3acba66e95e31977aee0842f44a6f08e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
24046792
x-amz-cf-pop
FRA56-C2
x-amz-server-side-encryption
AES256
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GX%2F4n3VEovuCHKJHTC73Z9HUJ%2BZrrgKnm71Rk3MtyQ2CwYCzW67YbDVcNzRpPtcdwAjL2A8q%2Fznr%2BRDkaGbRji0ULA0OgHgG9ShEBlLe2k%2BkC9S58YBh%2Bf0rfU51x7zk0Xj4qx1%2F3VIkk65p"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
81361c1dfb232c3d-FRA
x-amz-cf-id
4vqYOqTM0WbGp0-GCaAl1Rqxz0zHXUS33BRu8hoAMeiWnfDDXFZmEw==
expires
Tue, 08 Oct 2024 10:58:40 GMT
post_listing_asset.js
www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 dca6db3c8f31f3cd48bb06d78a8be624.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
24046684
x-amz-cf-pop
FRA56-C2
x-amz-server-side-encryption
AES256
x-amz-version-id
nC1hzr07YsutChb9rCwKsMoiyxip8lR7
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
server
cloudflare
etag
W/"d95d7dafd49a1edc76a47120c287b579"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ehlPCvMV1qG3Y7%2FMGk9%2BmOzlnUWYU1cn9pHNsn7ZPiw5VnruqlGJo3%2BDrsyq59%2FapwuBShv1UXsb2KFXj6s6oq5gkUD67op6rjYGjRt0R47vwM9AJGEt0h6WM%2FmKI9H1QUIwNbv5v15EAfXg"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
81361c1dfb262c3d-FRA
x-amz-cf-id
fPV44mCgriZsUQoyc7i1QoYQ-DdPhviCBhSPhtXanSBgv-UYkySMnA==
expires
Tue, 08 Oct 2024 10:58:41 GMT
jquery-1.11.2.js
www.avanan.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 		94 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 8e83c42d247a31c5b365c08a0352d8f8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
24046692
x-amz-cf-pop
FRA56-C2
x-amz-version-id
null
content-encoding
br
x-cache
Hit from cloudfront
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 08 Jan 2015 18:08:00 GMT
server
cloudflare
etag
W/"5790ead7ad3ba27397aedfa3d263b867"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=469AN6zG95hQxIqNxZz%2Bei8NsTA7PZ93dKrpJAl%2B74ekmmuH52U5%2F%2FWpCanoApsFmz0E16BRNDNBTsgG7iiNC0GqyKqjEspgDUH8Ve68EGtfzvWQRe4gL6Hj1cogkU4wTM%2FGwiSzwRlISnqZ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
81361c1e0b422c3d-FRA
x-amz-cf-id
Mt7dNovV9FGVhheA8veuJniWe6uQntVXEFLqW3FHlj2YpJH7vNbiqQ==
expires
Tue, 08 Oct 2024 10:58:41 GMT
module_38920737000_header-NEW.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/38920737000/1693339116978/ 		350 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/38920737000/1693339116978/module_38920737000_header-NEW.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a28a88a058bb32f3fff988c31380f2392939d9c4d1bf38b32f531969a02a33de
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
1SP0XG6YX7NGZNFM
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"d03acb35e50d52eba2de45e92772724e"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1693339116978
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 90a702a7e21c444d32e69f4d93b07bb4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
mzhlCP.Q4kGZtjrszMLY3UteK9JyKt8t
x-amz-cf-pop
IAD66-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
ecd0f883-bf00-4524-a523-ddf505fa4103
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
169
alt-svc
h3=":443"; ma=86400
x-amz-id-2
ZGcrbbxGKHs+Zai4utVK1gX+91dc/0003mU1TFXZB+/vCaDFmBAc6Hk56dOaADyFVX4SNZF8fe4=
x-evy-trace-route-configuration
listener_https/all
x-request-id
ecd0f883-bf00-4524-a523-ddf505fa4103
last-modified
Tue, 29 Aug 2023 19:58:37 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EEMmj%2FRBUtRDNm%2BizWTzyqKlRud08QbyW8%2BPCVUAAZqGcrGL%2FA%2FR0JrHx%2B4RJRSmQMrnoz%2FTfZOYj%2BLeC6YUfkigjVymBcAjqdYUJgSGBtgSL%2FBtUoQV6%2BwMMSSv9lqIrJ5lD%2FDGdXJDH3oT"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-nlblb
access-control-allow-credentials
false
cf-ray
81361c1dfb2e2c3d-FRA
x-amz-cf-id
oLHSHl5kVMjN6TSVrTmpZqDTMukWx4hGqVVg5vq5gAnZe9hsFi9GHw==
reset.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6067151804/1577975558437/Custom/jacob_redesign/css/ 		760 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6067151804/1577975558437/Custom/jacob_redesign/css/reset.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
97152508df33871d78e6d8595480ac6c5cf8f2feb1fc1ef7fd2ef7a0517810c7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
0Z59M5NSMTT8QXJ1
x-evy-trace-route-service-name
envoyset-translator
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"dd216fc74c067413933b3c64bb975273"
vary
origin, Accept-Encoding
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 663f2425a3138c20ed99538fc8652f3c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
adg6Tcxw8bHaHALCZHMiZcGnIuL6f9nZ
x-amz-cf-pop
IAD12-P2
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
145
alt-svc
h3=":443"; ma=86400
x-amz-id-2
OwFFVSnA/gL76Y1cteJAeBdF9C/K/G4i+3LoOrGEa5VOrxri7KrVw4uIL1FHusvkke9pR7XNc2Q=
x-request-id
9c751005-f62b-494a-aa45-c91a462368c2
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 02 Jan 2020 14:32:39 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9jrfm3xOZiM7L17ynqOaLyR88oGlS64tIHW1OULjcXHIIhorfHcoyEDhWBFeE98Cl5y4xIAUDrQFGuNU1aNpKBVqt4%2B9jz7WXEq61UUqBGoEsp3v%2FHWgYpvrB5K19psQOctWXmcV6BrY7%2Fgu"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials
false
cf-ray
81361c1dfb2f2c3d-FRA
x-amz-cf-id
qZZKD_d6Cx0RShpaweMSvxWolpLX35dYB29gGAGs7vm2YL8L8bwkNA==
module_11124227288_updated_blog_body.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298028261/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298028261/module_11124227288_updated_blog_body.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb73cc89830d3824b5c588849b29a5d4bad5b71108ba60e17bad3e6276dd5f7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
5KXGZXQ954S6DQ28
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"34740dad57e89fd2749c7cdb3497cb09"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1683298028261
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 e880df37740c4e68e519f8478d14cb88.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
HyZl6ue_xg82nZe3wq8kD7rN5WNVoPQi
x-amz-cf-pop
IAD89-P2
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
283
alt-svc
h3=":443"; ma=86400
x-amz-id-2
QUdKaifwgALJwcbBazm5pJx4O3NB71W5gPm2uydyxcoxJ92y21GMNk7bd8LO4ZczIh/mOHpXUII=
x-evy-trace-route-configuration
listener_https/all
x-request-id
22a796fa-bd48-48a6-b057-5ded8eba0994
last-modified
Fri, 05 May 2023 14:47:09 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IMDnwy2pnq7Kcl7rAnYD9r%2F8DvThL5Qs%2BrfMtcO9tFhjJFqE30v%2FaV0qJ5okbTyjGUuRlueBTyy4DsR%2FSTEMt7pYiHZhbT9JvIOaJrYzUfamT09DHDYyBJqknJlWBbKRmCavGzaxmdf0mli8"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials
false
cf-ray
81361c1e0b302c3d-FRA
x-amz-cf-id
rSfEIDDPqTFcxLmxoDZA6UZnet_1Zpw6Q8k6lw6CFoJtb3GGHSn5Uw==
project.css
www.avanan.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/ 		720 B
832 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/project.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 0a4e8f7c3d348e526848328c55dd452a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
24046463
x-amz-cf-pop
FRA56-C2
x-amz-server-side-encryption
AES256
x-amz-version-id
7bzlyDLBPgFUhJmnx6rYCRN4B2XAfbkA
content-encoding
br
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 19 Aug 2020 22:47:10 GMT
server
cloudflare
etag
W/"a81c70764750950eb72d4537c41e781f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KaCfBxBcXR5LVE3pJCZCnqYngf%2BGSAlW%2BwLB17o8zouhFoyFd9%2Fur%2BRdgojmDBAKdA5QV87Rkmu2nbSU9lWJ6qiE34zzsUDud5mMPH%2BZpHfolkp6fsQgIlL3cmB63MNFMxfsVG4VtTZnldht"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
81361c1e0b322c3d-FRA
x-amz-cf-id
aoBZEEhqWcbE527ljPkuYQTBuwy02IzIHCkvQmyHORhnq5aRB0WaTg==
expires
Tue, 08 Oct 2024 10:58:40 GMT
rss_post_listing.css
www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 		910 B
743 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 c1e2423613b2dcb4230386a2b285734e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
24051086
x-amz-cf-pop
FRA56-C2
x-amz-server-side-encryption
AES256
x-amz-version-id
YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
server
cloudflare
etag
W/"e1b521ec14a912d6d385c21388ec7d79"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JjVXC%2BUd8Qck6QmH9mgop6WD%2FNtgU6OmnoRefHOpDEq%2BIc4YzFJUu161eH8lI6LcZDcUleir2DL5aVf9zPdJ95rJBqMp72H7Sxr%2Fb7%2BC2NpV2IeZNYbO%2Bb4VutCFOLMMpBleeZoxj1QQ5AkB"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
81361c1e0b332c3d-FRA
x-amz-cf-id
Wzql4_q6p1hO3hRyRtKNM-EtNBOw4QGb-QbgBzaONmKGxijiiaWUZw==
expires
Tue, 08 Oct 2024 10:58:40 GMT
module_10828758285_updated-blog-cta-banner.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828758285/1681233594853/ 		43 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828758285/1681233594853/module_10828758285_updated-blog-cta-banner.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c5109ab0fecc5ef21cc3eddf9e5e66741feb3c03a08c0c5d12a153bffe56a4d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-request-id
YGK6XKRV5SEWXVXC
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
"5c9c72ede880a71bcb77cbc90d5183e2"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1681233594853
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 5d1a51a1eb09caa5b28051dd961c7c40.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ltjXTsnFD2W5CxxF4UctYebNy2UB5hTD
x-amz-cf-pop
IAD55-P5
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
147
alt-svc
h3=":443"; ma=86400
content-length
43
x-amz-id-2
kB0iyL+NKGyLQRGS4gRaACthz0jvVQ01thA9D9pMP+upRFczcC3RoGrSru8sIHqqju7N3/UD9yw=
x-evy-trace-route-configuration
listener_https/all
x-request-id
732f6bd3-9569-491c-bb76-11606fb1d86e
last-modified
Tue, 11 Apr 2023 17:19:55 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FxObVKrodifQeJKY6v4kVYMzDXKuvymZ4WHJVWdpDUdlMH3uJmpRfRUPnOMCNpvxNsJ12apRikwjFbCXTWoWu3VWT689N805N6qU9ZTlANDSWdNkkP8ma0Ivl2I4nxkaQcEjno8fOjNu5eO4"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
81361c1e0b342c3d-FRA
x-amz-cf-id
SJHzgCOBL2txviQYrOdZFoZjdC-WHQ3Q-yPz6G3lHg4tSG7ghIMkyg==
module_10828273430_updated-blog-footer.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828273430/1681233744378/ 		1022 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828273430/1681233744378/module_10828273430_updated-blog-footer.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a6284f5e68fe70bb17c9aecb532fdb513b37ec0096d21e9a7231fbcfeda6794
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 76cd2de9f0213e8c76093c6b346e8118.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
IAD89-P1
x-amz-request-id
JRYM556RAD6VAFKX
x-amz-server-side-encryption
AES256
x-amz-version-id
t.xmjVBLpB.BylnQD5kN_qjPsk0xLKEI
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
content-encoding
br
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
alt-svc
h3=":443"; ma=86400
x-amz-id-2
w8O1jKT37QIeq4rDsWUaHf9Z+Z7R0uB4waapC5LnW78oNNHJSHSCCE0I2ijIV8L6qhD/2mFCpmw=
last-modified
Tue, 11 Apr 2023 17:22:25 GMT
server
cloudflare
etag
W/"0db2aa71f1f3b6937b6f53dfa6ff0be5"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1681233744378
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2rfDD%2FSNS8fYUUw6YjPNQT83OzdZ%2BYFzWD0ey0Ijrf3q8YfZyr7tzaRyulsfkEnXW7PLZt9fllJykmrCFwWPkJYl6PnYfVJOp%2BtTnbs4bd48qnknZJhtk65hKYD%2BwECcHlXxJkV1s83%2FHUdl"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
81361c1e0b352c3d-FRA
x-amz-cf-id
siBcoj0y_4_kxCxjXjJYCMgsBKj4GPzNcFSHhgq8KYUtewmnkHwAWA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
all.css
use.fontawesome.com/releases/v5.2.0/css/ 		46 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.2.0/css/all.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:660b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:40 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
XPGXXQXD59JPPJRH
age
2521962
alt-svc
h3=":443"; ma=86400
x-amz-id-2
+O2QaL7EswyMjxydm2hO6UU2o0smnWxFKdOGbU9NesIIFDeZojiW6EdsDIf6Q6CUjNgIM1ob5NPVrnXS6IIFtsNhQ8KdBSBf
last-modified
Wed, 30 Jun 2021 15:41:36 GMT
server
cloudflare
etag
W/"20a9ce516eaea76da29a23adc43e8998"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wWWYDDNm7abTwTrPAh52CaUV3qSMV5WW1biZiaBFU7Oasl6eOyUtkeHO2vpaXpXQlulvhtCkXNlWdYDY6nmqhLQB7d77PO7fLkuiC5%2F%2Bd%2Bpk0AwukNhzoUpvYq9ycf3NqIWRbxeontGshEEvAd9amk9X"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
81361c1e28dd5d7e-FRA
css
fonts.googleapis.com/ 		19 KB
941 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3726f6f71175b54abf48e8863b8634461bcbf34831f7c1b0a1d11e2604782b3a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 09 Oct 2023 10:58:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 09 Oct 2023 10:58:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 09 Oct 2023 10:58:40 GMT
js.cookie.min.js
cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.4/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.4/js.cookie.min.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3636e8810aa8b16828af450174251147977372f0201e77d464c719f110b0924f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
14245589
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
767
last-modified
Mon, 04 May 2020 16:11:49 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec5-6c8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ic6lDJ1EatqXT1HDI%2FRR0vk1jBF1xReNrwZ9885KHcJzjZiTKn1Bh5qmisufxyVTM323q%2BXTm9%2F%2BN%2FC%2F5vnwyWVKYPxpA%2BX7z4CyoPzYPGRBoMHnaCsGSxWmt4UmkUAFzNcnRG5RZAkFJ9O3dHr%2BIleZ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
81361c1e184139c4-FRA
expires
Sat, 28 Sep 2024 10:58:40 GMT
in.js
platform.linkedin.com/ 		510 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CE6) /
Resource Hash
c7d2435a17074fcf9d68f3dc278cdcdbaa0591d4dc6df866c6dd1f4b4f57d2ab
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn-client-ip-version
IPV6
x-cdn
ECST
age
3336
x-cache
HIT
x-cdn-proto
HTTP2
content-length
163638
x-li-uuid
AAYHRbI9ElRYoDF4TXYRvw==
last-modified
Mon, 09 Oct 2023 10:03:04 GMT
server
ECAcc (frc/4CE6)
x-li-pop
prod-lva1-x
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
x-li-fabric
prod-lva1
cache-control
public, max-age=3600
x-li-proto
http/1.1
accept-ranges
bytes
expires
Mon, 9 Oct 2023 11:03:04 GMT
layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1696612711849/hubspot/hubspot_default/shared/responsive/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1696612711849/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6fd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-encoding
br
age
236363
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"94daf62e7e6df83595c6251fb0c7c055"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1696612712490
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD61-P1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
3a52bb66-ba37-47de-b73b-a00257bbbc7a
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
178
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
3a52bb66-ba37-47de-b73b-a00257bbbc7a
last-modified
Fri, 06 Oct 2023 17:18:33 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQOoLb4LhTdoy%2FvS%2BcFnK1Xt3zvs8Bychp8WyP4tEWfPJ7PgK22ILZJgvopIvfVqco2NdVhGxQVGabv6Qwaethsm5jA5qbTHDzK%2Fbw%2FwAAlSx3chV4xZOEjtiFQd8Vo2sFy6eOpQtl3KPdHPnSU%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray
81361c1e2d91047a-FRA
gradient.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/ 		120 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
08deb5fb8e8a49d3e598cab0f6c178154648cd6234894569a0987812b19475f3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 5148e372b4ab17878741ea92be548472.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
IAD89-P1
x-amz-request-id
F1H8BDGMC8Q89T06
x-amz-version-id
Np0IHzSsaoWIRo2pA7QSOE6GTgUdVUIS
content-encoding
br
x-cache
Miss from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
l4RV8qoAG24yYuU8INnIhDFaHYWJ2gmOM+A1UsOSzKBUXSxM49SNbIsp32nN6V4StDZ7PPeiQbM=
last-modified
Thu, 02 Jan 2020 14:32:40 GMT
server
cloudflare
etag
W/"336dca61498fc7140b09ba03ed7bf73f"
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qQ2OUlNhSu%2Fz2lQ8h4jVdlNZdemI5S0K%2F2TKmTT7xperdn0TPaQgy0CLBgKH7%2BhQJ4xW7WZFf08l3l8V8%2Bco%2F3g65T8JZ424A18albUZDLlPCHgYLttxzAN8v4eXzTWUfkpsqkuH2MtKqxgP"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
81361c1e0b382c3d-FRA
x-amz-cf-id
WyoP1YouARx9i13O7fLglVcaa-T81U8nyfzZJZme3FZzpdgUamjT1w==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
template.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/ 		193 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
92544ed57b172f513a507fe6d3e09d763bc23c413e47d110d8dc03ef896490dd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
60F9AVRJJE9ND492
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"c532cb73709fa483616feef093f4d595"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1693338323621
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 9e18259ccc98f7a9dcd0fe17b60688c2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
V4U7qS8p16YQ5afAoV9tdACdkHL_IvNE
x-amz-cf-pop
IAD66-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
ca5131fd-c530-4dd9-adaa-14e341f70a65
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
198
alt-svc
h3=":443"; ma=86400
x-amz-id-2
hpxIuauoGwwOkdN9XhLxioGTMAeO+vNTn3YNGa1rnEqOi7jIh3uKYlBBEnvHKmYptJ5tFo04cPE=
x-evy-trace-route-configuration
listener_https/all
x-request-id
ca5131fd-c530-4dd9-adaa-14e341f70a65
last-modified
Tue, 29 Aug 2023 19:45:24 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qjD6RrxV9pxp0CJ9ZL93IE1B2csOSUb5IAVJzl3BiWwV9So2slCZA6YficHYxCjhGu%2BctQ1GsGsRSS6D9PChzr2Xzzd2FMbII5MBQK553GiUX7Rj7PRCdT8twG3vE2su7W2sPmTlpaiizFVS"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-xmwnv
access-control-allow-credentials
false
cf-ray
81361c1e0b3a2c3d-FRA
x-amz-cf-id
5Oi-Fv7k0plc1XQHsFsyWOgBXe5CRJna4kEJ1SqkIJ4mpiVy5tsGBA==
animate.css
www.avanan.com/hubfs/website/code/css/vendor/ 		76 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/css/vendor/animate.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8150a6e66442996f64560b128d0effe532ed5eabdf0a8c6176c8c4e8ed502e6f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10555715886,FD-10555825155,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
923453
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6J41X2H3DJQZZ3
content-encoding
br
edge-cache-tag
F-10555715886,FD-10555825155,P-1835778,FLS-ALL
cache-tag
F-10555715886,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id
DNimaXPyQx0q8PYRQbkCSZdSE0X.bmnJ
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
pjsj9if80GnJ4Qdus+shD7onlCaU/MKp9ta74PHk5oTqcPwGPKgqnHTc4K2Vx+30vvfhz+FIOLA=
last-modified
Tue, 18 Jun 2019 07:24:00 GMT
server
cloudflare
etag
W/"d96b2083b0acbb11911bb4f068158299"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zVVbb%2Fc5GcqpeUk2hWuCjdKgznPYFIFHT%2FxOPP8DV5VqV%2BHD0rHGs6wHhCe46Fd0tfmXphJzvXaPX4NY4mmLkv5BSJkTPVGon%2BfIMl2pzY0BzuncZ0bKHRtTI%2B7KcpV7yaDxXtfWBdhTVtDL"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c1e0b3b2c3d-FRA
x-amz-cf-id
MjRY1KRgiuDm39Ksl1A01_BNiip0t2L6igqcxw40Qdt5lwcCkOwIbQ==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.megamenu.css
www.avanan.com/hubfs/website/code/css/vendor/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/css/vendor/hs.megamenu.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4eed62e19ef261a18dade30aac09258399bbead589a04d061bce834f0d5a2bcd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 3199fed6c4260c9448326645d333530a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10555715922,FD-10555825155,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
923453
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6MY08RK81CDFGW
content-encoding
br
edge-cache-tag
F-10555715922,FD-10555825155,P-1835778,FLS-ALL
cache-tag
F-10555715922,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id
xY1xlt9wqfq8h7_kClSamJ0VluM_5ZF9
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
dVDkW+Yakzy2V8gQGNpRdR9XGdjZajRUdGwzb4KdZVa1c6Alt6sD67D9cBJNWDsc7SgYVKfIc34=
last-modified
Tue, 18 Jun 2019 07:24:00 GMT
server
cloudflare
etag
W/"c46d4ef35d114216ae8c0fe4137c84d5"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iTpp1CmOj4euBGv%2Bl28jRuf7e3fhy6m82B83Wbh2l8qC5r9O5VWotlsG9ubiAfyTJ%2F5VnRvJFnDcAS7s%2FXMzPSHRT8FkSGc48o0ZiTzUea8HLl5RpLCtJ4ChgaGv0Tl2vCgfReGfiyUxk1vz"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c1e0b3c2c3d-FRA
x-amz-cf-id
bmDvdJuHQjTdkgI5w7VIpk-6KAq4FJE8P8Iipv-Y7sRLQB-3M35lSA==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
dzsparallaxer.css
www.avanan.com/hubfs/website/code/css/vendor/ 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/css/vendor/dzsparallaxer.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a62430c1506f9d9ecc0bca9ffa39a073d5148f07be4aa54ed4532f9650caf56a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 05ec74146f636de45e985d09f62976dc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10555715948,FD-10555825155,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
181236
x-amz-cf-pop
AMS1-C1
x-amz-request-id
6V6JF8GMK2H50Y0E
content-encoding
br
edge-cache-tag
F-10555715948,FD-10555825155,P-1835778,FLS-ALL
cache-tag
F-10555715948,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id
OQfzSS0e1XiUHyu7fgd1SQC64WCGDBlx
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
wPPEUnXD6+xA3yT5PUSacr0kvmUUkv9M+oR8d0JfwAzQKLoNHjb+BItHovrHzGuo0phABAp8nV0=
last-modified
Tue, 18 Jun 2019 07:24:00 GMT
server
cloudflare
etag
W/"319d193fcbeb97bbd3c83a72ee3dac65"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZONraiFkFpE9EaAiNN0GlfEXIxd995k6bK9SfdoYZkDDh4rafCigiC8mbE0421ltIaOkGQEyp63yiSByiSPZOVpjYnMXNdoyHqDdwD85pSqYeMlNfeHvardtgqmhFLnSPXxlSN4i8HY3Cd91"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c1e0b3d2c3d-FRA
x-amz-cf-id
9UUyvIQZeIVDN0Jm5sKxWZTQHXxsEHYc931vVFf1CtIk3Nu6t1JTvA==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
custombox.min.css
www.avanan.com/hubfs/website/code/css/vendor/ 		41 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/css/vendor/custombox.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
deb3d40a52e939dc606cacea278753f149b56d19b6619994069659687e3a7728
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 f3d57c6f1e03e389abd50b7f7535cee4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-12524627747,FD-10555825155,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
923453
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6KGFA5YS2QVJQP
content-encoding
br
edge-cache-tag
F-12524627747,FD-10555825155,P-1835778,FLS-ALL
cache-tag
F-12524627747,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id
7rgoaYxL_.zq0Q9pSWvug18ufCSiqriy
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
nLOnWb86dXYY8TZpggCmYd8b6iA1hLqADsFZKVvVwXeIHu5SNaXKz6nFvINCmwzAMRH5bXHOnPg=
last-modified
Thu, 29 Aug 2019 14:21:43 GMT
server
cloudflare
etag
W/"3546f0274dff535bcf97625374c1c7cf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F9dkBXmSuJQ8uVEWQRQFjHYjhPofjyijYKIWo%2BxMT2MZBPRGGE%2BQsVORBN1Ak00%2FlwcKx7VPXCeKaRwVEPO7fo3nIDsblGCkfHErNqwAvl%2FZELLAHC6pvOCZce7St9HycV%2Bn63aWfzC%2F9JF6"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c1e0b3e2c3d-FRA
x-amz-cf-id
-3hP6hFDx7D_prDjRYE5AGGamJgyTTt2ZPbE9OtVOb22D_6xfGrgUw==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
theme.css
www.avanan.com/hubfs/website/code/css/ 		393 KB
55 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/css/theme.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf53806c2a4cef2c89a8502411683c83162fe73859d7d24244259e7e793df68a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-12350310726,FD-10555529544,P-1835778,FLS-ALL
age
923453
x-amz-request-id
6V6SAW6MK79XWANG
x-amz-server-side-encryption
AES256
edge-cache-tag
F-12350310726,FD-10555529544,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"dd24981f95399e7f2d5674114004c268"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1566500436528
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 9b7b71910b45e646f6476bbd270127a4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
.VuZQK18yvpctq7eWnfEjZ9JXuCTwHN5
x-amz-cf-pop
FRA56-P7
x-cache
RefreshHit from cloudfront
cache-tag
F-12350310726,FD-10555529544,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
jJFYifFTEmjQqnhnrnt3bhcDIrWfJK3+bJoqTpmOERcBTQBkdFIQRUDFsOUZ5Nukr4Wekchhy3k=
last-modified
Tue, 29 Aug 2023 17:12:22 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p9dIfoKfUv5IYMwSPoka2wg89%2BxSOIyod4e98EFgZidGMG1Q582UKSnseCaOG1fumSTzzEt%2FyBzlbkyi0J2h%2BWbq0%2B3LBoGjPFvJHpzNfbvVIb%2B399BwrUV0Zcbdb40lZbLe4zmKvmYkE4EV"}],"group":"cf-nel","max_age":604800}
cf-ray
81361c1e0b3f2c3d-FRA
x-amz-cf-id
DOCzfWu5Px3Xs481LcZmM_8gg7mpIHdyEeRKtid-YNjAdx0ksZR8_g==
header-slim.css
www.avanan.com/hubfs/website/code/css/components/ 		84 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/css/components/header-slim.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f54ad99ac9b8bf0271cc6d19132826863aa3dc7077b4d5c586f99c46130efb30
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-29822257866,FD-10639271059,P-1835778,FLS-ALL
age
308291
x-amz-request-id
6V6SX8MNY7RKGHQF
x-amz-server-side-encryption
AES256
edge-cache-tag
F-29822257866,FD-10639271059,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"b144dc1e3369574aa43f95d44261c80b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1590586777336
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 c76130909cba12f494ee98f488e40752.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
42YSFG0lTWtnZ.W1lT05OT2Zcvw1os6c
x-amz-cf-pop
MRS52-P2
x-cache
RefreshHit from cloudfront
cache-tag
F-29822257866,FD-10639271059,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
alt-svc
h3=":443"; ma=86400
x-amz-id-2
FZ1kvhOESx/X+nI7mgLBhhhOEXv50hQj/CD9BD6OJ4fnxg8DnmBoCA/+XEy4rHdNTnsru+INfZ8=
last-modified
Fri, 08 Oct 2021 20:18:11 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SQ9o%2FinCimhv%2BRj6j2m2zS0rKXlC7VQztP9df%2FRjDIbflZ%2Bmd50crOykpQ702HQQ%2BX4%2BPIF08HsK0BhgOo2gkaM35IB0tvpChnwu9O6Lvh67MazLFR9orAAeSKG1rguC6KkawstwYLjs5VKc"}],"group":"cf-nel","max_age":604800}
cf-ray
81361c1e0b402c3d-FRA
x-amz-cf-id
dLx1bNxTOnULxhvwVqtWjnD3Zg84TFmElozU2iG0xq2emSYRGG2Ptw==
css
fonts.googleapis.com/ 		5 KB
956 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Cabin:400,500,600,700&display=swap
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
221a2d2c81d6c147efa694dd73f51bdcb8ecf509826457780c44f5026b6d5a71
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 09 Oct 2023 10:58:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 09 Oct 2023 10:58:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 09 Oct 2023 10:58:40 GMT
How-Safe-Are-Your-Emails-featured.png
www.avanan.com/hubfs/website/img/infographics/ 		621 KB
622 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/infographics/How-Safe-Are-Your-Emails-featured.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8deb475ac50713a43d3cf93fb2579f1badda5b9dee5704850b032f0f25564895
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-52270339845,FD-10949243896,P-1835778,FLS-ALL
age
923453
x-amz-request-id
V0H7FTH6CWP5BCHF
x-amz-server-side-encryption
AES256
edge-cache-tag
F-52270339845,FD-10949243896,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
content-disposition
inline; filename="How-Safe-Are-Your-Emails-featured.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"c633bdada0f0b6b3a8ed9923b6fb540b"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1628160146967
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
.d7FqQt._o1Rnh6A1lokFj0_Ws48Edpl
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=866167
x-cache
RefreshHit from cloudfront
cache-tag
F-52270339845,FD-10949243896,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
alt-svc
h3=":443"; ma=86400
content-length
635542
x-amz-id-2
6NxNtAgbaHH9OAuq1wSxxu3O5clzi3TxlOv74URu4USKNR2B6s8DkVeRmkHigUvAbrlMKhlbzt4=
last-modified
Thu, 05 Aug 2021 10:42:28 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jLfWC1B3sSxSu%2FJSj90SHcyspkeszABXeL%2B91AZom8q9I1BQDR8LTcqI%2BNpMwcyebcCepj9WspmCpdEisVZAPuFozhyumvLGAEX4c%2FsasdZQ5VID8qn6gUB8RfRB79nhhOti2xY%2Bv%2Bz3kAgI"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c209c433608-FRA
x-amz-cf-id
p521NOc2zFUzin6rDaI-60Mc74lkdFAr0YfU-0DPJ-7vhQNUSdXpEg==
av-cp-logo.png
www.avanan.com/hubfs/website/img/nav/ 		26 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/nav/av-cp-logo.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a87eea0ed4667d6241611511e68dce431477cbd9a06c9482b01323d6a0b972f9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-57079767617,FD-21136118110,P-1835778,FLS-ALL
age
923453
x-amz-request-id
C3DAVTQ9RQW7DF0M
x-amz-server-side-encryption
AES256
edge-cache-tag
F-57079767617,FD-21136118110,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
content-disposition
inline; filename="av-cp-logo.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"54f8e06ea392f631745f18834b4f75fc"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1633720390182
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ihC_xVZudFnTMh6T1X7C3_Yl8xLb15Oa
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=45855
x-cache
RefreshHit from cloudfront
cache-tag
F-57079767617,FD-21136118110,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
alt-svc
h3=":443"; ma=86400
content-length
27014
x-amz-id-2
mDE1XnCnm9bNMKbngcnmBPj27glduNbsk1iiAcvwyp+QrhaevDsdf4Hr9HcMUcOoiYAtNrHn7ek=
last-modified
Fri, 08 Oct 2021 19:13:11 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=62NaUef2fTYiyxibywmIZHZORYTEQwuPxEVv6vVrfWRj0bmUgfxc1ng%2BpRVJxaCeCTQwj9LYpX%2FTQUdvevxfnWSy2htvTB4noh5X5fbHwSEXnu5Ko4KsfqdTRR5nghTjFAkgp0qRkynt6iUI"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c209c453608-FRA
x-amz-cf-id
Mck5OgfxijKyzXMGpYK_V8bCKXrgkR121lNP57iS3YinLDyX5V90fw==
documentation.png
www.avanan.com/hubfs/website/img/nav/ 		868 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/nav/documentation.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e94bb9eafa09b4181f7208f1466552561329b27bc870ea785be1fbbeb32661d8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-21241301263,FD-21136118110,P-1835778,FLS-ALL
age
923453
x-amz-request-id
C3D0KDGVJ6M9AT5K
edge-cache-tag
F-21241301263,FD-21136118110,P-1835778,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="documentation.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"f4d503cd55e042264b3bbd74f58ac560"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 f3d57c6f1e03e389abd50b7f7535cee4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
V87Vzt5MSqkUDoZ5asBko88rN0wJ5iGd
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=3416
x-cache
RefreshHit from cloudfront
cache-tag
F-21241301263,FD-21136118110,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
868
x-amz-id-2
vJfXU7GEfYAK2xjDxavqqOdZkwxXvA51LVbWU6v9+97X+RTaqFEnDh5GI6So9L2xC/Ujo225ku8=
last-modified
Thu, 14 Nov 2019 20:20:22 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JN%2BmLTziAB3oPuecL%2F6qqqrxxwsfFzgwe0h0EK45QRtxvz2yUTOTaX%2FNWmNJ7hYNUQDw0wMw2oy62mTftvCKsY%2FoovSm%2FB%2BtyQwnw1yGoao%2BxdZPsoAv%2FlPUCXqD2JKfyJwPLaCQikQCS7h%2F"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c209c483608-FRA
x-amz-cf-id
SeAgKmvmdUM692paFPqyfmilYioZdQiy-SPeuDfTLybbdpeXGi9K1g==
open-ticket.png
www.avanan.com/hubfs/website/img/nav/ 		700 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/nav/open-ticket.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
03817f3f6505178f6f24ef977ac8cd844ba3427f0353759e41bea905c565020a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-21241291417,FD-21136118110,P-1835778,FLS-ALL
age
923453
x-amz-request-id
M2F0VYD2QQAYXRM4
edge-cache-tag
F-21241291417,FD-21136118110,P-1835778,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="open-ticket.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"9034a241fdd02e0d9dc532075852965e"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 c7311454ce938e04f3523616a5b033da.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
0c9cY9eUX.md23IeRyXXqhmeaLhfDOS6
x-amz-cf-pop
ZRH55-P1
cf-polished
origFmt=png, origSize=3180
x-cache
RefreshHit from cloudfront
cache-tag
F-21241291417,FD-21136118110,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
700
x-amz-id-2
O0vOsb60zFuujKSehCVLZnB5yVFSMktdbV1/hNShNv6/LH2hyEDsX0JFOqJK2ovJas7kHju9TnY=
last-modified
Thu, 14 Nov 2019 20:20:22 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUM%2BwKaO43iYUcFFck9aCOcmBn%2B74Mn0CbQkcwYAsV1v%2Bvk3honeFjDqLlsFg23Ji2ammrgQeUpuuqaWNJ0gcK105Ol8pBP9Kz9hkBJiEaNEBeAmbksI5R4Iqu6BqVSB7DN%2FZ1fBaoQNZ%2FG1"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c209c4b3608-FRA
x-amz-cf-id
CdzFgbNSswJTYtDtEFYN6V-jCNRxwE86CjU1yZtzCa4Pt6rjnHpJsQ==
jeremy_fuchs-1.png
www.avanan.com/hubfs/website/img/people/ 		1009 KB
1011 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/people/jeremy_fuchs-1.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c31f9221454873de9c5bc222c2b5c97f216d3b21b0a3589f77f49fbcacf4a0d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-27817468088,FD-26510702723,P-1835778,FLS-ALL
age
297581
x-amz-request-id
JK79PC61XYSMKHC4
x-amz-server-side-encryption
AES256
edge-cache-tag
F-27817468088,FD-26510702723,P-1835778,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="jeremy_fuchs-1.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"f708d6febff5bc6d07172bd7465dd726"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 fa87f2173bfe5d35fd73cec71ab12a32.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
nQ.kuHwFXuupsUc1qfCvxdS2PMk7c1js
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=1632605
x-cache
RefreshHit from cloudfront
cache-tag
F-27817468088,FD-26510702723,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
1033412
x-amz-id-2
Bd4UKZP2MTXZWZ1UDV46ilLFKqwCMeK04fd10GhPlNeECvIZ0zEl1fR+R9+5Ns5TnQnIBUYi30M=
last-modified
Tue, 31 Mar 2020 14:03:42 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4B4wXMNrBXMcmvcWyh8mctgIUGDojO6XT4BUZnwfgTYe3S7KMQZbbtkT%2BbfNJiwPGJO1ePAzZ64R3rifGkGh8TMQgkQbyU7jE2X%2F4RMHXgLYEBxgc5PDs%2F4xlTJ9lbzIcSmNRBi2AlEvtjK1"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c209c4c3608-FRA
x-amz-cf-id
Z53tsGncS7SlSVGiPLuZCdltBvlOtUzfxK6u3g5XMJlKwVOhV1waCQ==
Featured%20Images%20-%202023-09-15T103421.983.png
www.avanan.com/hubfs/ 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/Featured%20Images%20-%202023-09-15T103421.983.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0aa526438b1842ad5b5f3d263f2e093068f7729588503cc264fabaddba7d63be
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-135083568200,P-1835778,FLS-ALL
age
2179
x-amz-request-id
4N145G9DFX1YEQDX
x-amz-server-side-encryption
AES256
edge-cache-tag
F-135083568200,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
content-disposition
inline; filename="Featured%20Images%20-%202023-09-15T103421.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"cc487fd16ec075f8c622f51b6fbebc4a"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1694789457044
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
6ViPzfxy2o5tBu9A6ufA45rfAqH.bddG
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=40101
x-cache
Miss from cloudfront
cache-tag
F-135083568200,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
21186
x-amz-id-2
65x0JCsEikIv6lu2o48o/oiGWBOGcYdTAhHA60iB5NtdIiCrDEcpsvpAyJqbY16lkpVnOL3fYUM=
last-modified
Fri, 15 Sep 2023 14:50:58 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DFxM%2FwrFQ9YqChfV0cF1Gnk2f0L6EmeBXr%2F8qzxscH9%2BiVYgorBtQzNyUaOnd%2FjFhoNJUwK%2FHY8ptEDwxLfmHXw3XDC1Lap96ZK%2B1gkBiso8l1C81M%2FwAPCy1FQxCqDSOyfFBoV2Q4BnZQP7"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c209c4e3608-FRA
x-amz-cf-id
vJTKOBo2f757B5DSTWqJofjOTdP5sAmY-xXdOCfNMkpPH6ldoWRI5g==
Featured%20Images%20-%202023-08-15T150755.623.png
www.avanan.com/hubfs/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/Featured%20Images%20-%202023-08-15T150755.623.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ebd811addff53145da623fb3ceec50819469d1bef75de7e16cbcd613623015ab
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-130272066339,P-1835778,FLS-ALL
age
902239
x-amz-request-id
W6MSWDAQ85QE8RMZ
x-amz-server-side-encryption
AES256
edge-cache-tag
F-130272066339,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
content-disposition
inline; filename="Featured%20Images%20-%202023-08-15T150755.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"a99f3d21b67a304697e028243eba4cb5"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1692126498840
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
pALVrr7BYuvyznMMfHgqFIKQudXcz6Jo
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=56715
x-cache
RefreshHit from cloudfront
cache-tag
F-130272066339,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
29230
x-amz-id-2
XWCWtA4L59DrIhMJ167IHsfAhlPzXexq/ofQLxiZ5FBE6af6FM3bF4pZRWQdv4Vfp6m6ew0UZrBfttWYD3CFzTNCVDQAbXkKrwfoaL8MXVI=
last-modified
Tue, 15 Aug 2023 19:08:19 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=egbSk0qDon%2B5OPIuslenfTiz6RmLXk37sbO%2F8P%2FxHAIOgabl28czsM9Yc%2BQwbapaRhBQM%2Bt2AOMCt6aE3%2BNuPo5UjwQSF02NVTK1SErVVnXNNBoiuEkAJj%2BFlKoD6JrnqZxvZ6gzoFqSE932"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c209c4f3608-FRA
x-amz-cf-id
hGMP8akKN6BnPmpOSqREL9hqfFcUJZZ8V9zMv3JwhAC8DYN2cvpwKQ==
c953fa87-efa0-494e-9947-98ffe764fcd8.png
no-cache.hubspot.com/cta/default/1835778/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1835778/c953fa87-efa0-494e-9947-98ffe764fcd8.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf6f2ddd3a93cfc831316931e733e85bfa4d344c33398e6c32115761bec7ba69
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
x-amz-version-id
null
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
W3E6DFJG9S5C6Q2P
x-amz-server-side-encryption
AES256
content-length
1111
x-amz-id-2
jsgpORkoe4ybgZ95/cQ7U3mQy4hOAFRsuU67lPZ+a/s+fMl+O7tUvr02es9GtHsIjn3Q5Qs2YTg=
last-modified
Fri, 24 Jul 2020 18:46:48 GMT
server
cloudflare
etag
"af14e3eef5578014fe49b0f4a662ac5c"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KTYtc7OKqhroo2MO0wS3L3jmdLSiAY90L%2BJaMDQzHYIQED9%2FIYMUWsCMLdQ%2F3TxeDtcyo3vhunLbWCfdXNasFQgF19W2hNcyX%2F0T1PjfBrWEo%2B8OqMKRNOfy5O%2BP68jYk%2BejUJcvwGTP4oZX9gK54wCc"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
81361c20c8e7918c-FRA
current.js
js.hscta.net/cta/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscta.net/cta/current.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d533 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1f58a3e48f23d9036625e9f26553d5da8f45516cf308b6ae6fb2b0fe0d13b4e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-encoding
br
age
495
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.226/bundles/current.js&cfRay=8136100ceaaa2bdc-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"7a7ad36467619447fadd7b98ce7f3800"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
cta-embed-js/static-1.226/bundles/current.js
date
Mon, 09 Oct 2023 10:58:41 GMT
x-amz-version-id
vhhL_YuOEeyrE1us6iU1p_IC2N0DFzup
via
1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
ab8b5850-6fb6-4c7e-b050-90655230d618
x-cache
Hit from cloudfront
cache-tag
staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
1
x-evy-trace-route-configuration
listener_https/all
x-request-id
ab8b5850-6fb6-4c7e-b050-90655230d618
last-modified
Wed, 04 Oct 2023 01:26:06 UTC
server
cloudflare
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7c89bb96b9-s4jft
cf-ray
81361c209c8d2baf-FRA
x-amz-cf-id
rFNYPjaQ6a3XtIWVVwOR1XEFIRyqJafpWJ6ekUTeY764DoURZZaOZQ==
widget.js
www.gartner.com/reviews/public/Widget/js/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gartner.com/reviews/public/Widget/js/widget.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-95.fra56.r.cloudfront.net
Software
Apache / Express
Resource Hash
8f26365e1bb8c480eccb5eac0477b592ff6057b9bab06e4f62a838cbb631f82e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 06:33:34 GMT
content-encoding
gzip
via
1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
15907
x-powered-by
Express
x-cache
Hit from cloudfront
last-modified
Wed, 04 Oct 2023 11:10:44 GMT
server
Apache
etag
W/"2320-18afa620b20"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
x-amz-cf-id
eDMkXI6tQ_oF11zSkNVcHzg1goEqr1oe2L3PffztWx1_Jzg0oMmjHw==
Featured%20Images%20-%202023-09-26T145243.229.png
www.avanan.com/hubfs/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/Featured%20Images%20-%202023-09-26T145243.229.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6acde4de8b620e6553139972e2d6c812c9efea6256543d85693dad4b709c921
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-136638318614,P-1835778,FLS-ALL
age
330442
x-amz-request-id
0CT2F86PF6SPJW60
x-amz-server-side-encryption
AES256
edge-cache-tag
F-136638318614,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
content-disposition
inline; filename="Featured%20Images%20-%202023-09-26T145243.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"fa25f87c2777ad11c784e3f5b9bd65a3"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1695754402371
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 6e5ec1ef7875ec0751cb61200df7f212.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
3sKd9krXrXYS.QRIJEOkN1Hho3.Rl10i
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=39099
x-cache
RefreshHit from cloudfront
cache-tag
F-136638318614,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
18196
x-amz-id-2
QodhFpkduVkypQZD7hbhxIf462ujxTzN/rYE9NIDPvDDXLKy6g8KB3b9/XBE15wGC7lXBf+iO6Q=
last-modified
Tue, 26 Sep 2023 18:53:23 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fyr72j6W%2FTmXKV6fZ8r%2BI44sIKnpNgWjCxnP9O4ZJ1hCAe%2F3n5%2FswFDE23rCZRx%2BozytBRfMDyb%2BVsPhtd8lyfCRwtopkUnvs6yk4LNuvSRisn4OTQjmeT9gpz9yQ%2FvuI9f9fVX64SvKtMS1"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c209c503608-FRA
x-amz-cf-id
eY0NQ9477Z858XdWTWFubMiEjOrIR1spQ_og0RptviHT0b_kNZktrA==
av-cp-logo-wht.png
www.avanan.com/hubfs/website/img/nav/ 		26 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/nav/av-cp-logo-wht.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe5f4af17be162aaf3e1dadbc08fe06e678c87620a221b3fef8e2ca7a779986d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-58090235831,FD-21136118110,P-1835778,FLS-ALL
age
923453
x-amz-request-id
C3DE0DS7C8H7R3DW
x-amz-server-side-encryption
AES256
edge-cache-tag
F-58090235831,FD-21136118110,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
content-disposition
inline; filename="av-cp-logo-wht.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"6b25c756c0ec059c8b971ac07c1a44e2"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1634845767354
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 0e358bffbd534852f8496b34da6ad3e4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
r2zJbm9CEK3FOJ9Q8VqLC35kT_FW.6aY
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=46170
x-cache
RefreshHit from cloudfront
cache-tag
F-58090235831,FD-21136118110,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
alt-svc
h3=":443"; ma=86400
content-length
27120
x-amz-id-2
V4pNy4jc7eRMRircgbgkpGRENGG0VDrSb8NIvPTWXWxCnBIBv9g3KFkq1HOJBd5wnHDufpCITA89H/BOXhrDmw==
last-modified
Thu, 21 Oct 2021 19:49:28 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1q%2B%2BvRp0X81j7tNe2wwABaRRzlzIPCAyGL8NZcvVwT1WXJ6pgX3IWTZ2IsbAfJMLUG04%2BKPc4CYlkjYK4oZ2r60DvlHUy8a7jNFAmTc%2FG84iR6Pf4bYJLkZ8%2FtA95qoBX3Kdv8D2SKMkvWan"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c209c523608-FRA
x-amz-cf-id
r-pkScLCbrdVpyD9Jnr_Uo3_vBqiLJkcbwshOCtvi0xVPNnRuOTtLQ==
soc-2-cert.png
www.avanan.com/hubfs/website/img/icons/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/icons/soc-2-cert.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
49c8d692cb67ec3cc5b35e839c50c5c9eea05fe3ce82894eb02d22240554a0aa
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-24177175536,FD-10543955849,P-1835778,FLS-ALL
age
923453
x-amz-request-id
C3D49SAB1JWVD07F
edge-cache-tag
F-24177175536,FD-10543955849,P-1835778,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="soc-2-cert.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"2242d63f47a733e65cdebd6f3be3a08a"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ENN2NKV.l.gZzdTLCJgVyrfErf7Uu3mK
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=44339
x-cache
RefreshHit from cloudfront
cache-tag
F-24177175536,FD-10543955849,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
27216
x-amz-id-2
unf0YHuchJzeqfhwvv4CiGCGMyU9r8VF2U0RMY1DcN35VKFQujQMLJYbfHlusirIA1INdAtzBCw=
last-modified
Wed, 08 Jan 2020 19:24:41 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oysEAkVlL8hSPDdz%2FpJGTtjoMVzOdc9Q%2FDbbXTYYDY%2FYAbIhlbz4rZulyBLBh%2BJbTuyqfV0CAaI%2B5ZkESmUB2o84T7XEO8WhKoXcUHTduaJS82pSm2b83XWiE9MTXs9VAYg9rGsJeqljzllA"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c209c543608-FRA
x-amz-cf-id
43hC7Cxd_B7ksNIJsj2cathpyHlNS4WJqhle5XufvUdIxafio3yUXw==
embed.js
static.hsappstatic.net/content-cwv-embed/static-1.388/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
x-amz-version-id
GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via
1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
DUS51-P2
age
2234730
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 15 Aug 2023 19:48:57 GMT
server
cloudflare
etag
W/"8741985292d64b839be39c64b14f3783"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FgGyUX4iIYvSMtxSkKec8n5WPVDoMsS3GCG6ByW%2BNZ7sQkFdTLvM5BhWfcCbvn%2BxrbSEnU3D6Kje0mEKyJOJykjr470oaWxWMa%2Fqb%2Fk1bLljkt%2FgoM1HNNtosuS4bXgPMNHW9%2B%2BWMrZvWjU5oOpUvCtG03U%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
81361c20b9bc30d8-FRA
x-amz-cf-id
wPYzpULuaMj49HnhSq9DCGfPKS4cOxbh-bH_kUMQKu9WYEdB65lO-Q==
expires
Tue, 08 Oct 2024 10:58:41 GMT
jquery.js
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6476923280/1577975561851/Custom/jacob_redesign/js/ 		142 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6476923280/1577975561851/Custom/jacob_redesign/js/jquery.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
057d87ec0edbdb5fe7d60d32da4c3abfe1dc2e6a0aacd6543a5e9dabb7bbd21b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 0003b3450f3f9fac44312c4622a410c2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
IAD55-P1
x-amz-request-id
YYS333YC4X05JXGD
x-amz-version-id
ebM6Jbr9unIlIJHsCtn.BkHxdP32W5Tn
content-encoding
br
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
eeSFDDt6jeJfiuecu5/+PsXOwt0dyC0CxOkh150PQ4LfxfJn6d9e5fWqLF101UIQ+79xQE2VrGE=
last-modified
Thu, 02 Jan 2020 14:32:42 GMT
server
cloudflare
etag
W/"58abfaae2dedf59326b2ea681f828a06"
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gos7RS%2Bas%2F%2BQkXMG8%2BgzXUFfy7gozRtvjkiqY3U7Dqe7nqLDq%2BcfwYMmDEQByJv3xi%2FU3YGtZmDAx2W18fpc1jPuOoERKTRFZrTKMMUfnv7f9P5cYBhAuLwp7KI5U3GBhDRW3Z3H7m5VtVo0"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
81361c209c2a3608-FRA
x-amz-cf-id
iFI-f-gkbXDqAcyK_VyqvIUzqh23SUJAD7FWnVA57KyHMRRTz51D7A==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
bootstrap.js
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073918834/1577975558617/Custom/jacob_redesign/js/ 		112 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073918834/1577975558617/Custom/jacob_redesign/js/bootstrap.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
71577fb46a22fa031506bab9c5ddb4640e38ef10a1b4959a11288b41ce4b0757
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 5630c5d6ce3870273aaf2ed5fe6c2f14.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
IAD89-P1
x-amz-request-id
2BE8FD0PY9QC3R13
x-amz-version-id
3IDp6mXhqSOlZQ4n6QKdC4Peyv0EBjJp
content-encoding
br
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
/TSGPeXSYYCkg8yNnUPYcHaQ9mRiIcELg0aknuKxPH+3cry83R7xOVgdzz/TgLsv8dV26WdHNz/4pc7hialNnpzR3fo8JzYX8v1UYo/1IEQ=
last-modified
Thu, 02 Jan 2020 14:32:39 GMT
server
cloudflare
etag
W/"d810a38ca2781735a27cba0625a027db"
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vJ9qaRkDMIrDPmkXUbLRTlwgrpv5qLij9jsEBHxcpFaPxmfv9VMWCr1djCeyIJPWABhE5xLCUlk119g2a84hJ0g3efdzJ49zjRkjicG4bV6v6Z854ERkWd8iD73eyFv%2B%2BDH%2BrmgdT4Szoxsn"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
81361c209c2b3608-FRA
x-amz-cf-id
yHPka9kwPb54gSfHgqNEhNe02UgJTtaHBWPEekftkNcpBDTvWJFx1g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
plugins.js
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6084513730/1577975558722/Custom/jacob_redesign/js/ 		508 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6084513730/1577975558722/Custom/jacob_redesign/js/plugins.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a82df3611c2166b9b9e824830c57bc09ef40860b9dc83fb2897b9a2a3ab0b98
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 a7a1b4c19abc42d237405ce4c4069f10.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
IAD89-P1
x-amz-request-id
BMWB0C6MQCT3S33E
x-amz-version-id
7fqlaiSrobvA_myCcLItYFNxElIoA1r6
content-encoding
br
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
8p3GWT+ZQX74T/SWZlpUwT5sn3VPPEYQY+04RyZSwNkAvFuc6rmniUP+9EM73TPCFXFgkwZ0jAk=
last-modified
Thu, 02 Jan 2020 14:32:39 GMT
server
cloudflare
etag
W/"c612fe430751a00bb8750c6601520596"
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=disHC4uHXmy6qkxeBC1aEREwEz1KYKrXFciL8qCAWozYQqUx21ISQlH9VzjLuPmInBWj8lOLJTcvl%2BNKnVz8IKmpymi3T914jAHJljFKMYAS%2BEvxMWRXBV5%2BBYbjFpljJONLI6o3FLt7Ofal"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
81361c209c2d3608-FRA
x-amz-cf-id
FeAUBhjrYvFK9CSATLtRgx9RBkBBuya46U9SNzN44CvTir1fafkKwQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
module_11124227288_updated_blog_body.min.js
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298027233/ 		244 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298027233/module_11124227288_updated_blog_body.min.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b057f4707a4e3bbf69647a669ebc4dbf35a9b5b25864b5fc63162e71f58621c8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
2886
x-amz-request-id
5KXG5419GGQT2QKZ
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"cf3f93254ba12a90654162233cedfbcf"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1683298027233
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 e880df37740c4e68e519f8478d14cb88.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
2vRBYqYBKn.Un2cVRgM_9kk_TDebYnrs
x-amz-cf-pop
IAD89-P2
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
178
alt-svc
h3=":443"; ma=86400
x-amz-id-2
cMQ/1Zx7sppBCT9eZrriGvfDaWVwNvQWJvGUs5K047AypEXDkosmjZaCfZpD8xew7LxLFDy6RvTVAuswuL0iHzBn3soZzetg3Eo35ID1Bgk=
x-evy-trace-route-configuration
listener_https/all
x-request-id
cfbf595f-7f3a-4b21-910a-f6a7f3a44d5a
last-modified
Fri, 05 May 2023 14:47:08 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YEXF3Ol1UMsps1XUgkBBtoy5DsnxKknMfdpPG4GTmYBFxZtk2dpLmr%2FuIgOersWMdsICSwGaKwsl8owqkdH6xXkhQMXklFuE4w0TTLRDFwOdUCosISerUs7Plcn2ILLJh%2B1Cqlf%2B6GetOiI8"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials
false
cf-ray
81361c209c2f3608-FRA
x-amz-cf-id
bc3107eairPORVeZHzrE0yuOSfcA5RbLM7zT6hxWxVh-fDq2ZF_ouQ==
1835778.js
www.avanan.com/hs/scriptloader/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hs/scriptloader/1835778.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6aac07afe3531f90cb143a265fa4790e9000da00dba0a04e25e6f64b739b4b96
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
e2b0b256-0967-4189-a2f3-c7aa6d9d5b93
content-encoding
br
x-envoy-upstream-service-time
33
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e2b0b256-0967-4189-a2f3-c7aa6d9d5b93
last-modified
Mon, 09 Oct 2023 10:22:31 GMT
server
cloudflare
x-trace
2BBB5489B9143E458DCC26AC5FCD8141A72DD4C7F0000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.avanan.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-5b5c96c966-fjg5s
cache-control
public, max-age=60
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EFIB0YUhL2U%2BjtuyabqWaJYfne3YV5bQq23NOARXGOto3c2B88h2YX4E%2BG379EeD7TLrr0P3rBac5Zdm4GsCmJ60%2FZywmF7T608k6flntyu6WbRJ967Z0gxZKmYoOCrA7oRtVr1fUKb4jlJG"}],"group":"cf-nel","max_age":604800}
cf-ray
81361c209c553608-FRA
expires
Mon, 09 Oct 2023 10:59:41 GMT
popper.js
www.avanan.com/hubfs/website/code/js/vendor/ 		80 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/popper.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
94b9164549fba805d07a371447577e77ca7d335fb19f9eaf978209851969cf08
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 26f61e70ac4b967ea82841cbd2dc7cf0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-11719670560,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
924332
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6HJ270QM0R43N3
content-encoding
br
edge-cache-tag
F-11719670560,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-11719670560,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
OME08B.rG6TRAJ7DDfxDoqg2ImFXjByx
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
EM7TPgdYKvlBnUkRWc7wmS7SdPly9EnTpAY3/esvPQV7vQMiDtmd3SOrVbh1EvABwxPV5GjsW2w=
last-modified
Tue, 30 Jul 2019 21:08:51 GMT
server
cloudflare
etag
W/"18977fcc54cc90302580895825f739ec"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ezjpgV0SsIiAlqP2Z7FfmyFPb00EwkcfJWXZH8HU4iPV%2BgWBibbcULeeSsCfvQUpheSSwOnKHETaG0LTC8avmq99dVDByRdc3Ps9WumFeso9OlZJaGFTHhfdq2Jul4mb7%2Fm1fEZeO1ZFe%2BPk"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c209c303608-FRA
x-amz-cf-id
0lRn4eBxHjs8esck7FXLQGm3tlq5A66apHMOGgs-D6xr3h-je78kAA==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
jquery-migrate.js
www.avanan.com/hubfs/website/code/js/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/js/jquery-migrate.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
56f9c5f99829774d0b2fbdcfd9750b617127e913afa0569afef6dfa22165659e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 fa87f2173bfe5d35fd73cec71ab12a32.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10555716746,FD-10555648234,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
924332
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6HBXKZHJ2K9JJR
content-encoding
br
edge-cache-tag
F-10555716746,FD-10555648234,P-1835778,FLS-ALL
cache-tag
F-10555716746,FD-10555648234,P-1835778,FLS-ALL
x-amz-version-id
O.IWEvWv.S2HIJh2gVb3UjxcZN2zO5t0
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
/1WH+qZcH1MQ725F1fFZpg/sVOWJT6KJ4ruGbo6Kne9GycAJ0WVnbEPTDN3JVOsBlcSlHkNE6yk=
last-modified
Tue, 18 Jun 2019 07:39:43 GMT
server
cloudflare
etag
W/"e16bb3f1cf4b40a9e4de0cf7d4950cb3"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JaXlrnOnieQCaDxpPXXXJ9IaK9p7mxKOIdsa%2FnJCiMaRdBwKARCCSlT6hQtBKSg8NxkTeGK60IkNdQ6qDI6aj2b9zgCGqZk6w%2FJxY%2FJADpBZeRQ5zneLUyXRMVB7lxyt6uNCA6gHsfxyh3zh"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c209c323608-FRA
x-amz-cf-id
Gmu5pvqS-x2glVD4h4pW3Naf6DuTwIetVBLPOQebmkgqb_cKF9BLsw==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.megamenu.js
www.avanan.com/hubfs/website/code/js/vendor/ 		22 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/hs.megamenu.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3640c9e176b212640e5d1ba0e522d80ebe382b5a18fc55ae4f7be28d1b138be
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10555716444,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
924332
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6MT04A65KQH9NP
content-encoding
br
edge-cache-tag
F-10555716444,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-10555716444,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
Tr8ZpL3KcSID6jBFr2cCd_jZ2gEqr8QS
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
LIE8yW0vaBeomr0z31QPb5gcMcYW6qMiu0YbL91x2kJEZj8J/RlKDGBVrN1VUtcDjPJWElbX1bW8Fy+SfGfOdQ==
last-modified
Tue, 18 Jun 2019 07:33:15 GMT
server
cloudflare
etag
W/"26676e58c4eb0c77a8d2c99b4bd1ad43"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DSDBa%2BWO8p4YwoHfCzW8xp5oZF487tF1ENVUlRR0Oo7f1vuyenOROfjP2iFtwg8Q9Je1%2FGJLOXyjJXerLuJgn4lKfXOuuzZr4eIWe8Z8RGKSi8e9ffu%2BZbgIYa0dNGvpFjBaFRfB3uBrH6uQ"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c209c333608-FRA
x-amz-cf-id
HEzTEKQAZzIYgRlpuwo935sIAkf37FIrCQ_WB9i4XYAnHl8icwHyOg==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
custombox.min.js
www.avanan.com/hubfs/website/code/js/vendor/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/custombox.min.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddd0af87d02bf88046acaf36141538c4852763b37b99ad5ea41ab6b07829818f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-12524627223,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
924332
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6S2Q4G4F261W90
content-encoding
br
edge-cache-tag
F-12524627223,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-12524627223,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
Tm64yWHx4y9EpRwZ0oVdBIU91wzQQVgx
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
VOUDCYVnL4xEOE7rdaxfXfR9yFZuL0mMg8OJFjGsZmWDsFhOyu3ecuDO9Nf5yN//l9C8HKKr/br8sLiaJ1SzWw==
last-modified
Thu, 29 Aug 2019 14:19:27 GMT
server
cloudflare
etag
W/"a99f3446cf6471542e7b5103c1e0ad26"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HvMSl6UJBxLzCnr3rT81BuMvgvPOgjHpZg4FeDGdiY1715ewu4c2VnCfi2R4LGLnaIt6Ff8Tbl6oWQ25a2RQUeMhL0thCPhCN7Z%2Bw0eTUOx3dN9cIZ50S6%2F1uhCBILD%2F5xVje3xidygrZHov"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c209c343608-FRA
x-amz-cf-id
LD31xLYtGf4y88dhWPhtNcp0EcBgwfU83_Pr3edZyEmawDQ-QfIbMw==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
custombox.legacy.min.js
www.avanan.com/hubfs/website/code/js/vendor/ 		102 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/custombox.legacy.min.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b4c6df43d8be2860c107af980f4ae9c27dea1b14e0112921c3aef511bb29b07
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 6e5ec1ef7875ec0751cb61200df7f212.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-12524756578,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
924332
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6SH4W2CPKBKBA5
content-encoding
br
edge-cache-tag
F-12524756578,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-12524756578,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
CNtvX5bcEOKz8jLqkiPSkGvNd2dpptBk
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
frI4MX3vdhLxG7eWtZlnAHcEkL6QFjYAsiEEGb8v41oj9cLs/x7xGsVe4LwNFUkLAXdMwUCGAck=
last-modified
Thu, 29 Aug 2019 14:19:27 GMT
server
cloudflare
etag
W/"626f9c989ad909171b9c7e56dccfadd0"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K8i81Hja%2BrBMI2EWR3plNwGl4PxULrU6LtmZI7RxtbVYbv0R9G1MXO5LclnPjrktDKM6sdHME%2BFR4KgvjJpBzPpKbfSAQ91S26VtnCMyH6pzsLnQSDXuwlkU%2Bz0G3dKlPACc425FaBwxZ71z"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c209c353608-FRA
x-amz-cf-id
9s2CIQybbcGeV-wsfpKP6TP26z7z2SfYP5Pffbsj-rcwbEjUC7tn3w==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.core.js
www.avanan.com/hubfs/website/code/js/vendor/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/hs.core.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
87d6c8ca2c4746ba9c42bd4b56b9f8dcb23dc4f4c8a5e338039a915eddbb4cfb
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 57ba1933a852bdb178dbe4a1e2e3a5fa.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10555648509,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
924332
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6XQFB4YSS9C1BG
content-encoding
br
edge-cache-tag
F-10555648509,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-10555648509,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
t39fon58.c8wnVn0KiTmU6Cnt0f.z3k5
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
1zCiUV4OI73QYWj9QjCpU5+XqFqYeQfifPMzr/aSISvoM9WzZlxam19TKvLek4SRaGjjwr8En0I=
last-modified
Tue, 18 Jun 2019 07:35:47 GMT
server
cloudflare
etag
W/"ad96a1d08e41474de9b172376ad8f2a6"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kcjFnPVMwHt9UpvRX07gjcwa2ru5VLOk1JlsM2wDGhBa9o9KJwpZ6hG6TfwAPbOv%2FLU28WbnIYQealPHUMB0pFMFJ%2FmSOX3RPif8KhO4F3oaeXNLSoprj2YQ5fvLkS9waEXlSlmey%2F7o708o"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c209c373608-FRA
x-amz-cf-id
q5uf-AWyaquuTPBWt2UU9XirdN8iWeC-IEnkl3s3P7vF1RccUgT9_g==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.header.js
www.avanan.com/hubfs/website/code/js/vendor/ 		45 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/hs.header.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
327f498e13e0a8166699d8d770f3806775c2707dd893d18f0139b84b0b9d8576
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10658801982,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
924332
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6KPNKB8AZ1GHK2
content-encoding
br
edge-cache-tag
F-10658801982,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-10658801982,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
sLoBYokxi8ZRjPnVZWHiocCdDukS9g6O
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
we8XxSH5M1BYReKcPa6YGy8THsY42BZOUranKmVKLDAWGCgsOW98RbPL9oeFMUNBCMBvURxa+Yc=
last-modified
Fri, 21 Jun 2019 15:22:17 GMT
server
cloudflare
etag
W/"da8e6062fc6df06d66405f3894ac0090"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CLNhPpA0V8Jcr8wR20rqZzgNRSOgLJAl4RAtWxzpkMiESnyMBbHPXP2qtXNVZi2%2BwXKRh3%2BeXi5jN8PZq0KEq2Qrte80bpGO8AOvNOU%2BsIUheD5o5WXMj3u7e%2BFjInkMuJFht0GFdpXPiIN6"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c209c3a3608-FRA
x-amz-cf-id
MsCe04Ej-ySbQ1nyqSuf1AYR7G0O7Je3FNuvaFMvjRWM5wHJ6EbZag==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.unfold.js
www.avanan.com/hubfs/website/code/js/vendor/ 		16 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/hs.unfold.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd6aef7e70901bd5018e23bf8f366b1363e27c9263a2e058df2ca725cf81aab5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-12349469375,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
924332
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6P11ZXDY5283DY
content-encoding
br
edge-cache-tag
F-12349469375,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-12349469375,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
jtHI_y0b8Eo2FGwKdP6LEhiHSwPKnVW3
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
avHxlfPYLxGIshyDDROH0nZwYGMLefcK7sfLCrumXtilAViPNCFN5LkGOSnvVsGwko8sVncwUd8=
last-modified
Thu, 22 Aug 2019 18:14:11 GMT
server
cloudflare
etag
W/"cd7294af40bf5e701ac6f8cca4a7ebcc"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=shrhVQ5i7MOm1rdkuGgadniF6eA1rbrnadk6cX5keX8aI%2FCOkcZN3Fb6LzUCcPM0fltzSnvUyQ35aqNJZDGRuOMjA091hobGv9N3dG5NqfnBrPuYyRR4A92OeWyACpYqTPBp2Sxd%2FY7rJ8z%2B"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c209c3c3608-FRA
x-amz-cf-id
A2-96BsP0261WLZADntNxOi-IChJT5IWjT57KfXahQouUU6B4b3z-Q==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.slick-carousel.js
www.avanan.com/hubfs/website/code/js/vendor/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/hs.slick-carousel.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
081d08f71fb7a07fd5247ce2d20af91a41899fd4ee1b129c18fedf8a04b5bbae
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-12709649959,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
924332
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6X1T21JW6750EC
content-encoding
br
edge-cache-tag
F-12709649959,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-12709649959,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
47mSAiAgQ_ZLSqVaPMk.x.DaEXQJE5Q1
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
twbef7y6wqXWanA1cxJ6oQFvQUDRleelSWE8P4HQA2Oex3Cc+K7L5/E2smz8croiJPSNdslDOXs=
last-modified
Thu, 05 Sep 2019 14:38:09 GMT
server
cloudflare
etag
W/"333f5cba208ba8133a37ded8fbd1d4df"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2Bfz%2F6XJbzddnkJAhgmCjCSAJ0K5rmCgfNGXfUYedydzXL6%2BE0MR%2BNGrwpi8b7i0cnXCYWmKtqmNGtZIWr9wcUytnze76GKrIKB3rVS5O%2FUI85X4CWvTJqsNVxFURf%2BG3xRmtkykuKLoKL9Y"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c209c3d3608-FRA
x-amz-cf-id
LN4hoNQUtsq_YyudPWxTqXKEn8aD06FFEnjdGozb2SYqP6W_2Uh0qA==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.modal-window.js
www.avanan.com/hubfs/website/code/js/vendor/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/hs.modal-window.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6713fb9ddf25585f97a9c877f75edbb8b2c0d0691c1402fe85c145a9098527d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 fa87f2173bfe5d35fd73cec71ab12a32.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-12524633360,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
924332
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6V6MDFC34YC0XRGY
content-encoding
br
edge-cache-tag
F-12524633360,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-12524633360,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
37fiNFmrqmELkFKd5Hej0YGO_cs4_PVG
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
q/u8KFswOq7ypgTIW5Y3g+ks35erjf9ppqJV1QOXekINf2oMTKRBvnNIwDevF5MW8Q+woRaKbQQ=
last-modified
Thu, 29 Aug 2019 14:15:34 GMT
server
cloudflare
etag
W/"e835fc393be7df8bc21680227886c2a8"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=werNjX2aawS6Bp%2B%2FJbW7%2BAaYGQGkIozRLm7%2FhAa5UyLDzGWQAB0e7Z38X5E8v5VZVX%2BnvrZpMMjwrp6qPq8S8C1SRlUnIYFmp8SbEe5t9biOcHdSi3eVbcle0tpyAys9dLZphCERcbC2XpQD"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c209c413608-FRA
x-amz-cf-id
R3SewvgOHHF-uXA1ot_G5qUehG8zFNvO19YgaCj2ZYVL5ICuuf5w_Q==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
gtm.js
www.googletagmanager.com/ 		285 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e305e6a8b146ce7f6c54b3d45b4d723161d558c19b5fb1bda018ba3b8201af0d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
97570
x-xss-protection
0
last-modified
Mon, 09 Oct 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 09 Oct 2023 10:58:41 GMT
gtm.js
www.googletagmanager.com/ 		416 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
34eef1b4fe6f42df2bb474ae14d5bdb844a27ad42356fa5413a01beafc6e8b70
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
118155
x-xss-protection
0
last-modified
Mon, 09 Oct 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 09 Oct 2023 10:58:41 GMT
css
fonts.googleapis.com/ 		4 KB
775 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto|Montserrat
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bb040b98adabb6b07aecd7250591fa9ba53843c05527fec90009bf414007ea08
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 09 Oct 2023 10:58:41 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 09 Oct 2023 10:58:41 GMT
lftracker_v1_OKM7ZEDV9rXg2zo4.js
lftracker.leadfeeder.com/ 		31 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lftracker.leadfeeder.com/lftracker_v1_OKM7ZEDV9rXg2zo4.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-2.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6ce8b6777d90b50ec4183fac7c948902229a7b8427e2e63008c52e769ec0c2d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-amz-version-id
FZ6sGYjpwdKGuBK1HRn3uy5h.PKBA7tx
content-encoding
gzip
via
1.1 d34cf2ddbdf9774517330fee6a26e4b2.cloudfront.net (CloudFront)
date
Mon, 09 Oct 2023 10:05:35 GMT
last-modified
Thu, 05 Oct 2023 07:00:59 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P7
age
3187
x-amz-server-side-encryption
AES256
etag
W/"d87766f57a5bea189c787c89be51fb5c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
DNMbYRsYawGLFshcgCX0Wm9mkev6M5tYdPViGUYHzinfyLCdWpX3sA==
close.svg
www.avanan.com/hubfs/jacob_redesign/page_icons/ 		513 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/jacob_redesign/page_icons/close.svg
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
24a3a9ccca4cde6a90f28a96467b83fcc8e8b02ae532b85c46d45514e98c9dc9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-6129363300,FD-6106722142,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
53542
x-amz-cf-pop
MUC50-P1
x-amz-request-id
TKQTC4BGEFC92CC9
content-encoding
br
edge-cache-tag
F-6129363300,FD-6106722142,P-1835778,FLS-ALL
cache-tag
F-6129363300,FD-6106722142,P-1835778,FLS-ALL
x-amz-version-id
aGBLOARAtDK9aU8eL5GIguuA_ii6l6Ic
x-cache
Miss from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
Ac02PPKAJpaRfsG8tEKrklFBJf9FbC9FwD9deNKtqNJ8hYVmwitBjtvn6b7a8BtJubeR5wDJ/rI=
last-modified
Wed, 14 Aug 2019 14:58:10 GMT
server
cloudflare
etag
W/"cad7540d366ad86e66ac89079055b4b9"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R4qFHCS4KGYbZW0RgPYJhTfgZCmfAE3zYR02mr6COPZCHUMK%2FIaxTEOybnt%2BD2LUyb76DNMNMRYZG%2BZmI%2BLkEd2fQDZPR9YT9SDcFTmmhHHUMK1ejWQ%2Bji0%2FGJj3aCdj09%2FX7RRf4p32FEK%2B"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
81361c20ac783608-FRA
x-amz-cf-id
zNXnQpFlnV9w8AAOv29SffYUSBMhNoMSs7Fapsc8su_TVBJl9a-pDA==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
fa-solid-900.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 		61 KB
62 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-solid-900.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:660b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f

Request headers

Referer
https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
5MWMS21C1WZMXJ39
age
2521962
alt-svc
h3=":443"; ma=86400
content-length
62472
x-amz-id-2
HzdqcXhp71ywde/POvHtBqNSwiAnQv4iKLcECwMnZe6Mchb3IcRd48F1rsREn5HdldSwoF6TF4g=
last-modified
Wed, 30 Jun 2021 15:41:55 GMT
server
cloudflare
etag
"b75b4bfe0d58faeced5006c785eaae23"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fQSHwZWiSvPLUrIwUcnoeV%2B6Di9iHXwi%2BiXV0JRyYKpUYAWG9DaEqbMUmaeGsTk%2B1MZ2JhMABuHjonkFcLnCEpFTRvtFrvtPwd4pt4Wqf4zr%2FL%2Bk3P%2BEoXK5H%2FkU%2F%2BWuTXd1EswnPmjk5nRMJQrlk7JF"}],"group":"cf-nel","max_age":604800}
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
81361c20ab6b5d7e-FRA
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 05 Oct 2023 18:56:09 GMT
x-content-type-options
nosniff
age
316952
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7748
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:21:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 04 Oct 2024 18:56:09 GMT
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Tue, 03 Oct 2023 07:45:30 GMT
x-content-type-options
nosniff
age
529991
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7884
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:03:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 02 Oct 2024 07:45:30 GMT
u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2
fonts.gstatic.com/s/cabin/v27/ 		27 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/cabin/v27/u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cabin:400,500,600,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dcb085ad0fca889c4a1b898ccc7458c5d586e5740e7b7bffe065ac6a5e247ada
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 05 Oct 2023 19:17:50 GMT
x-content-type-options
nosniff
age
315651
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28076
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:14:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 04 Oct 2024 19:17:50 GMT
pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 07:35:17 GMT
x-content-type-options
nosniff
age
271404
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8000
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:59:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 05 Oct 2024 07:35:17 GMT
Picture5.png
research.checkpoint.com/wp-content/uploads/2023/09/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.checkpoint.com/wp-content/uploads/2023/09/Picture5.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
99dd5f9f73f99a20889f2ba80ee6a48b3c09a28fb5fba1310993d1f5ddd82ec4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
cf-cache-status
MISS
last-modified
Sun, 10 Sep 2023 12:03:18 GMT
server
cloudflare
etag
"64fdb086-92d8"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
81361c21283a2bbc-FRA
alt-svc
h3=":443"; ma=86400
content-length
37592
Annotation-2023-09-10-150607.jpg
research.checkpoint.com/wp-content/uploads/2023/09/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://research.checkpoint.com/wp-content/uploads/2023/09/Annotation-2023-09-10-150607.jpg
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0c747248d141ac5c07ba7f069484d6d5aabbbc9853b86581bed9f5b316518e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
cf-cache-status
MISS
last-modified
Sun, 10 Sep 2023 12:06:31 GMT
server
cloudflare
etag
"64fdb147-768d"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
81361c21283c2bbc-FRA
alt-svc
h3=":443"; ma=86400
content-length
30349
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 05 Oct 2023 00:08:32 GMT
x-content-type-options
nosniff
age
384609
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7816
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:11:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 04 Oct 2024 00:08:32 GMT
JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v26/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto|Montserrat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 05 Oct 2023 18:24:28 GMT
x-content-type-options
nosniff
age
318853
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14940
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:46:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 04 Oct 2024 18:24:28 GMT
purify.min.js
cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.3/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.3/purify.min.js
Requested by
Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
265dc9381f2b760551a12eb31f4bbc194ea6609b90fd79a59fc53cb0e1210146
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
5425128
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
7628
last-modified
Thu, 22 Jun 2023 10:59:50 GMT
server
cloudflare
cf-cdnjs-via
cfworker/r2
etag
"649429a6-1dcc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9eh%2F5TjB4AZmBt%2FrbR66jF5S%2Fb1MOKs0IKoNAVUXwHTicsYLfcLg08eTymOcr8oxrKRpYGxSl%2F1S6Q%2BWctAYexX9xliWgJslQ%2FSwBH8abt%2BD0jCIreQwYlTELyMn9RveOG1%2B4hsEimJy5uRMn8idAdHJ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
81361c20eb7539c4-FRA
expires
Sat, 28 Sep 2024 10:58:41 GMT
widget.css
www.gartner.com/reviews/public/Widget/css/ 		155 KB
112 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gartner.com/reviews/public/Widget/css/widget.css
Requested by
Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-95.fra56.r.cloudfront.net
Software
Apache / Express
Resource Hash
fd70a63872a411b5f43dc2b9c9a0ee83fa6ccc53d8d120c9fd166270ef4d3265

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 09:30:19 GMT
content-encoding
gzip
via
1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
last-modified
Wed, 04 Oct 2023 11:10:45 GMT
server
Apache
x-amz-cf-pop
FRA56-C2
age
5302
x-powered-by
Express
etag
W/"26c19-18afa620f08"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
accept-ranges
bytes
x-amz-cf-id
v5QJ_sHm-iglHqwzYfIaOtcBiozrlxKhuQM_iCopbPTWmeIy-FwIow==
data
www.gartner.com/reviews/public/Widget/ Frame CBB3 		34 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Requested by
Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-95.fra56.r.cloudfront.net
Software
Apache / Express
Resource Hash
3a3e741baa0906f0b51d556d0368583fec268e20e079e70685ef34cc7465f8da

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 09 Oct 2023 10:58:41 GMT
etag
W/"57f-sr923y4RyJqqcTbg3QoemUgdIRE:dtagent1024322060615355013ZP:dtagent1024322060615355013ZP"
server
Apache
server-timing
dtSInfo;desc="0", dtRpid;desc="-1297876592"
vary
Accept-Encoding
via
1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
x-amz-cf-id
2iq2RfDgFHPG-R3B8o6BuIKtsePwdmyVIajzHmDRHhtaRyplHM5ZeQ==
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
x-oneagent-js-injection
true
x-powered-by
Express
x-ruxit-js-agent
true
fa-brands-400.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 		63 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-brands-400.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:660b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589

Request headers

Referer
https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
WF8ERATMTFKCP3KE
age
769312
alt-svc
h3=":443"; ma=86400
content-length
64144
x-amz-id-2
UA9D49ALOiOVB+HRynsh0PB+2Xj57dEAeQbPyHPC3FWFFeXA8NUwOOlk6xtEdi58+WdS0aO/UuU=
last-modified
Wed, 30 Jun 2021 15:41:55 GMT
server
cloudflare
etag
"6814d0e8136d34e313623eb7129d538e"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jVLmypXrqznGiBQaxSK0AfnOCK1RCp6dPS6J9I%2FaVVpyZ%2FGVj%2BQtShjx8iwaVIS3HuKy2iK7LHmjEDgvefWdsqLqzuifykwL8LlswZnpWkY8BdTnLSstCZ64k0rBT77%2F6RlVf1xAqMX72sXTWDHwF6vl"}],"group":"cf-nel","max_age":604800}
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
81361c212b35364f-FRA
pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sat, 07 Oct 2023 07:52:07 GMT
x-content-type-options
nosniff
age
183994
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7840
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:51:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 06 Oct 2024 07:52:07 GMT
optimize.js
www.google-analytics.com/gtm/ 		127 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/optimize.js?id=GTM-P5GTK6B
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7abafc5000ddf62655e3145b3d3c0b0075f5320d57e93ebfdc14267e23ce8429
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50529
x-xss-protection
0
last-modified
Mon, 09 Oct 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 09 Oct 2023 10:58:41 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 09 Oct 2023 09:51:33 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
4028
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 09 Oct 2023 11:51:33 GMT
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
gzip
last-modified
Thu, 27 Oct 2022 16:56:53 GMT
etag
"32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15375
x-served-by
cache-iad-kjyo7100081-IAD, cache-fra-eddf8230076-FRA
insight.min.js
snap.licdn.com/li.lms-analytics/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 05 Sep 2023 13:41:52 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=44282
accept-ranges
bytes
content-length
3822
bat.js
bat.bing.com/ 		44 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Mon, 09 Oct 2023 10:58:40 GMT
last-modified
Wed, 06 Sep 2023 22:41:28 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E9B3FCBA29F3459591A4D0180F700900 Ref B: FRAEDGE1115 Ref C: 2023-10-09T10:58:41Z
etag
"09cc4613e1d91:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
12981
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/?random=1696849121564&cv=11&fst=1696849121564&bg=ffffff&guid=ON&async=1&gtm=45He3a40&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&hn=www.googleadservices.com&frm=0&tiba=Breaking%20Down%20the%20Remcos%20Malware%20Attempts%20on%20Colombian%20Banks&auid=1775039680.1696849122&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d988d972b8809487b026fd011bddfa14b3cc8b021e2e160699c50122de939531
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1388
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
hotjar-2523353.js
static.hotjar.com/c/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2523353.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-49.fra56.r.cloudfront.net
Software
/
Resource Hash
f7e7df2f1ed4b8fadb42a0c35d58ef907229bc7f2145fcd8c8620e039fef596b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Mon, 09 Oct 2023 10:58:41 GMT
via
1.1 4d0ae7ca3bb5e2d6eaa1450e1906adb4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/f0a62463db7c851a86d9e5cf64152390
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
whel09LEn66IOljjn1pz3MtvP5PJ9FfT_INYn-WUvHI8CUPmf37RKA==
fbevents.js
connect.facebook.net/en_US/ 		198 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
805270b078cde87b61bb57c8bd44f8b58b0d128f5a8efdd4395470b45b291d65
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 09 Oct 2023 10:58:41 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
53356
x-xss-protection
0
pragma
public
x-fb-debug
BbYFtQ6sWDYoiSyyuCQUgSSaP+BzJ99TS9c/zlIGDgL5ArAuC0FtD/qePPJ3swaOMctIht+MJ1ZqEL/g1vxYpQ==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
w.js
d10lpsik1i8c69.cloudfront.net/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-137.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:32:51 GMT
content-encoding
gzip
via
1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
last-modified
Fri, 02 Sep 2022 19:59:48 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
age
1550
etag
W/"dc0bbcecf2e632d9beb92f4d88b21c2b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
87UOZ2rOdFq35_UZfk9VMdgA1GQOHrKiuHYly_kZ44yM_sUOi5HMZw==
px.js
px.spiceworks.com/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://px.spiceworks.com/px.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.212 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
a405625d3620d1ef8d74c8bdfae7a609a563854125a2e4d306b9b33083a50c7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-iinfo
3-18267169-18267176 NNYY CT(27 67 0) RT(1696849121093 13) q(0 0 0 19) r(0 0) U24
date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
gzip
x-incap-sess-cookie-hdr
z007Jx3moyRBYvNsXlWJBuHcI2UAAAAA8pfNjkKfTGQjSKkVB4UNsw==
x-cdn
Imperva
content-type
text/javascript
tracker
www.influ2.com/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.influ2.com/tracker?clid=94f01642-c25e-4c39-b6b1-8eb7959ff1af
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.254.219 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
219.254.107.34.bc.googleusercontent.com
Software
/
Resource Hash
570076cb80b39e171421db010911512632e022fb54ed87b4884f6a4ab4c554d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
content-encoding
gzip
via
1.1 google
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
tracking.js
trk.techtarget.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
server
cloudflare
age
63727
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1200
cf-ray
81361c224c443663-FRA
expires
Mon, 09 Oct 2023 11:18:41 GMT
/
tr.lfeeder.com/ 		43 B
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.lfeeder.com/?sid=OKM7ZEDV9rXg2zo4&data=eyJnYVRyYWNraW5nSWRzIjpbXSwiZ2FNZWFzdXJlbWVudElkcyI6W10sImdhQ2xpZW50SWRzIjpbXSwiY29udGV4dCI6eyJsaWJyYXJ5Ijp7Im5hbWUiOiJsZnRyYWNrZXIiLCJ2ZXJzaW9uIjoiMi42MS4zIn0sInBhZ2VVcmwiOiJodHRwczovL3d3dy5hdmFuYW4uY29tL2Jsb2cvYnJlYWtpbmctZG93bi10aGUtcmVtY29zLW1hbHdhcmUtYXR0ZW1wdHMtb24tY29sb21iaWFuLWJhbmtzP2hzc19jaGFubmVsPXR3LTI5ODYxNTI5OTkiLCJwYWdlVGl0bGUiOiJCcmVha2luZyBEb3duIHRoZSBSZW1jb3MgTWFsd2FyZSBBdHRlbXB0cyBvbiBDb2xvbWJpYW4gQmFua3MiLCJyZWZlcnJlciI6IiJ9LCJldmVudCI6InRyYWNraW5nLWV2ZW50IiwiY2xpZW50RXZlbnRJZCI6ImJmOTMyMTZkMjk3MjE5MWIiLCJzY3JpcHRJZCI6Ik9LTTdaRURWOXJYZzJ6bzQiLCJjb29raWVzRW5hYmxlZCI6dHJ1ZSwiY29uc2VudExldmVsIjoibm9uZSIsImFub255bWl6ZUlwIjp0cnVlLCJsZkNsaWVudElkIjoiTEYxLjEuYmIzZDBiZDlhM2VhYjA4My4xNjk2ODQ5MTIxNjE0IiwiZm9yZWlnbkNvb2tpZXMiOltdLCJwcm9wZXJ0aWVzIjp7fSwiYXV0b1RyYWNraW5nRW5hYmxlZCI6dHJ1ZSwiYXV0b1RyYWNraW5nTW9kZSI6Im9uX3NjcmlwdF9sb2FkIn0=
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-30.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
via
1.1 0c39e892d8c809025c8f47425847f680.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA56-P5
x-cache
LambdaGeneratedResponse from cloudfront
content-type
image/gif
content-length
43
x-amz-cf-id
tLtnMybFEZwv5fW68w2gQ2OdT6HNx94_52S1AdH6jgmFoV5K6buc4Q==
all.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
120622d2e3060368f7c051b23f03deb1834c17c87134bc02a6dc04c1b670858b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 09 Oct 2023 10:58:41 GMT
content-md5
7+hzugcBQe7G6xILvCr8+g==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1686
x-fb-debug
MNMuQ9Jte6BHSHLQ3YMXpTHUKEwWCnfLwF4Tjvw9otm/5mQwiXYc5mCLMPbDyve374L5UaRZBFZkG3aWK6Emzw==
x-fb-content-md5
76d458cb5f70156b47fae008d9f40a61
cross-origin-opener-policy
same-origin-allow-popups
etag
"751f538717910cf40615abbc1e1cfe78"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
expires
Mon, 09 Oct 2023 11:14:13 GMT
widgets.js
platform.twitter.com/ 		91 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d914e564ecf0f0620ab21ce0365beb2901287fa5802d69f3f0fb5cfae2a8bad7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
gzip
x-amz-server-side-encryption
AES256
x-cache
MISS, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length
27595
x-served-by
cache-iad-kcgs7200021-IAD, cache-fra-eddf8230098-FRA
last-modified
Wed, 04 Oct 2023 22:07:43 GMT
etag
"27ff44f80811006c28f51333efa93f56+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=1800
accept-ranges
bytes
tw-cdn
FT
ruxitagentjs_A2NVfhjqru_10243220606153550.js
www.gartner.com/ Frame CBB3 		170 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gartner.com/ruxitagentjs_A2NVfhjqru_10243220606153550.js
Requested by
Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-95.fra56.r.cloudfront.net
Software
Apache /
Resource Hash
21091df3e91e575d018aa5b94c490bc0921233e901913052ceec557a2f3537ae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Tue, 19 Sep 2023 16:22:43 GMT
content-encoding
gzip
via
1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
last-modified
Wed, 03 Mar 2010 07:01:40 GMT
server
Apache
x-amz-cf-pop
FRA56-C2
age
1708558
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=31536000, immutable
content-length
67984
x-amz-cf-id
n8vZbC2SA8YawjVCyLuJqQP0nYgavfWCoPaL5O9K4OEMMVGprTwZGw==
expires
Wed, 18 Sep 2024 16:22:43 GMT
data.js
www.gartner.com/reviews/public/Widget/js/ Frame CBB3 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gartner.com/reviews/public/Widget/js/data.js
Requested by
Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-95.fra56.r.cloudfront.net
Software
Apache / Express
Resource Hash
2ece63665d1c156d538ab3ab54b1239af56ceaa6d199d26580c877fefea8688d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:13:09 GMT
content-encoding
gzip
via
1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
last-modified
Wed, 04 Oct 2023 11:10:43 GMT
server
Apache
x-amz-cf-pop
FRA56-C2
age
2732
x-powered-by
Express
etag
W/"6d4-18afa620738"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
accept-ranges
bytes
x-amz-cf-id
FPFNLD_uZdLyEP6bPgruiuZpYrhs8lFgWu6zOwBoOSYBycZkXfHHTQ==
1835778.js
js.hs-analytics.net/analytics/1696848900000/ 		66 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1696848900000/1835778.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4eba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f245654930e08bb9f598f150ec93987e396830dc1f258fd9f8efea6ef720e0d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
W3E51FYE631Y1XGC
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
a7ea2691-54bb-445e-96e6-36586d6fccae
x-envoy-upstream-service-time
81
x-amz-id-2
GMwM/76gce9TRa5L5gGOh1QhtZ/q8xyIkrsky8GZGw6ZCBRD6BHN3jT9y8X0KIWNLEO72onHHUA=
x-evy-trace-listener
listener_https
x-request-id
a7ea2691-54bb-445e-96e6-36586d6fccae
x-evy-trace-route-configuration
listener_https/all
last-modified
Fri, 15 Sep 2023 17:53:33 GMT
server
cloudflare
etag
W/"684d33c4a3e83aecf63beed5dad44336"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-jgkmt
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
81361c231a349235-FRA
expires
Mon, 09 Oct 2023 11:03:41 GMT
fb.js
js.hsadspixel.net/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e6a3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1e4e3cba3eeeb3ad74ae67c1f42012ebb51d8497482e5c01d404579d49c6b04
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
x-amz-version-id
MiORZOji2P27E5f3usS102mv5dcg0lYn
via
1.1 bcfffcf7e0fc8cd9cfe4125369a9f036.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
age
86
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.485/bundles/pixels-release.js&cfRay=81361a059dee39ca-FRA
x-cache
Hit from cloudfront
x-hubspot-correlation-id
8914e0e5-c3b8-41df-abc9-a21cbc3dc569
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding
br
x-envoy-upstream-service-time
0
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
8914e0e5-c3b8-41df-abc9-a21cbc3dc569
last-modified
Tue, 19 Sep 2023 08:21:28 UTC
server
cloudflare
etag
W/"1bce211846e6a6691aa314979e0a21fb"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7c89bb96b9-pbkzz
cf-ray
81361c231ec63a97-FRA
x-amz-cf-id
J7JHWGu-3tQD7sHA1Pla3itOe16jACDZ2YT2jL7x5PklvVUnbz-rfQ==
x-hs-target-asset
adsscriptloaderstatic/static-1.485/bundles/pixels-release.js
leadflows.js
js.hsleadflows.net/ 		540 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:7b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-encoding
br
age
26328
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js&cfRay=8133995859721c01-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"b41828c438dcec976b93ddee1edebd6d"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=86400, max-age=0
x-hs-target-asset
lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js
date
Mon, 09 Oct 2023 10:58:41 GMT
x-amz-version-id
w9qtR_oGTBab1H9Wt5L5qiHDqxRKIaLE
via
1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
bda485d4-2d4d-4590-9341-31228fa13a6a
x-cache
Hit from cloudfront
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
9
x-evy-trace-route-configuration
listener_https/all
x-request-id
bda485d4-2d4d-4590-9341-31228fa13a6a
last-modified
Mon, 04 Sep 2023 12:55:59 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7c89bb96b9-q9rvq
cf-ray
81361c23287b91d5-FRA
x-amz-cf-id
BvmUVO5lgUZM3FiGsD83i_HKXjoiewL0o6zcVjKMIOjBAaWLSVSEtg==
1835778.js
js.hs-banner.com/ 		61 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/1835778.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f1a4b10ea1d6ac2aa452069b35118f47591e26e9d3520abd5847ff0f7080459

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:42 GMT
x-amz-version-id
se5L_ucVtqw.QxYg0SmAngQsejN7uYpG
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
258ZMCA5FSS4DZ5R
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
0ee48ee5-ed08-41e5-b1ff-a3ce8bdab2ff
x-envoy-upstream-service-time
36
x-amz-id-2
MunxxsNsMA7SbCPqjAojHrDUKViX9SmMZU8Ovypsoq0WvIdAK+yZdcl/3qtX2fc9HYC0OvfrVl8=
x-evy-trace-listener
listener_https
x-request-id
0ee48ee5-ed08-41e5-b1ff-a3ce8bdab2ff
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 13 Sep 2023 14:33:07 GMT
server
cloudflare
etag
W/"83ba68c0b6069022c954fe8113b75263"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.avanan.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-mlgh4
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
81361c231a665d48-FRA
expires
Mon, 09 Oct 2023 11:03:42 GMT
insight.old.min.js
snap.licdn.com/li.lms-analytics/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 28 Aug 2023 12:14:15 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=68208
accept-ranges
bytes
content-length
4862
adsct
t.co/i/ 		43 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=b88cf426-0ecd-43d3-986e-6dac90ce4ed9&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5f915038-e36e-499a-b268-f5d8946cf001&tw_document_href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o0967&type=javascript&version=2.3.29
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-response-time
186
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
9591786a01a5aeaf
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
8e6595591e4c0436c9311d961de42a3615f879cf411691a96034bba8ee918553
content-length
43
adsct
analytics.twitter.com/i/ 		43 B
396 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=b88cf426-0ecd-43d3-986e-6dac90ce4ed9&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5f915038-e36e-499a-b268-f5d8946cf001&tw_document_href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o0967&type=javascript&version=2.3.29
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-response-time
183
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
39f9403657323237
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
1481a51e092a09ba47469893a1d2f639838176f1045f8abb9b3c15ef375d42c1
content-length
43
/
settings.luckyorange.net/ 		129 B
747 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://settings.luckyorange.net/?u=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&s=128904
Requested by
Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.11.16 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8bfb6389f80ddd586b66a540370f89f40e7eb39d388e8d9410f57caa732dc5cd
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://www.avanan.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mkLQYj%2FQhJTihy9XBpnwuDI%2Fr6wprMqSYIUotSV0Zm9BmBHvrqkxD46n9f7VoM7C2xfODjyyVH95lctP1Agkst%2BbJND2C%2FAlxBLt8%2FyEjqFI0fe6GAxDgyJP6csdC460M%2Blc0KEYu87F%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-credentials
true
cf-ray
81361c2358923a68-FRA
access-control-allow-headers
Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since
1936026250043111
connect.facebook.net/signals/config/ 		131 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1936026250043111?v=2.9.132&r=stable&domain=www.avanan.com
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3bb6f5d258250855c3e668d41d6c36233d81af81615332522208d14f52a3cb68
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 09 Oct 2023 10:58:41 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
MziTxgYDmwrPaEE9+3Ry8mFCPUeKFqA89wHOchIzkSrYYYsCzBUh+xgucEwMbIChpBTKOC2HH6j3ZsvyZm2Ikg==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/881234066/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/881234066/?random=1696849121564&cv=11&fst=1696845600000&bg=ffffff&guid=ON&async=1&gtm=45He3a40&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&frm=0&tiba=Breaking%20Down%20the%20Remcos%20Malware%20Attempts%20on%20Colombian%20Banks&fmt=3&is_vtc=1&random=3214510415&rmt_tld=0&ipr=y
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 09 Oct 2023 10:58:41 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/881234066/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/881234066/?random=1696849121564&cv=11&fst=1696845600000&bg=ffffff&guid=ON&async=1&gtm=45He3a40&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&frm=0&tiba=Breaking%20Down%20the%20Remcos%20Malware%20Attempts%20on%20Colombian%20Banks&fmt=3&is_vtc=1&random=3214510415&rmt_tld=1&ipr=y
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 09 Oct 2023 10:58:41 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		16 B
195 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1236122465&t=pageview&_s=1&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&ul=en-us&de=UTF-8&dt=Breaking%20Down%20the%20Remcos%20Malware%20Attempts%20on%20Colombian%20Banks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABQAAAACAAI~&jid=54544325&gjid=1068503018&cid=1504361707.1696849122&tid=UA-59393664-1&_gid=551775761.1696849122&_r=1&_slc=1&gtm=45He3a40n81MQZBTTX&z=444706883
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b3c6f35195cdf97b110a6a3bbc41467d747d28b0c9e9950a171931ce58405547
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 09 Oct 2023 10:58:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.avanan.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
modules.9b99185f84da153d26eb.js
script.hotjar.com/ 		226 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.9b99185f84da153d26eb.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2523353.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-63.fra56.r.cloudfront.net
Software
/
Resource Hash
09048873cebefcb0b837c6962a0a053ef6700472bd37ff9b049e9b73e684f1ae
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 13:20:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
age
250715
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56061
last-modified
Fri, 06 Oct 2023 13:19:11 GMT
etag
"9dacd935854d62b77318d5bf10d72c47"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
yE7QcvFoGNsx83UmGRjvgM3VB9FJeZq_nN7pAPrENgRJ5JUqURZbqg==
0516
px.spiceworks.com/px/ 		42 B
574 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.spiceworks.com/px/0516?buster=70206&pxref=&consent=true&_fpv=2.4&_fpt=2&_fp2=1ebf2ed308e2ab047fdc2c830c6813df
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.212 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-iinfo
3-18267169-18267187 NNNY CT(26 27 0) RT(1696849121093 216) q(0 0 0 -1) r(0 0) U24
date
Mon, 09 Oct 2023 10:58:41 GMT
x-incap-sess-cookie-hdr
we1yRkRyjCtBYvNsXlWJBuHcI2UAAAAAnxQ9OUnE8Y8XQ0L0jOS/0g==
x-cdn
Imperva
content-length
42
content-type
image/gif
25018126.js
bat.bing.com/p/action/ 		0
116 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/25018126.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Mon, 09 Oct 2023 10:58:41 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 5D0B946525B04AB184006F28EF6DFD24 Ref B: FRAEDGE1115 Ref C: 2023-10-09T10:58:41Z
x-cache
CONFIG_NOCACHE
gif.gif
ibc-flow.techtarget.com/a/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1237514&r=1696849121830&ref=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://www.avanan.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Mon, 09 Oct 2023 10:58:41 GMT
expires
Mon, 09 Oct 2023 10:58:41 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
ADPycdv02hEQkGdLSyDhR-4K-5imNLUkO_Yoi0fa7283d7Io3LCKxisCDHfRfC6p9wq4ODSTs3yzmGK9HPP9B5Q5N4fzRfR26Y8B
gif.gif
ibc-flow.techtarget.com/a/ 		43 B
461 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1237514&r=1696849121830&ref=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&version=2.4
Requested by
Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier
1237514
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:42 GMT
via
1.1 google
x-guploader-uploadid
ADPycdurv3m93SU1wSwtnPLM073HsRl336COcU_nhNBfBo0kQO5ngUoELJN_SBZwCda6Oed2VD4nU6Xk4jpOJ1HEHCVritu6BjDM
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Thu, 08 Dec 2022 21:19:29 GMT
server
nginx/1.20.2
etag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
vary
Origin
x-goog-generation
1670534369365034
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control
public, max-age=3600
access-control-allow-methods
GET, POST, OPTIONS
x-goog-stored-content-length
43
accept-ranges
bytes
access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires
Mon, 09 Oct 2023 11:58:42 GMT
has-permission
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 		0
446 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=1835778&callback=jsonpHandler
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options no-sniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
no-sniff
cf-cache-status
DYNAMIC
x-hs-worker-debug-mode
false
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
92ca631d-49ff-4820-8a8f-c3d947f37acb
x-envoy-upstream-service-time
4
x-evy-trace-route-configuration
listener_https/all
reporting-endpoints
default="https://send.hsbrowserreports.com/csp/reports?cfRay=81361c239c61918c&resource=unknown"
x-evy-trace-listener
listener_https
x-request-id
92ca631d-49ff-4820-8a8f-c3d947f37acb
server
cloudflare
x-trace
2B9AFC0D5EAEEDF1AF213AD3EB51638050B9F39444000000000000000000
vary
origin, Accept-Encoding
access-control-allow-methods
GET
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7c89bb96b9-bnhh6
x-evy-trace-virtual-host
all
cache-control
max-age=0
access-control-allow-credentials
true
cf-ray
81361c239c61918c-FRA
postlisting
www.avanan.com/_hcms/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/_hcms/postlisting?blogId=4153530738&maxLinks=6&listingType=recent&orderByViews=false&hs-expires=1728242680&hs-version=2&hs-signature=AJ2IBuGifYL9kUwzCxVW_kCEgXr2OJrNFA&currentUrl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
049ff00682c989e6cbaac474ac1442470e9eb9fbd1cede3f120afbc79aa4cfb9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
98bc7695-4b6d-4d26-9ca5-ae5b59eca2e8
content-encoding
br
x-envoy-upstream-service-time
24
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
98bc7695-4b6d-4d26-9ca5-ae5b59eca2e8
last-modified
Mon, 09 Oct 2023 10:58:41 GMT
server
cloudflare
x-trace
2B9B4B23D910D63E9A94F1EC3AF66328068C453E9C000000000000000000
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qjO4%2FXXNxbj3BZSu79CcPSSz4cMqPszcZVNOdQExFrQw6Ydv%2BZQ48Ztreccz4uQUccrR7YlLa2%2B6lErlXH25vTWZX2bGdpEc113usiR166HeFLwkEiLAkCbhs7aDwBQgg1FfS3ZdE%2Fjg37Zo"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
x-evy-trace-served-by-pod
iad02/cms-20-29-td/envoy-proxy-8b689886f-9j77j
x-evy-trace-virtual-host
all
access-control-allow-credentials
false
cf-ray
81361c237fef3608-FRA
x-robots-tag
none
postlisting
www.avanan.com/_hcms/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.avanan.com/_hcms/postlisting?blogId=4153530738&maxLinks=6&listingType=popular_all_time&orderByViews=true&hs-expires=1728242680&hs-version=2&hs-signature=AJ2IBuGol37QPPu1vsW8W6qS2BD2SZ5-WA&currentUrl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cee4c88acf7c3c3dcccb399551a63adc05cbbc91644ff64b5086136c7c0776ff
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
8b2bf4ac-1fa4-49da-97c2-9549b55c6b6c
content-encoding
br
x-envoy-upstream-service-time
27
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
8b2bf4ac-1fa4-49da-97c2-9549b55c6b6c
last-modified
Mon, 09 Oct 2023 10:58:41 GMT
server
cloudflare
x-trace
2BD211B0A6813D67BE1B79DC12CD10270B4666EB90000000000000000000
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bkf8DXofG4K4vBZYnJeID4OE9tO844u8Zmu6TxQZ0NTeMuSKH6JcB16KlcFFfMLS2Y2DfJRMJCBGT8bMtfhs6WqduYVMCfS5K%2BgfLnsh8H6tf2LVWaGrNrs0na%2BGSkpQwbdNWEKBz1khQaxx"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
x-evy-trace-served-by-pod
iad02/cms-20-29-td/envoy-proxy-8b689886f-9j77j
x-evy-trace-virtual-host
all
access-control-allow-credentials
false
cf-ray
81361c237ff23608-FRA
x-robots-tag
none
all.js
connect.facebook.net/en_US/ 		306 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js?hash=1187ea7b65db697956d2a199a686401e
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3aa7096ab138e63bd35f8b7cf35753fd7f3e9a98cd54a5df3ae0b30f2cb9c011
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 09 Oct 2023 10:58:41 GMT
content-md5
uQXBeKS2AzcQpX3MvYiFxg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
87633
x-fb-debug
m+HNYwCDyHxNAqPwzR9Rh97K1eT60mhJyv7qGqhzI71C8pRElim1pz+3WYII49FB905rFt8biKIXXnsGHweuKQ==
x-fb-content-md5
cf4afecba23b426595200e85d3c2d1ef
cross-origin-opener-policy
same-origin-allow-popups
etag
"ad109e070d8d2c0d7765d33eacfe6457"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
priority
u=3,i
expires
Tue, 08 Oct 2024 09:22:40 GMT
/
t.influ2.com/u/ 		63 B
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.influ2.com/u/?cb=1696849121840
Requested by
Host: www.influ2.com
URL: https://www.influ2.com/tracker?clid=94f01642-c25e-4c39-b6b1-8eb7959ff1af
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
325c89d4663e479ec3e6bbfdbffbebb113dea620b498f83acce051739e65d3bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
https://www.avanan.com
date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
gzip
access-control-allow-credentials
true
via
1.1 google
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
collect
stats.g.doubleclick.net/j/ 		4 B
349 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-59393664-1&cid=1504361707.1696849122&jid=54544325&gjid=1068503018&_gid=551775761.1696849122&_u=YEBAAEAAQAAAACAAI~&z=1494501579
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c02::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Mon, 09 Oct 2023 10:58:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.avanan.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		250 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-FV5LS2GGRB&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
df8b52ff87ca7f732701f2b32f6fc9b4387a2ee44ba6f919e3d61af9e535160c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
86539
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 09 Oct 2023 10:58:41 GMT
tbw_analytics_v1.0.js
d26x5ounzdjojj.cloudfront.net/tbw/ 		12 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d26x5ounzdjojj.cloudfront.net/tbw/tbw_analytics_v1.0.js?12
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.132 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-132.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
09fdb2959efa7f317724a5762ad6dd73d941613bfd3764ed8be04ddbc4338b4b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date
Mon, 09 Oct 2023 03:36:14 GMT
Via
1.1 8002c303d4f2295f77566a349deba122.cloudfront.net (CloudFront)
Last-Modified
Tue, 24 Mar 2020 04:06:51 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA2-C1
Age
26548
ETag
"463d5912885bbaf6257aaac2e9d8935e"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11917
X-Amz-Cf-Id
VPsU5Gw2nAVJIZPwEr72lJJNNXDppp-o8bpUnQLOdNdjWaaPCqCBhA==
cta-json
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks&pageId=135072397071&pid=1835778&sv=cta-embed-js-static-1.226&rdy=1&cos=1&df=t&pg=c953fa87-efa0-494e-9947-98ffe764fcd8
Requested by
Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
033423504b99f910ca2543312a910e42f20b7aa8c1aaaa3cae22f43aac45d5e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-origin-hublet
na1
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
0566e4e7-b72d-494c-bbcd-4fc6ec401e0f
content-encoding
br
x-envoy-upstream-service-time
10
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
0566e4e7-b72d-494c-bbcd-4fc6ec401e0f
server
cloudflare
x-trace
2BD9761BFE9AA5865F33AC6135DB20FCE51B7C1B07000000000000000000
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.avanan.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-79986f96f-97gbm
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FiJPKAE1FaqRMM0CYzU2%2FTuCNjF8336t0FiDHDbUkg1vQZ0nbWvBs3OaaihjV%2Fitgx%2BebLBx2DzBFn6nMuBY58U8VqiuU5NLHrxWe1UM%2FEN2hS395WleH5YyGQZgdyvuJS5geHITnklxubrKb%2BnehBhRqIG1BWJfN4A%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag
noindex, follow
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
81361c238c5d918c-FRA
0
bat.bing.com/action/ 		0
285 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=25018126&tm=gtm002&Ver=2&mid=498a7001-61d2-4ae4-9293-7899a55a8798&sid=cef629a0669211eeaed7217eddc11625&vid=cef6b420669211eea42281088c43728a&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Breaking%20Down%20the%20Remcos%20Malware%20Attempts%20on%20Colombian%20Banks&p=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&r=&lt=1039&evt=pageLoad&sv=1&rn=919301
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 09 Oct 2023 10:58:41 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 69A942413B8843E78C40A3CA8A4EADC7 Ref B: FRAEDGE1115 Ref C: 2023-10-09T10:58:41Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
widget_iframe.34999e64cd909e9be3bbd826bafcd2c4.html
platform.twitter.com/widgets/ Frame 4A03 		319 KB
103 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.34999e64cd909e9be3bbd826bafcd2c4.html?origin=https%3A%2F%2Fwww.avanan.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
public, max-age=315360000
content-encoding
gzip
content-length
105429
content-type
text/html; charset=utf-8
date
Mon, 09 Oct 2023 10:58:41 GMT
etag
"81267302efdfb3e4524a22631a8fc99e+gzip"
last-modified
Wed, 04 Oct 2023 21:58:35 GMT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn
FT
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-served-by
cache-iad-kcgs7200138-IAD, cache-fra-eddf8230098-FRA
api
www.gartner.com/reviews/ Frame CBB3 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.gartner.com/reviews/api?apiKey=ZTU3MThjMWEtOTc1ZS00YzgwLWIzZGEtNDg0ODlkMDc0ODRk&paramsKey=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Requested by
Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/data.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-95.fra56.r.cloudfront.net
Software
Apache / Express
Resource Hash
a29e6dee5b62ca9d6e561aea6c85f954074cd171af5f5d8c24e426b45df0ad9f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:42 GMT
content-encoding
gzip
via
1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
server
Apache
x-amz-cf-pop
FRA56-C2
x-powered-by
Express
etag
W/"1755-V/KzY/gaJKHGavKXCNlDTUcv4cM:dtagent1024322060615355013ZP:dtagent1024322060615355013ZP"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
cache-control
private
server-timing
dtSInfo;desc="0", dtRpid;desc="798675812"
x-amz-cf-id
791-McWUiNmTVwqndcLCy-yRxPObV7TCN1FIuWLHLrTmgCRWiHTwbQ==
token
cdn.linkedin.oribi.io/partner/110528/domain/avanan.com/ 		36 B
367 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.linkedin.oribi.io/partner/110528/domain/avanan.com/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:e200:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
awselb/2.0 /
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 10:47:52 GMT
via
1.1 7e513424eee237ee26467e8fd5656ec0.cloudfront.net (CloudFront)
server
awselb/2.0
x-amz-cf-pop
FRA56-C1
age
605449
x-cache
Hit from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=86400
content-length
36
x-amz-cf-id
sE7C_uaLHAszqEFlfPqxvzpB1wklXQzfdQ_eFuUZpPnSEakeg7SgwQ==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1696849121891&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dt...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1696849121891&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dt...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D110528%26time%3D1696849121891%26url%3Dhttps%253A%252F%252Fwww.avanan.com%252Fblog...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1696849121891&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dt...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1696849121891&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3D...
0
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1696849121891&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&cookiesTest=true&liSync=true&e_ipv6=AQLnR-o6TUxZAwAAAYsUFtRJT6_3dJ-8b2m0-0Ql3RD4dUkYmNOOJPGZ9d2PZiKBXq8AHdG_JNuVLg
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:41 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: B36452E330944FD7A3AA4F250F0D1A69 Ref B: FRAEDGE1505 Ref C: 2023-10-09T10:58:42Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYHRnkx2GDpBDU8aTEyGw==

Redirect headers

date
Mon, 09 Oct 2023 10:58:41 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 35009252FD5B4A57B387624BACAF4F2F Ref B: FRAEDGE1811 Ref C: 2023-10-09T10:58:42Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1696849121891&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&cookiesTest=true&liSync=true&e_ipv6=AQLnR-o6TUxZAwAAAYsUFtRJT6_3dJ-8b2m0-0Ql3RD4dUkYmNOOJPGZ9d2PZiKBXq8AHdG_JNuVLg
x-li-proto
http/2
content-length
0
x-li-uuid
AAYHRnktH5sU3kN2KK4K8A==
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-59393664-1&cid=1504361707.1696849122&jid=54544325&_u=YEBAAEAAQAAAACAAI~&z=754265236
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 09 Oct 2023 10:58:41 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-59393664-1&cid=1504361707.1696849122&jid=54544325&_u=YEBAAEAAQAAAACAAI~&z=754265236
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 09 Oct 2023 10:58:41 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
settings
syndication.twitter.com/ Frame 4A03 		869 B
658 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=c0c252733ea67658a0972e0ef5335ed4ce8ab8ea
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.34999e64cd909e9be3bbd826bafcd2c4.html?origin=https%3A%2F%2Fwww.avanan.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-response-time
117
date
Mon, 09 Oct 2023 10:58:41 GMT
content-encoding
gzip
strict-transport-security
max-age=631138519
last-modified
Mon, 09 Oct 2023 10:58:42 GMT
server
tsa_o
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
x-transaction-id
7b8de7e43748361d
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
perf
7626143928
x-connection-hash
71e6f1e11c412a170d3ffce71510b1f294fb74675d1360662ba37ba25fc79c6e
content-length
337
2523353
vc.hotjar.io/sessions/ 		0
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vc.hotjar.io/sessions/2523353?s=0.25&r=0.0049799898624687255
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.9b99185f84da153d26eb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-79.fra56.r.cloudfront.net
Software
Python/3.8 aiohttp/3.8.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:42 GMT
via
1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
server
Python/3.8 aiohttp/3.8.4
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-id
GAadGYUZpNFm3F86dXFvly2754ZSUiJsYJ_3PVBHDjIqRtdBj14qQg==
collect
region1.analytics.google.com/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-FV5LS2GGRB&gtm=45je3a40&_p=1236122465&_gaz=1&ul=en-us&sr=1600x1200&cid=1504361707.1696849122&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&dt=Breaking%20Down%20the%20Remcos%20Malware%20Attempts%20on%20Colombian%20Banks&sid=1696849122&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FV5LS2GGRB&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 09 Oct 2023 10:58:42 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.avanan.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-FV5LS2GGRB&cid=1504361707.1696849122&gtm=45je3a40&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FV5LS2GGRB&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c02::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 09 Oct 2023 10:58:42 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.avanan.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FV5LS2GGRB&cid=1504361707.1696849122&gtm=45je3a40&aip=1&z=1962397338
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 09 Oct 2023 10:58:42 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tbw
match.prod.bidr.io/cookie-sync/
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/tbw
  • https://match.prod.bidr.io/cookie-sync/tbw?_bee_ppp=1
44 B
659 B 		Script
General
Check archive.org
Download Go to
Full URL
https://match.prod.bidr.io/cookie-sync/tbw?_bee_ppp=1
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
HTTP/1.1
Server
52.213.189.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-189-61.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
79d938426ac33128fb8864d9c30e5a60c4526077d7c8abf8ea993860a9d3d849
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
Server
gunicorn
Connection
keep-alive
Content-Length
44
content-type
application/javascript

Redirect headers

location
https://match.prod.bidr.io/cookie-sync/tbw?_bee_ppp=1
Date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
cta-loaded.js
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 		0
610 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=1835778&pg=c953fa87-efa0-494e-9947-98ffe764fcd8&lt=1696849121406&dt=1696849121407&at=1696849122037&an=1
Requested by
Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-origin-hublet
na1
date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
e7d4b05e-eea4-4414-9215-e7748d3e0993
x-envoy-upstream-service-time
21
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e7d4b05e-eea4-4414-9215-e7748d3e0993
last-modified
Mon, 09 Oct 2023 10:58:42 GMT
server
cloudflare
x-trace
2BB0D4B1B48017D98114196E987C93E7DFC1A4969F000000000000000000
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JAdaqrgCv%2FzV%2BdPkCHvWXFCcQoREW7MQGVCnKF4yui%2B099b%2BjKk5YuvyhnCyUyZB5S49csNr4aEHdUXhUU0qWA7k5g3KItmARRmMpQZ9RL2W0Ee%2BkGeZNkB0aqRNR8FyvWLxLF2G%2FzJVxLVvKiUGdAoWuC6bhWYvYx0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-79986f96f-rwf2n
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
x-robots-tag
noindex, follow
cf-ray
81361c24bdef918c-FRA
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date
Mon, 09 Oct 2023 10:58:42 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
MISS
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
80e25800-bf5e-4a05-9e38-562467b6bb5e
x-envoy-upstream-service-time
1
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
80e25800-bf5e-4a05-9e38-562467b6bb5e
Last-Modified
Mon, 09 Oct 2023 10:58:42 GMT
Server
cloudflare
X-Trace
2B9FB5DA682500E4B1855305061B2C5D2E28A442FE000000000000000000
Vary
origin, Accept-Encoding
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-79986f96f-97dlb
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
X-Robots-Tag
none
CF-RAY
81361c24ef7e4d54-FRA
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date
Mon, 09 Oct 2023 10:58:42 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
MISS
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
eb5c8904-1c63-4485-9aac-90b608795c42
x-envoy-upstream-service-time
2
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
eb5c8904-1c63-4485-9aac-90b608795c42
Last-Modified
Mon, 09 Oct 2023 10:58:42 GMT
Server
cloudflare
X-Trace
2B7F0DA3AA08913C0CA1DCACF3B00B17B804E61E5A000000000000000000
Vary
origin, Accept-Encoding
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-79986f96f-hjwld
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
X-Robots-Tag
none
CF-RAY
81361c24ef313659-FRA
4-Reasons-Microsoft-Safe-Links-Make-Office-365-Less-Safe-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 		13 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/blog/featured/4-Reasons-Microsoft-Safe-Links-Make-Office-365-Less-Safe-Featured.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4212a717b8d61a5ee679e86faef6b912c275aac5508f97350dac01bede075100
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-11280554758,FD-11279853394,P-1835778,FLS-ALL
age
923452
x-amz-request-id
C3D61RVR07ZK2BAW
edge-cache-tag
F-11280554758,FD-11279853394,P-1835778,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="4-Reasons-Microsoft-Safe-Links-Make-Office-365-Less-Safe-Featured.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"477b6391512f284fdb1b9be9e024d97f"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000
via
1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ydaMoVEI3EqauKaA9V2_DbfLmkZ4PelZ
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=14729
x-cache
RefreshHit from cloudfront
cache-tag
F-11280554758,FD-11279853394,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
13698
x-amz-id-2
gZRODON0w1QIw7M239F7bgvsc5r2F/b2VKk84awjvcahe0cmgfcQ+4tumimHYlwem6CXxOBohK+X0Tu83jj/Yg==
last-modified
Mon, 15 Jul 2019 15:27:08 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BuUT3H%2BwckefTBavi0fPkHU2Zi%2BAjLSk%2FFZNbYRZ4h%2FD92m51bS%2BQNrC8fXatSo333c1Hb3suYGToHrHx1RKrKrdqzp6rSRIFtSDqLRLEXKbSC5224Q30fFoLUhrtGwVJXYB4qWaKDIPhtaU"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c24f97a3608-FRA
x-amz-cf-id
83JsYTsxO43-OL1LePq4ZDR3MMkj69bGBS0l_GIGZvTSuO9o4y5skQ==
Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/blog/featured/Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
634cd6856c830752abf4b33133617045f344d5713d8fa567269172ed76d1cac3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-11279853502,FD-11279853394,P-1835778,FLS-ALL
age
166130
x-amz-request-id
8P5CT6FNC7VCJ53F
edge-cache-tag
F-11279853502,FD-11279853394,P-1835778,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"8125afc7f8e4f6afcb3215c0f0838e9f"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000
via
1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
yOBXxHcQhK5AkB0oyxYBslCmMPyxVN5L
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=7014
x-cache
RefreshHit from cloudfront
cache-tag
F-11279853502,FD-11279853394,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
5920
x-amz-id-2
/fhdEQKxDtiJu1OtuMPIBwnZnNVtnpKUOH5qKsqD0a5vo/D7FbUrBUZ7ZYolS4UeTGO1gqwD9z4=
last-modified
Mon, 15 Jul 2019 15:09:16 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e42Lx7keHwOrSwmOhuh5G%2B1%2BjjqXhvTjBMu9d6ruR6oGn0rU2hDRXb8q3eZHti4QW0D232lQSWPn7s2zbnvGqW%2B60Ky%2F16MZ%2FsKLFuEZvzeaB%2Fh63tYgmspUZiS9oZam3TH%2FNP%2BVTZm8Mh5b"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c24f97c3608-FRA
x-amz-cf-id
Ug27l5zIUNyEFuqHXZcqr7xrjohb1UIR72g67jmM5zGaGWv5edUNZQ==
Mimecast-vs-Proofpoint-Why-They-Cant-Secure-Office-365-and-Gmail-Part-1-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 		10 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/blog/featured/Mimecast-vs-Proofpoint-Why-They-Cant-Secure-Office-365-and-Gmail-Part-1-Featured.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
54ff1ebf4247ecd1fdefdd027b695c8eca043b8987861f9edd37fee6ccceb2ef
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-11280371673,FD-11279853394,P-1835778,FLS-ALL
age
923452
x-amz-request-id
C3D97E67E2HN2HZ1
edge-cache-tag
F-11280371673,FD-11279853394,P-1835778,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="Mimecast-vs-Proofpoint-Why-They-Cant-Secure-Office-365-and-Gmail-Part-1-Featured.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"b6aafb5047af62538589406b53694ac6"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000
via
1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
N_MnPa4GyRrx42wIuC2oH5cUB01QyWa3
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=12541
x-cache
RefreshHit from cloudfront
cache-tag
F-11280371673,FD-11279853394,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
10722
x-amz-id-2
Wwr+QpGYtu3We/04mQSmI1EpIROdzk74TEBKUNRFvjxkU+UD5kB+VG4q+W6k8DepdWxKn7sOwkE=
last-modified
Mon, 15 Jul 2019 15:29:14 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BST1vIQpr1NsVamiCC1OchWGxRw2SBg4M2oO%2Bi5FuBe33OD57SCleTcKUvjXdIcfWNHyM4y3%2FgkKihtwe217cwt5sghfitmBCTtqDZpJn5Pqmmp2s1jeuLu%2BvLxDyIHKNEJ8RZZA0ixd%2BIhg"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c24f97e3608-FRA
x-amz-cf-id
0MbhySOGOarcBIZnbZ202hLyq0e0VWQ-8IBTR2fxvnoB_nrPz-kTIQ==
Why-Multi-Factor-Authentication-Isnt-Foolproof-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/blog/featured/Why-Multi-Factor-Authentication-Isnt-Foolproof-Featured.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
46891f1a0d9fc55b4650e10dbdc598a5269f19fdbd69305f8b8d1cd360b49f8d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-11288678777,FD-11279853394,P-1835778,FLS-ALL
age
923452
x-amz-request-id
C3D8H3QYCQN27J71
edge-cache-tag
F-11288678777,FD-11279853394,P-1835778,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="Why-Multi-Factor-Authentication-Isnt-Foolproof-Featured.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"bca56f3cf898c1b6593fb7ed155d1c49"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000
via
1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
FviQOCsHbLeXzaUcA2EbVpPC3vT_wGWu
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=11848
x-cache
RefreshHit from cloudfront
cache-tag
F-11288678777,FD-11279853394,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
10258
x-amz-id-2
lNaYTmrC70CH4zRTFcoWD04Zw4GwSiKI9qSfFTEHFQtcnwMpUSMYYXy+L8cs09V0TeOqBAZ7KAk=
last-modified
Mon, 15 Jul 2019 19:24:10 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G50URT6C0vS0%2B4i5btpYC5GTK%2FC2Jb3YwbvFpYpIQ6HfEpOqvE9I53MY0D%2FN0eMPiG8P44dPlTyJWhmyefMWx3aevqFB78dz0TF%2FotTThbRDn%2BIpm8xq7mvm40%2F7ds%2B1NP2uwr1VMEtSaUtK"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c24f97f3608-FRA
x-amz-cf-id
3Q7AEF31UQKJD-3PagO4an_oRQLzIO-VWtO0jiAhW4KsVc5SIHbdWw==
baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/blog/featured/baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6fbecdde63cefbeb511fc193ff653cf649ce9a2a9a120316d40f20b809afb647
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-11280371233,FD-11279853394,P-1835778,FLS-ALL
age
923452
x-amz-request-id
C3DAKYN66564TVA8
edge-cache-tag
F-11280371233,FD-11279853394,P-1835778,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"fc3f83b4e407e381c43aab80d24ea1d4"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000
via
1.1 d34cf2ddbdf9774517330fee6a26e4b2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
G5ELs3jKBLJmOK8DWOt6WhtX3JSMSxSz
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=7128
x-cache
RefreshHit from cloudfront
cache-tag
F-11280371233,FD-11279853394,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
5408
x-amz-id-2
2T7CqLZOoHQsB+tjdysBjLPNaomnRDk6xdwidZkxsvla3nuuBmPBNgnZ0c0oFXgrM8NVfMZfYGE=
last-modified
Mon, 15 Jul 2019 15:25:56 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hrPXHLkxC23W1S4rNYIQXaSmG7c1sMN%2B7HL9degtasGf3oKZkl1VyqVT5cCl1nLnGKSmR9pnxpiV58DYzuamcwKnK5Tf4nCHyfCHg0uL6as%2FZ21S2QHLPBrNR8x2kexzvSG1CtQCTsO8tF39"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c24f9803608-FRA
x-amz-cf-id
qsnRAqkZH1LnmEF8mbkpMDoQmlOC-bYiCsGKMBx1ebCaKfQmbE01pw==
Widespread-Attack-on-Office-365-Corporate-Users-with-Zero-day-Ransomware-Virus-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/blog/featured/Widespread-Attack-on-Office-365-Corporate-Users-with-Zero-day-Ransomware-Virus-Featured.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f268614e7be44fc18dbfa5350bfeea8539258da4830ef728c56e05bf62f46b57
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-11280052410,FD-11279853394,P-1835778,FLS-ALL
age
923452
x-amz-request-id
C3D304X3NWM478FK
edge-cache-tag
F-11280052410,FD-11279853394,P-1835778,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="Widespread-Attack-on-Office-365-Corporate-Users-with-Zero-day-Ransomware-Virus-Featured.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"548590285b53aff019e25f9f13cb06ea"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000
via
1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
2lJpL73VoPYJGYmEK4csso3aWzFV5e03
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=9877
x-cache
RefreshHit from cloudfront
cache-tag
F-11280052410,FD-11279853394,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
8328
x-amz-id-2
N4IupKMG/ndBZ8xY0De3iiHV5nmhsj3ZJRtep5kBx/AKOKfrG4Gx776jZZpcplkgzMk4rwpqt8U=
last-modified
Mon, 15 Jul 2019 15:28:27 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TrD7UE0CH8kH9tNle054L5kK0RRyyMPZJaAQOD2B9sRMfJGfJ8D5bl5dpoBoyppxK%2FB3ricBKRnDOLLkrmpiT6Dkm1bTv1svNvTssvgZNWRw3cq8Y9lkAw2Ali18uVnIgAAyRqUzSWb%2BNh9u"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c24f9813608-FRA
x-amz-cf-id
apmIB77bt-paTBMe6w64ghcIAF2vY5QQjIKJ0EWa5EsIwpugZNXBbA==
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1936026250043111&ev=PageView&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&rl=&if=false&ts=1696849122104&sw=1600&sh=1200&v=2.9.132&r=stable&ec=0&o=30&fbp=fb.1.1696849122103.1867049246&ler=empty&it=1696849121804&coo=false&exp=a0&rqm=GET
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 09 Oct 2023 10:58:42 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
logo-bubble-white-bg-2x-min.png
reviews.static.gartner.com/public/Widget/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reviews.static.gartner.com/public/Widget/img/logo-bubble-white-bg-2x-min.png
Requested by
Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/css/widget.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:c400:14:c034:4840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache / Express
Resource Hash
b59a0404929cf4a3ad1cbd9c2ffaaff3f8c2e838a70867c1de2dfddc5a2b2f91

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gartner.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 01 Oct 2023 01:26:49 GMT
via
1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
last-modified
Fri, 29 Sep 2023 10:04:31 GMT
server
Apache
x-amz-cf-pop
FRA53-C1
age
725513
x-powered-by
Express
etag
W/"923-18ae0659f98"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=0
accept-ranges
bytes
content-length
2339
x-amz-cf-id
-h0mzdynt3EE50KMAckUEHimZqOc7YExv84lLTZWTHc3LurvK0f-XQ==
stars.png
reviews.static.gartner.com/public/Widget/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reviews.static.gartner.com/public/Widget/img/stars.png
Requested by
Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/css/widget.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:c400:14:c034:4840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache / Express
Resource Hash
22cecf5526a9a6a3c3d49dea18b28fd902a5a2bec155a04a7c21bb654b9ec0c9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gartner.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Tue, 03 Oct 2023 12:10:47 GMT
via
1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
last-modified
Fri, 29 Sep 2023 10:04:31 GMT
server
Apache
x-amz-cf-pop
FRA53-C1
age
514075
x-powered-by
Express
etag
W/"4f5-18ae0659f98"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=0
accept-ranges
bytes
content-length
1269
x-amz-cf-id
9FYMJOVka7EN8BqukYy-0EjfemaQ0_UUy411BgaLfADaZaibJ_QfkA==
chevron-right.png
reviews.static.gartner.com/public/Widget/img/ 		217 B
575 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reviews.static.gartner.com/public/Widget/img/chevron-right.png
Requested by
Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/css/widget.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:c400:14:c034:4840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache / Express
Resource Hash
f75e7361bbcda225d800dd06644f99253ae2cf5ab6a0e47ff7967474e7afb4a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gartner.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 01 Oct 2023 01:26:49 GMT
via
1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
last-modified
Fri, 29 Sep 2023 10:04:30 GMT
server
Apache
x-amz-cf-pop
FRA53-C1
age
725513
x-powered-by
Express
etag
W/"d9-18ae0659bb0"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=0
accept-ranges
bytes
content-length
217
x-amz-cf-id
iqqX1pgVsTXXhg_gcDcFs-zYqSFxXW9Hjbvqnkc8xjIkWoHQ5-IHqg==
truncated
/ 		36 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7a2f15820ffe7ec552c256f18b8cd6485618d23a5648f535992e5c6928a542b7

Request headers

Referer
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
font/woff2
05533b82-057b-466c-aabe-0c6d78581a15
https://www.avanan.com/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://www.avanan.com/05533b82-057b-466c-aabe-0c6d78581a15
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Length
43
Content-Type
image/gif
button.13c48d2966337fafa1c1eb5533fdf29d.js
platform.twitter.com/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/button.13c48d2966337fafa1c1eb5533fdf29d.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fbb613590ab06b8838cad9193caa3797b2fb582dd88a444a1afe2424754d97ca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:42 GMT
content-encoding
gzip
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length
2617
x-served-by
cache-iad-kjyo7100021-IAD, cache-fra-eddf8230098-FRA
last-modified
Wed, 04 Oct 2023 21:58:32 GMT
etag
"def6f3052007521ae22a38b870dfd318+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=315360000
accept-ranges
bytes
tw-cdn
FT
tweet_button.34999e64cd909e9be3bbd826bafcd2c4.en.html
platform.twitter.com/widgets/ Frame B2F5 		34 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.34999e64cd909e9be3bbd826bafcd2c4.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
36ac3387c2c9cc95dbeb873e13a2e5527fd56953f8577e2663aa94ac9f7a6199

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
public, max-age=315360000
content-encoding
gzip
content-length
12585
content-type
text/html; charset=utf-8
date
Mon, 09 Oct 2023 10:58:42 GMT
etag
"a47e23e7afe0ef16352ac2f7a30e3a7b+gzip"
last-modified
Wed, 04 Oct 2023 21:58:33 GMT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn
FT
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-served-by
cache-iad-kjyo7100153-IAD, cache-fra-eddf8230098-FRA
tweet_button.34999e64cd909e9be3bbd826bafcd2c4.en.html
platform.twitter.com/widgets/ Frame 7262 		34 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.34999e64cd909e9be3bbd826bafcd2c4.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
36ac3387c2c9cc95dbeb873e13a2e5527fd56953f8577e2663aa94ac9f7a6199

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
public, max-age=315360000
content-encoding
gzip
content-length
12585
content-type
text/html; charset=utf-8
date
Mon, 09 Oct 2023 10:58:42 GMT
etag
"a47e23e7afe0ef16352ac2f7a30e3a7b+gzip"
last-modified
Wed, 04 Oct 2023 21:58:33 GMT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn
FT
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-served-by
cache-iad-kjyo7100153-IAD, cache-fra-eddf8230098-FRA
embeds
syndication.twitter.com/i/jot/ 		43 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22AvananSecurity%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1696849122158%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%227e31f10ca29dc%3A1696453545681%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=c0c252733ea67658a0972e0ef5335ed4ce8ab8ea
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-response-time
113
date
Mon, 09 Oct 2023 10:58:41 GMT
strict-transport-security
max-age=631138519
last-modified
Mon, 09 Oct 2023 10:58:42 GMT
server
tsa_o
vary
Origin
content-type
image/gif
x-transaction-id
f674d21ee57accc9
cache-control
must-revalidate, max-age=600
perf
7626143928
x-connection-hash
71e6f1e11c412a170d3ffce71510b1f294fb74675d1360662ba37ba25fc79c6e
content-length
43
truncated
/ Frame B2F5 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 7262 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
image/svg+xml
json
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 		113 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=1835778
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:c9cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
626e534b9a811f60a8aa88e463a0ffa75ea4d8ba7510ed6a15c267becf680394
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
c1342d3d-6df1-4664-9453-9eab6917be0f
content-encoding
br
x-envoy-upstream-service-time
8
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
c1342d3d-6df1-4664-9453-9eab6917be0f
server
cloudflare
x-trace
2B1813B28FCCCDFD702B3438A79658713460A6938B000000000000000000
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.avanan.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-5b5c96c966-hm6sp
access-control-max-age
180
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Pv2yRFUOoO%2FoDjIPlX0aAUNmOVEpswtZ7ijflWjGahWUSABPCch1o4pOnZAjVX7pBV4iLX8QovTNU5WOO7bUuVbAxKWppz%2FiD5eI4c%2BQTz0k5JocsDIuV7%2Bjlx4rU2AVulc4zrrmKkFXfx4"}],"group":"cf-nel","max_age":604800}
cf-ray
81361c2609da1bdb-FRA
access-control-allow-headers
*
pista.js
d26x5ounzdjojj.cloudfront.net/2.14.0/ 		98 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d26x5ounzdjojj.cloudfront.net/2.14.0/pista.js
Requested by
Host: d26x5ounzdjojj.cloudfront.net
URL: https://d26x5ounzdjojj.cloudfront.net/tbw/tbw_analytics_v1.0.js?12
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.132 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-132.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
10deca523f2d7d41a77738b61b503fb9ec9f7c8e5f96d34b4e760f7ab807983a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date
Mon, 09 Oct 2023 03:45:39 GMT
Via
1.1 8002c303d4f2295f77566a349deba122.cloudfront.net (CloudFront)
Last-Modified
Thu, 06 Aug 2020 17:08:18 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA2-C1
Age
25984
ETag
"8f4885b5f0517e98f2ecf6c734d1decd"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
100013
X-Amz-Cf-Id
8_TAPp6KdBbby6jQ98swr26FRKTNambruIkjVdspVg1knCA3uAqAbQ==
tp2
com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.204.247.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-204-247-246.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.avanan.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-allow-origin
https://www.avanan.com
access-control-max-age
600
content-length
0
date
Mon, 09 Oct 2023 10:58:42 GMT
server
nginx
tp2
com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/ 		2 B
320 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/tp2
Requested by
Host: d26x5ounzdjojj.cloudfront.net
URL: https://d26x5ounzdjojj.cloudfront.net/2.14.0/pista.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.204.247.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-204-247-246.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://www.avanan.com
date
Mon, 09 Oct 2023 10:58:42 GMT
access-control-allow-credentials
true
content-type
text/plain; charset=UTF-8
server
nginx
content-length
2
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
insent
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ 		80 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/insent
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:6600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-amz-version-id
_wrdMZ5hBbBQgTM2s4H9iBSM.q8CsFS.
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
date
Mon, 09 Oct 2023 01:23:34 GMT
last-modified
Fri, 15 Sep 2023 08:43:49 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
48759
etag
"6c640d0008fb2a23a0ff942202f8657c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
binary/octet-stream
content-length
23142
x-amz-cf-id
nLOY913hNWhDgVfRXcSo4TQeC8eQnTLtWLPkfg4nU6oAN7NUtsNjRA==
like.php
www.facebook.com/plugins/ Frame 3FAF 		0
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2251f0e70687dc%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff224ed894fcfcf8%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=1187ea7b65db697956d2a199a686401e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 09 Oct 2023 10:58:42 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
o6Oc+y6Ozd/8+TpWFh2XPTOtYfeBzIb374CTLL0yOAxRib6ejAaQZM497fcfZ2x600U1eU0lEpXqf0gpCSxcYQ==
x-xss-protection
0
like.php
www.facebook.com/plugins/ Frame DDA5 		0
117 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3130de8fe55458%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff224ed894fcfcf8%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=1187ea7b65db697956d2a199a686401e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 09 Oct 2023 10:58:42 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
0UdhB89dPBUTwgum6GeUhn920P7jXtt1uzIOswBd1Rtqi3/S9FCZUE+U8KwD+5FQgEEaVWMe2xF4RMDjrFioCw==
x-xss-protection
0
__ptq.gif
track.hubspot.com/ 		45 B
567 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3335903367&v=1.1&a=1835778&pi=135072397071&ct=blog-post&ccu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks&cpi=135072397071&cgi=4153530738&lpi=135072397071&lvi=135072397071&lvc=en-us&pu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&t=Breaking+Down+the+Remcos+Malware+Attempts+on+Colombian+Banks&cts=1696849122783&vi=c5812e7ac6c561b3d0b4e8cb08dd1b36&nc=true&u=23485541.c5812e7ac6c561b3d0b4e8cb08dd1b36.1696849122781.1696849122781.1696849122781.1&b=23485541.1.1696849122781&pt=0&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
4842ac06-44be-40b0-9327-e80632b6311d
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
7
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
4842ac06-44be-40b0-9327-e80632b6311d
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IIqiUNLwa2J67KJFPj5GoDTHsPd%2BK14hiDC%2FuKkEwP%2FdQZBdr8mexEjKEM7c7CO6C3Zh%2FlxZB%2FV8DIQBoBW%2BZ3KWxy4lUKoNAUSQ5e7VYAYrwKlFmaRvCHYxwX5A8Bwmk8xB4VoIm1kxccxSdG5%2B"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-674b9fb979-d9b87
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
81361c296c8f918c-FRA
x-robots-tag
none
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
667 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
c8a77478-2543-4397-a0de-cd633378cdd0
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
c8a77478-2543-4397-a0de-cd633378cdd0
last-modified
Mon, 09 Oct 2023 10:58:43 GMT
server
cloudflare
x-trace
2BF4F8CAB09B7D47367D3EF73B05F7349FA882078D000000000000000000
vary
origin, Accept-Encoding
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-79986f96f-swd7n
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
cf-ray
81361c298bdc4db5-FRA
__ptq.gif
track.hubspot.com/ 		45 B
564 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22c953fa87-efa0-494e-9947-98ffe764fcd8%22%2C%22456f8fc2-2a2d-451b-be42-2ab5d22687fa%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3335903367&v=1.1&a=1835778&pi=135072397071&ct=blog-post&ccu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks&cpi=135072397071&cgi=4153530738&lpi=135072397071&lvi=135072397071&lvc=en-us&pu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&t=Breaking+Down+the+Remcos+Malware+Attempts+on+Colombian+Banks&cts=1696849122785&vi=c5812e7ac6c561b3d0b4e8cb08dd1b36&nc=true&u=23485541.c5812e7ac6c561b3d0b4e8cb08dd1b36.1696849122781.1696849122781.1696849122781.1&b=23485541.1.1696849122781&pt=0&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
88920a83-bf9a-407e-b962-1db14b982831
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
7
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
88920a83-bf9a-407e-b962-1db14b982831
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J4cXQaZliNE6xFG3TCCAwMJTK%2Bn72VDSdV8gPLFOLO5ZR6GwALw3RHc4A4xcvf5uo6NdlAH1UO%2BiB7N9eZ92N6M%2F3syoHhgiNa%2FhO%2BJ1hswDxdHromOfSATcPFmJG1rsBZY4k81LRRyBzV9yn8tp"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-674b9fb979-hhppk
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
81361c296c8c918c-FRA
x-robots-tag
none
json
forms.hubspot.com/lead-flows-config/v1/config/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1835778&utk=c5812e7ac6c561b3d0b4e8cb08dd1b36&__hstc=23485541.c5812e7ac6c561b3d0b4e8cb08dd1b36.1696849122781.1696849122781.1696849122781.1&__hssc=23485541.1.1696849122781&contentId=135072397071&currentUrl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dda012741fa9345cb9fe242f8be298af8caca74fa20f90701c1402862c1120a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
3f4bc7df-4f97-4441-841d-2e25df09ca4f
content-encoding
br
x-envoy-upstream-service-time
37
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
3f4bc7df-4f97-4441-841d-2e25df09ca4f
server
cloudflare
vary
origin
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.avanan.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZUNa0miAYhLqJ487Mj7tVOQsiVRj9rLFumMt2fkG5zKYFfkSjgXQIFTkXpR%2Fah%2FDtKEQrtLqrdDXvdKHUu18Nt3cduE6Px4oTX5lZ%2FJDqgZ5inaPSL2sIhW%2BKADLHmeSB44V30B2uka3s3M6s4F"}],"group":"cf-nel","max_age":604800}
x-robots-tag
none
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
81361c29afb0043a-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-79986f96f-rwf2n
/
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame 3ACF 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Requested by
Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/insent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:6600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d15ed2fcd87415160bbacde5c09fd427cec2fc04dc5c06ac9529a7dfb0cb0550

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2081665
cache-control
max-age=31536000
content-encoding
gzip
content-type
text/html
date
Fri, 15 Sep 2023 08:44:18 GMT
etag
W/"94bf9a1a8642dd9c74346a2fd569401d"
last-modified
Fri, 15 Sep 2023 08:43:57 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
x-amz-cf-id
5IZTunDlGLsTNpW_Pd5TVQzIg2FqjMoq_4ELqZcwNo1qBgN8_urJIA==
x-amz-cf-pop
FRA60-P4
x-amz-version-id
9dap7H6mAK1iehjgATRUkIFevIDBdJb7
x-cache
Error from cloudfront
env.js
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame 3ACF 		437 B
786 B 		Script
General
Check archive.org
Download Go to
Full URL
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/env.js
Requested by
Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:6600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ff4e0b144f55e6bf1ac619baad9714973a381bc5c106e2cf62543d8d671f9c19

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 01:02:19 GMT
x-amz-version-id
DmgVUrsbNmh0zFcaosq_jdGFz91EWuHz
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
last-modified
Mon, 10 Apr 2023 13:35:06 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
35784
etag
"649ed907ccaa01c40f7d298cda51d4e0"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
437
x-amz-cf-id
oacX0uostyTMZMQMcrsWi2Y4fKU9JcxV1t68I9ZNRR-KT3Z86jzYZg==
pusher.min.js
js.pusher.com/6.0/ Frame 3ACF 		64 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.pusher.com/6.0/pusher.min.js
Requested by
Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.210.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-210-101.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9f69c562fa39d1b002af05da1c6b99247e69c14a48e67b35d8a8b0efd739128

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 01:50:18 GMT
content-encoding
gzip
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
last-modified
Thu, 14 May 2020 14:40:27 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
age
292106
etag
W/"ba16a869e0473ee0ff7636f71e340c60"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
x-cache
Hit from cloudfront
cache-control
max-age=2592000
x-amz-cf-id
W2F_Sb7iDvhgnFXxQD79qFWhYUg6zf6wL0icLL1FknooHFIxI4PXHw==
vendors.00ebfa91.js
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/ Frame 3ACF 		1 MB
375 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/vendors.00ebfa91.js
Requested by
Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:6600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
27a8d14ca605b3f285f837f75557deff61b1735578894978a4a3b81789f3cce2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 15 Sep 2023 08:44:18 GMT
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
x-amz-version-id
Fa9JXh6jpVg9NOIjqnaSQPfa2OCfbkZI
last-modified
Fri, 15 Sep 2023 08:43:57 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
2081665
etag
W/"b3769f9b67090f28ef9914196c34fb7d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=31536000
x-amz-cf-id
AYAg0A_gT7sIjZzQ173phgj1zhDVdf_BP-b9txhGFLmqaaqrbxp61g==
commons.d9b3de70.js
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/ Frame 3ACF 		228 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/commons.d9b3de70.js
Requested by
Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:6600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7d93e86ecd6532748537df0f73d8fccde4ea4cfaa15ea1b82134327c5f29d5c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 15 Sep 2023 08:44:18 GMT
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
x-amz-version-id
4p__mTY1qey5rECUcsNgrExNVoUovp2r
last-modified
Fri, 15 Sep 2023 08:43:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
2081665
etag
W/"364feab1c8db82a6dca7fbdb50850550"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=31536000
x-amz-cf-id
1S693x8dMSVbFSOC6V5R3sp7PEjfYiS8d5wYcq4nRwxppRx5BcOOmg==
reduxComponents.0ef4ff99.js
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/ Frame 3ACF 		58 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/reduxComponents.0ef4ff99.js
Requested by
Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:6600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4d0c00797ae643d5424a15005a9b01a173608c7e16e15ca0e317dfd28090d83a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 15 Sep 2023 08:44:18 GMT
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
x-amz-version-id
WxKpH7P.8dNY4sFfjT2xH5QaGvGW0uv2
last-modified
Fri, 15 Sep 2023 08:43:57 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
2081665
etag
W/"9cafe13b42faf0aa80053030d79be929"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=31536000
x-amz-cf-id
CyXcSHhsKhMh_yY2TJcEkQVuk_icYYpLGsrMu8bB2qYFGOLpy7AlVw==
main.804c6029.chunk.js
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/ Frame 3ACF 		117 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/main.804c6029.chunk.js
Requested by
Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:6600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f01d9cd0634d4fa8541c0829c8fab42697ae069d7a2d30f57c0b0938fcaca556

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 15 Sep 2023 08:44:18 GMT
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
x-amz-version-id
h4.T1NU3J8NreGLEyjF1OBE24h3n4mWQ
last-modified
Fri, 15 Sep 2023 08:43:57 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
2081665
etag
W/"38cdbf6160254bef7f774dbeac164a55"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=31536000
x-amz-cf-id
ECMUCZjU6vZBXezaz3JGDnRQ4GFyq5mEkZByBcJf28egXudYRjM0xA==
tp2
com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/ 		2 B
319 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/tp2
Requested by
Host: d26x5ounzdjojj.cloudfront.net
URL: https://d26x5ounzdjojj.cloudfront.net/2.14.0/pista.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.204.247.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-204-247-246.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://www.avanan.com
date
Mon, 09 Oct 2023 10:58:43 GMT
access-control-allow-credentials
true
content-type
text/plain; charset=UTF-8
server
nginx
content-length
2
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
tp2
com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.204.247.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-204-247-246.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.avanan.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-allow-origin
https://www.avanan.com
access-control-max-age
600
content-length
0
date
Mon, 09 Oct 2023 10:58:43 GMT
server
nginx
english.json
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame 3ACF 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/english.json
Requested by
Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/vendors.00ebfa91.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:6600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
05c580da7227f1f1038b071466c09ff25dfaa681d82e4a71ed58beadf63e8670

Request headers

Accept
application/json, text/plain, */*
Cache-Control
max-age=31536000
Referer
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 15 Sep 2023 08:44:21 GMT
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
x-amz-version-id
KYvW0a8SJFuWlo2aMipsPv_WxhjUiJ_E
last-modified
Fri, 15 Sep 2023 08:43:53 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
2081663
etag
W/"05d6f056048cdc28c10284bd31bf2c30"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
cache-control
max-age=31536000
x-amz-cf-id
-kLy6lRkK4Xas1h5-jhUWuhB32aT0Vnl7d1Ok2oQRWk_PWI_hls9Bw==
bf
bf28149orj.bf.dynatrace.com/ Frame CBB3 		206 B
471 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bf28149orj.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=FOBLKROHVRCLAPKBEGQSWAJSMMFOPWRR-0&modifiedSince=1696516790018&rf=https%3A%2F%2Fwww.gartner.com%2Freviews%2Fpublic%2FWidget%2Fdata%3Fwidget_id%3DYjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy%26size%3Dlarge&bp=3&app=c9f1951eb65229e3&crc=3660201250&en=4vwhu0vt&end=1
Requested by
Host: www.gartner.com
URL: https://www.gartner.com/ruxitagentjs_A2NVfhjqru_10243220606153550.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.89.126.144 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-89-126-144.compute-1.amazonaws.com
Software
/
Resource Hash
651ebf4f520ddb2f8b27e77b34f077d5664df6f9fa7613f5bbcf111a02a69b5f

Request headers

Referer
https://www.gartner.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.gartner.com
x-oneagent-js-injection
true
date
Mon, 09 Oct 2023 10:58:43 GMT
cache-control
no-cache
content-length
206
content-type
text/plain;charset=utf-8
getuser
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame 3ACF 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/getuser?url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999
Requested by
Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/vendors.00ebfa91.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:6600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
ceccfd0cd17e8b5de1c8e00a917ddf0dec6b7c1cea2251f259f07e0e92ef98d2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&event_listener=rLmvqHGbECP2dUd&hubspot_cookies=[%22c5812e7ac6c561b3d0b4e8cb08dd1b36%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
hubspotCookies
["c5812e7ac6c561b3d0b4e8cb08dd1b36"]
accept-language
de-DE,de;q=0.9
Authorization
Bearer p2xERwhuLXXni4npvQaI
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:43 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
apigw-requestid
Mh9zmiJfCYcEMUA=
x-xss-protection
1; mode=block
etag
W/"769-Sm30j66fv5YMAYiyo9/U5LiquKA"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
x-amz-cf-id
__4no0ILUJk5z8KTK-GrLb9Ay5ip6MfGHyqHM0BXNOmgtbeF6jCpEA==
__ptq.gif
track.hubspot.com/ 		45 B
433 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=16&fi=9862d401-d68f-4977-9e32-b0849cab6384&lfi=4974344&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3335903367&v=1.1&a=1835778&pi=135072397071&ct=blog-post&ccu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks&cpi=135072397071&cgi=4153530738&lpi=135072397071&lvi=135072397071&lvc=en-us&pu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fbreaking-down-the-remcos-malware-attempts-on-colombian-banks%3Fhss_channel%3Dtw-2986152999&t=Breaking+Down+the+Remcos+Malware+Attempts+on+Colombian+Banks&cts=1696849123267&vi=c5812e7ac6c561b3d0b4e8cb08dd1b36&nc=true&u=23485541.c5812e7ac6c561b3d0b4e8cb08dd1b36.1696849122781.1696849122781.1696849122781.1&b=23485541.1.1696849122781&pt=0&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Mon, 09 Oct 2023 10:58:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
0800a2b6-a2fc-427a-b3df-be8c6a4063d9
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
7
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
0800a2b6-a2fc-427a-b3df-be8c6a4063d9
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2Fuhvey9kgUSOlsY5lA8Zs8w1mnylukuFcdgHFuRMLMzeFZRiQF5kgVzPBt4E%2Fa1hL6g5CKYY8TDdUhKD9fPtewfkWs6ZLLtHMQTjfTz0WndC5M9CeB1yarnoy%2FN%2B3GSbFfb0ynHS1KvL9NkMkKJ"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-674b9fb979-d9b87
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
81361c2c78d0918c-FRA
x-robots-tag
none
blog-subscription-laptop-icon-2.png
www.avanan.com/hubfs/website/img/blog/ 		109 KB
111 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.avanan.com/hubfs/website/img/blog/blog-subscription-laptop-icon-2.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbf4d29d3505a4790b827cde56ca8e4e1d03ab709bb9db801f0a4f02c0fcc0e1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/breaking-down-the-remcos-malware-attempts-on-colombian-banks?hss_channel=tw-2986152999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-110679711133,FD-11279827778,P-1835778,FLS-ALL
age
923452
x-amz-request-id
QXTWMXKMSQCZCYJZ
x-amz-server-side-encryption
AES256
edge-cache-tag
F-110679711133,FD-11279827778,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
content-disposition
inline; filename="blog-subscription-laptop-icon-2.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"8d71f834d25a82123bd27e64ec06b767"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1681321816755
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 09 Oct 2023 10:58:44 GMT
strict-transport-security
max-age=31536000
via
1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
eGk4cuTrlwYommw7ReeuO26P_osPr7sE
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=212633
x-cache
RefreshHit from cloudfront
cache-tag
F-110679711133,FD-11279827778,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
112020
x-amz-id-2
bz6nn8y2vmbz175IlGzXiBbtxOnELQhEImIMbv9AQEUt2JFCMs/ZOQYkLFeZbsuYoaHT3+9ZMlaKFOPT3zI9/w==
last-modified
Wed, 12 Apr 2023 17:50:17 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2mvRQoRbZT4JSOuOH%2FjD43zIfvTFLIEv2J%2BWYC0LWw3HBt9KiapMuqG45Ke04ZZVI%2FImXsvGGNCHdN0vptbLS%2Fqu%2FyO2CdrVIpwqZUf1P5XeiOnbXXu%2FIVMgv5ABrF9IHpgrbztwHQDWQ9x1"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
81361c32aa723608-FRA
x-amz-cf-id
Mbgz110kG3KUrRKZadV7AJCGfc-iAoL7uvjLjeKgB0k9x_UTSl86zA==
bf
bf28149orj.bf.dynatrace.com/ Frame CBB3 		206 B
470 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bf28149orj.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=FOBLKROHVRCLAPKBEGQSWAJSMMFOPWRR-0&modifiedSince=1696516790018&rf=https%3A%2F%2Fwww.gartner.com%2Freviews%2Fpublic%2FWidget%2Fdata%3Fwidget_id%3DYjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy%26size%3Dlarge&bp=3&app=c9f1951eb65229e3&crc=3164796314&en=4vwhu0vt&end=1
Requested by
Host: www.gartner.com
URL: https://www.gartner.com/ruxitagentjs_A2NVfhjqru_10243220606153550.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.89.126.144 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-89-126-144.compute-1.amazonaws.com
Software
/
Resource Hash
d8a90505feaf4c24677939446a6590a7e14cd7b3b81f96841e77ab1d21ae2e5d

Request headers

Referer
https://www.gartner.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.gartner.com
x-oneagent-js-injection
true
date
Mon, 09 Oct 2023 10:58:45 GMT
cache-control
no-cache
content-length
206
content-type
text/plain;charset=utf-8

Verdicts & Comments Add Verdict or Comment

196 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 function| $ function| jQuery function| hsjQuery object| dataLayer object| ldfdr function| Cookies object| __core-js_shared__ object| Sslac object| IN object| _hsq object| hbspt function| GartnerPI_Widget object| __gaConnectorEventsEmitted function| DOMPurify function| postscribe object| google_tag_manager_external object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| twq string| _linkedin_data_partner_id object| GooglebQhCsO function| hj object| _hjSettings function| fbq function| _fbq number| __lo_site_id object| SWPX object| techtargetic object| bootstrap object| _self object| Prism function| EventEmitter object| eventie function| imagesLoaded function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Isotope function| Masonry object| __twttrf object| twitterFetcher function| jarallax function| VideoWorker object| hsVars function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage undefined| module_8578075 function| i18n_getmessage function| i18n_getlanguage object| hsPostListings function| hsPopulateListingFeed function| hsOnReadyPopulateListingFeed_691638024_1696706680259 function| hsOnReadyPopulateListingFeed_1237061103_1696706680260 object| t object| s string| insentCompanyDomain string| insentProjectName string| insentProjectKey object| insent object| _hsp function| _possibleConstructorReturn function| _inherits function| _classCallCheck function| _extends function| _createClass object| Custombox object| ce object| core object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| ES6Promise object| process object| google_optimize object| twttr boolean| __lo_csr_added function| UET function| UET_init function| UET_push object| gaplugins object| gaGlobal object| gaData object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| ueto_2575a2978b object| uetq function| jsonpHandler object| FB function| onYouTubeIframeAPIReady object| script object| __twttrll object| __twttr boolean| PIXELS_RAN object| enabledEventSettings object| globalRoot undefined| hns function| bindToWindowOnError object| leadflows object| hubspot function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive undefined| hns2 undefined| jade undefined| I18n undefined| Pikaday undefined| reqwest undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN function| lintrk boolean| _already_called_lintrk object| __buffer object| tbw_parameters function| tbw_set_cookie function| tbw_get_all_cookies function| tbw_get_cookie function| tbw_get_part_of_cookie function| tbw_check_cookie function| tbw_get_host_name function| tbw_collector function| tbw_get_first_party_cookie function| tbw_get_parameters function| tbw_callback_other function| tbw_callback function| tbw_bw_call function| tbw_make_bw_call function| tbw_event_tracker function| tbw_form_event_tracker function| tbw_set_event_listeners function| tbw_get_bwid_from_url function| tbw_get_current_utc_time function| tbw_send_data function| tbw_parse object| _paq function| sanitizeKey boolean| _hstc_loaded number| animateId boolean| _hspb_ran boolean| _hspb_loaded object| GlobalSnowplowNamespace function| snowplow function| ownKeys function| _objectSpread function| _defineProperty function| _typeof object| Snowplow object| _linkedin_data_partner_ids boolean| _hstc_ran string| __hsUserToken number| expireDateTime object| cpxUrls string| queryParams object| paramString undefined| j undefined| currentElement undefined| currentHref undefined| modifiedHref boolean| isSessionActive boolean| isInsentUserWindowActive boolean| insentPauseUrlCheckInterval number| checkCookiesIntervalId string| insentPageUrl number| insentUrlChangeIntervalId string| eventListenerName boolean| LEAD_FLOW_DOCUMENT_READY_RAN object| triggerForms object| insentFoundFormsBlackList object| ziFormFields string| insentUserId string| insentPageSessionId

45 Cookies

Domain/Path Name / Value
.www.avanan.com/ Name: __cf_bm
Value: wMvaxCznEiXyC0JJVfkLtQfpbi9waqF1OQhUJ.U4Emc-1696849120-0-AR/+1RMOq4xFWfw9Os7EV1yaed6/NCypwrsDP1zufOBuRIf7779s2D3SYnSVhgGuVW2oAUm7OOWNZe69Any5/s4=
.www.avanan.com/ Name: __cfruid
Value: 906149bfb03e81c23f0b7d791f0282b35e394a9e-1696849120
.avanan.com/ Name: _gcl_au
Value: 1.1.1775039680.1696849122
.avanan.com/ Name: _lfa
Value: LF1.1.bb3d0bd9a3eab083.1696849121614
.hubspot.com/ Name: __cf_bm
Value: Xl0Pb6LK8JbNUUuyvXGeugm6mOs_ks1Vvr29R8bTrfk-1696849121-0-AYCNKtR3Ge9N3I0nqVKJ16f5wZdZOxm0xKLqYgfjSJqjAiuAYzxIBot837wEslUvv7h8M/gArWy1MWLzf/FMNhQ=
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.techtarget.com/ Name: __cf_bm
Value: .8p1rlAacWt7eE0T5ZGD90Y6tV4uRIxmZO0UtjHlh.U-1696849121-0-AaCk5Nc9XpdQY9W7SzkfEfv6arRznchG1Prx3EkRRLeN0+rhQJn1T1f63op8Zh3hz3FeBOpeFBMdCDqd7pjOf58=
.avanan.com/ Name: _ga
Value: GA1.2.1504361707.1696849122
.avanan.com/ Name: _gid
Value: GA1.2.551775761.1696849122
.avanan.com/ Name: _gat_UA-59393664-1
Value: 1
.avanan.com/ Name: _uetsid
Value: cef629a0669211eeaed7217eddc11625
.avanan.com/ Name: _uetvid
Value: cef6b420669211eea42281088c43728a
.spiceworks.com/ Name: _swnid
Value: uuj9q3b30e9w
.spiceworks.com/ Name: _swauth
Value: n
.bing.com/ Name: MUID
Value: 09D9260B38A3682D1A3D35AE39C869B2
.avanan.com/ Name: _hjSessionUser_2523353
Value: eyJpZCI6IjZiYjUyYjhhLTE0NzAtNTM4Ni04Y2Y5LTU1ZmNiOGZjN2Y5YyIsImNyZWF0ZWQiOjE2OTY4NDkxMjE5NzIsImV4aXN0aW5nIjpmYWxzZX0=
.avanan.com/ Name: _hjFirstSeen
Value: 1
.avanan.com/ Name: _hjIncludedInSessionSample_2523353
Value: 0
.avanan.com/ Name: _hjSession_2523353
Value: eyJpZCI6IjJkZWMzODY2LTk4ODMtNDBkMS05YjgyLTBhYWIwZDcyNmM2MyIsImNyZWF0ZWQiOjE2OTY4NDkxMjE5NzIsImluU2FtcGxlIjpmYWxzZSwic2Vzc2lvbml6ZXJCZXRhRW5hYmxlZCI6ZmFsc2V9
.avanan.com/ Name: _hjAbsoluteSessionInProgress
Value: 1
.influ2.com/ Name: R
Value: 3a624fcaffd9212ea09eafb3
.avanan.com/ Name: _ga_FV5LS2GGRB
Value: GS1.2.1696849122.1.0.1696849122.60.0.0
.t.co/ Name: muc_ads
Value: de9a6112-2730-40ff-9851-a4ac6f7d3e33
.linkedin.com/ Name: li_sugr
Value: 4a59df4f-b843-4466-91be-240775c3767e
.linkedin.com/ Name: bcookie
Value: "v=2&dfb153c1-2ec6-40f6-8e68-62b92d3add80"
.linkedin.com/ Name: lidc
Value: "b=VGST03:s=V:r=V:a=V:p=V:g=2968:u=1:x=1:i=1696849121:t=1696935521:v=2:sig=AQGatLgUC66XbK8uoX7pcVGHQ6kMZMrv"
www.avanan.com/ Name: ln_or
Value: eyIxMTA1MjgiOiJkIn0%3D
.twitter.com/ Name: personalization_id
Value: "v1_9ZoWDNIf3gNDWA2tbDBNGg=="
.avanan.com/ Name: _fbp
Value: fb.1.1696849122103.1867049246
.linkedin.com/ Name: UserMatchHistory
Value: AQKX3XpA50bGLAAAAYsUFtNq7EX6Nnv8HWJsRxecXgJBSjVlykcE42po5iT50TXnmtNY6i3UF47DFQ
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJI5hfLUFcIdAAAAYsUFtNqBfSHV0whiHjqUf6NuCeZGZ1RgecU2JNxTa-YxwoI4Q0bkZWRQePQX1HlYpicRw
.bidr.io/ Name: bito
Value: AABhIU7KR7oAABgumZ7bkQ
.bidr.io/ Name: bitoIsSecure
Value: ok
www.avanan.com/ Name: tbw_bw_uid
Value: bito.AABhIU7KR7oAABgumZ7bkQ
www.avanan.com/ Name: tbw_bw_sd
Value: 1696849122
www.avanan.com/ Name: _sp_ses.05d9
Value: *
www.avanan.com/ Name: _sp_id.05d9
Value: e6c44cc1-5716-4fae-bce7-58ea69a53dbb.1696849122.1.1696849122.1696849122.31a6ba04-2922-4f25-a9f1-86cbd2c02d0d
.www.linkedin.com/ Name: bscookie
Value: "v=1&2023100910584291e62031-05e5-4eee-844b-f6f3bbeb002cAQHaiUrLPud8oqvORWZc4ObVWPBBi8FW"
.linkedin.com/ Name: li_gc
Value: MTswOzE2OTY4NDkxMjI7MjswMjGD4Cp+ttZjy7A9lKE+IhZEpsgmPVo+Alr7ayx8MFk5Vg==
.avanan.com/ Name: __hstc
Value: 23485541.c5812e7ac6c561b3d0b4e8cb08dd1b36.1696849122781.1696849122781.1696849122781.1
.avanan.com/ Name: hubspotutk
Value: c5812e7ac6c561b3d0b4e8cb08dd1b36
.avanan.com/ Name: __hssrc
Value: 1
.avanan.com/ Name: __hssc
Value: 23485541.1.1696849122781
com-thebigwillow-prod1.collector.snplow.net/ Name: sp
Value: 94b2ec61-2455-49c5-88ee-4f4deff60dfc
.avanan.com/ Name: insent-user-id
Value: K5p8t9Ka5vW8yWbqN1696849123528

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.hubapi.com
app.hubspot.com
bat.bing.com
bf28149orj.bf.dynatrace.com
cdn.linkedin.oribi.io
cdn2.hubspot.net
cdnjs.cloudflare.com
checkpointsoftwaretechnologiesincavanan.widget.insent.ai
com-thebigwillow-prod1.collector.snplow.net
connect.facebook.net
cta-service-cms2.hubspot.com
d10lpsik1i8c69.cloudfront.net
d26x5ounzdjojj.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscta.net
js.hsleadflows.net
js.pusher.com
lftracker.leadfeeder.com
match.prod.bidr.io
no-cache.hubspot.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px.spiceworks.com
px4.ads.linkedin.com
region1.analytics.google.com
research.checkpoint.com
reviews.static.gartner.com
script.hotjar.com
settings.luckyorange.net
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
t.co
t.influ2.com
tr.lfeeder.com
track.hubspot.com
trk.techtarget.com
use.fontawesome.com
vc.hotjar.io
www.avanan.com
www.facebook.com
www.gartner.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.influ2.com
www.linkedin.com
104.244.42.131
104.244.42.200
104.244.42.5
104.26.11.16
108.138.17.2
13.107.42.14
13.224.194.132
13.32.27.95
141.193.213.21
143.204.205.137
143.204.210.101
146.75.116.157
18.66.112.30
18.66.112.79
18.66.97.49
2001:4860:4802:34::36
2600:9000:206f:e200:2:53b2:240:93a1
2600:9000:214f:c400:14:c034:4840:93a1
2600:9000:225e:6600:f:7ae2:7780:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2c40::c73c:67fe
2606:4700:4400::6812:22e5
2606:4700:4400::ac40:973c
2606:4700::6810:4eba
2606:4700::6810:6fd1
2606:4700::6810:e05d
2606:4700::6811:190e
2606:4700::6811:c9cc
2606:4700::6811:e6a3
2606:4700::6812:7b0c
2606:4700::6812:b07d
2606:4700::6812:d533
2606:4700::6813:9b53
2606:4700:e0::ac40:660b
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:801::2004
2a00:1450:4001:806::200a
2a00:1450:4001:80e::2013
2a00:1450:4001:812::2003
2a00:1450:4001:813::200e
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::2008
2a00:1450:4001:827::2003
2a00:1450:400c:c02::9b
2a02:26f0:3500:16::215:149b
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
34.107.254.219
34.111.208.231
45.60.13.212
52.213.189.61
52.222.236.63
54.204.247.246
54.89.126.144
033423504b99f910ca2543312a910e42f20b7aa8c1aaaa3cae22f43aac45d5e8
03817f3f6505178f6f24ef977ac8cd844ba3427f0353759e41bea905c565020a
049ff00682c989e6cbaac474ac1442470e9eb9fbd1cede3f120afbc79aa4cfb9
057d87ec0edbdb5fe7d60d32da4c3abfe1dc2e6a0aacd6543a5e9dabb7bbd21b
05c580da7227f1f1038b071466c09ff25dfaa681d82e4a71ed58beadf63e8670
081d08f71fb7a07fd5247ce2d20af91a41899fd4ee1b129c18fedf8a04b5bbae
08deb5fb8e8a49d3e598cab0f6c178154648cd6234894569a0987812b19475f3
09048873cebefcb0b837c6962a0a053ef6700472bd37ff9b049e9b73e684f1ae
09fdb2959efa7f317724a5762ad6dd73d941613bfd3764ed8be04ddbc4338b4b
0aa526438b1842ad5b5f3d263f2e093068f7729588503cc264fabaddba7d63be
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c5109ab0fecc5ef21cc3eddf9e5e66741feb3c03a08c0c5d12a153bffe56a4d
10deca523f2d7d41a77738b61b503fb9ec9f7c8e5f96d34b4e760f7ab807983a
120622d2e3060368f7c051b23f03deb1834c17c87134bc02a6dc04c1b670858b
1f1a4b10ea1d6ac2aa452069b35118f47591e26e9d3520abd5847ff0f7080459
21091df3e91e575d018aa5b94c490bc0921233e901913052ceec557a2f3537ae
221a2d2c81d6c147efa694dd73f51bdcb8ecf509826457780c44f5026b6d5a71
22cecf5526a9a6a3c3d49dea18b28fd902a5a2bec155a04a7c21bb654b9ec0c9
24a3a9ccca4cde6a90f28a96467b83fcc8e8b02ae532b85c46d45514e98c9dc9
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
265dc9381f2b760551a12eb31f4bbc194ea6609b90fd79a59fc53cb0e1210146
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
27a8d14ca605b3f285f837f75557deff61b1735578894978a4a3b81789f3cce2
28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2ece63665d1c156d538ab3ab54b1239af56ceaa6d199d26580c877fefea8688d
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
325c89d4663e479ec3e6bbfdbffbebb113dea620b498f83acce051739e65d3bc
327f498e13e0a8166699d8d770f3806775c2707dd893d18f0139b84b0b9d8576
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
34eef1b4fe6f42df2bb474ae14d5bdb844a27ad42356fa5413a01beafc6e8b70
3636e8810aa8b16828af450174251147977372f0201e77d464c719f110b0924f
36ac3387c2c9cc95dbeb873e13a2e5527fd56953f8577e2663aa94ac9f7a6199
3726f6f71175b54abf48e8863b8634461bcbf34831f7c1b0a1d11e2604782b3a
389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4
3a3e741baa0906f0b51d556d0368583fec268e20e079e70685ef34cc7465f8da
3aa7096ab138e63bd35f8b7cf35753fd7f3e9a98cd54a5df3ae0b30f2cb9c011
3bb6f5d258250855c3e668d41d6c36233d81af81615332522208d14f52a3cb68
3eb73cc89830d3824b5c588849b29a5d4bad5b71108ba60e17bad3e6276dd5f7
4212a717b8d61a5ee679e86faef6b912c275aac5508f97350dac01bede075100
46891f1a0d9fc55b4650e10dbdc598a5269f19fdbd69305f8b8d1cd360b49f8d
49c8d692cb67ec3cc5b35e839c50c5c9eea05fe3ce82894eb02d22240554a0aa
4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281
4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589
4d0c00797ae643d5424a15005a9b01a173608c7e16e15ca0e317dfd28090d83a
4eed62e19ef261a18dade30aac09258399bbead589a04d061bce834f0d5a2bcd
54ff1ebf4247ecd1fdefdd027b695c8eca043b8987861f9edd37fee6ccceb2ef
56f9c5f99829774d0b2fbdcfd9750b617127e913afa0569afef6dfa22165659e
570076cb80b39e171421db010911512632e022fb54ed87b4884f6a4ab4c554d9
5a6284f5e68fe70bb17c9aecb532fdb513b37ec0096d21e9a7231fbcfeda6794
5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f
626e534b9a811f60a8aa88e463a0ffa75ea4d8ba7510ed6a15c267becf680394
634cd6856c830752abf4b33133617045f344d5713d8fa567269172ed76d1cac3
651ebf4f520ddb2f8b27e77b34f077d5664df6f9fa7613f5bbcf111a02a69b5f
6aac07afe3531f90cb143a265fa4790e9000da00dba0a04e25e6f64b739b4b96
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ce8b6777d90b50ec4183fac7c948902229a7b8427e2e63008c52e769ec0c2d4
6fbecdde63cefbeb511fc193ff653cf649ce9a2a9a120316d40f20b809afb647
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
71577fb46a22fa031506bab9c5ddb4640e38ef10a1b4959a11288b41ce4b0757
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
79d938426ac33128fb8864d9c30e5a60c4526077d7c8abf8ea993860a9d3d849
7a2f15820ffe7ec552c256f18b8cd6485618d23a5648f535992e5c6928a542b7
7a82df3611c2166b9b9e824830c57bc09ef40860b9dc83fb2897b9a2a3ab0b98
7abafc5000ddf62655e3145b3d3c0b0075f5320d57e93ebfdc14267e23ce8429
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b4c6df43d8be2860c107af980f4ae9c27dea1b14e0112921c3aef511bb29b07
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7d93e86ecd6532748537df0f73d8fccde4ea4cfaa15ea1b82134327c5f29d5c1
805270b078cde87b61bb57c8bd44f8b58b0d128f5a8efdd4395470b45b291d65
8150a6e66442996f64560b128d0effe532ed5eabdf0a8c6176c8c4e8ed502e6f
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87d6c8ca2c4746ba9c42bd4b56b9f8dcb23dc4f4c8a5e338039a915eddbb4cfb
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
8bfb6389f80ddd586b66a540370f89f40e7eb39d388e8d9410f57caa732dc5cd
8c31f9221454873de9c5bc222c2b5c97f216d3b21b0a3589f77f49fbcacf4a0d
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8deb475ac50713a43d3cf93fb2579f1badda5b9dee5704850b032f0f25564895
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
8f26365e1bb8c480eccb5eac0477b592ff6057b9bab06e4f62a838cbb631f82e
92544ed57b172f513a507fe6d3e09d763bc23c413e47d110d8dc03ef896490dd
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
94b9164549fba805d07a371447577e77ca7d335fb19f9eaf978209851969cf08
97152508df33871d78e6d8595480ac6c5cf8f2feb1fc1ef7fd2ef7a0517810c7
99dd5f9f73f99a20889f2ba80ee6a48b3c09a28fb5fba1310993d1f5ddd82ec4
a1f58a3e48f23d9036625e9f26553d5da8f45516cf308b6ae6fb2b0fe0d13b4e
a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1
a28a88a058bb32f3fff988c31380f2392939d9c4d1bf38b32f531969a02a33de
a29e6dee5b62ca9d6e561aea6c85f954074cd171af5f5d8c24e426b45df0ad9f
a405625d3620d1ef8d74c8bdfae7a609a563854125a2e4d306b9b33083a50c7c
a62430c1506f9d9ecc0bca9ffa39a073d5148f07be4aa54ed4532f9650caf56a
a87eea0ed4667d6241611511e68dce431477cbd9a06c9482b01323d6a0b972f9
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b057f4707a4e3bbf69647a669ebc4dbf35a9b5b25864b5fc63162e71f58621c8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e
b3c6f35195cdf97b110a6a3bbc41467d747d28b0c9e9950a171931ce58405547
b59a0404929cf4a3ad1cbd9c2ffaaff3f8c2e838a70867c1de2dfddc5a2b2f91
bb040b98adabb6b07aecd7250591fa9ba53843c05527fec90009bf414007ea08
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
bf6f2ddd3a93cfc831316931e733e85bfa4d344c33398e6c32115761bec7ba69
c0c747248d141ac5c07ba7f069484d6d5aabbbc9853b86581bed9f5b316518e7
c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8
c7d2435a17074fcf9d68f3dc278cdcdbaa0591d4dc6df866c6dd1f4b4f57d2ab
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
ceccfd0cd17e8b5de1c8e00a917ddf0dec6b7c1cea2251f259f07e0e92ef98d2
cee4c88acf7c3c3dcccb399551a63adc05cbbc91644ff64b5086136c7c0776ff
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
cf53806c2a4cef2c89a8502411683c83162fe73859d7d24244259e7e793df68a
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d15ed2fcd87415160bbacde5c09fd427cec2fc04dc5c06ac9529a7dfb0cb0550
d6acde4de8b620e6553139972e2d6c812c9efea6256543d85693dad4b709c921
d8a90505feaf4c24677939446a6590a7e14cd7b3b81f96841e77ab1d21ae2e5d
d914e564ecf0f0620ab21ce0365beb2901287fa5802d69f3f0fb5cfae2a8bad7
d988d972b8809487b026fd011bddfa14b3cc8b021e2e160699c50122de939531
d9f69c562fa39d1b002af05da1c6b99247e69c14a48e67b35d8a8b0efd739128
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcb085ad0fca889c4a1b898ccc7458c5d586e5740e7b7bffe065ac6a5e247ada
dda012741fa9345cb9fe242f8be298af8caca74fa20f90701c1402862c1120a6
ddd0af87d02bf88046acaf36141538c4852763b37b99ad5ea41ab6b07829818f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
deb3d40a52e939dc606cacea278753f149b56d19b6619994069659687e3a7728
df8b52ff87ca7f732701f2b32f6fc9b4387a2ee44ba6f919e3d61af9e535160c
e1e4e3cba3eeeb3ad74ae67c1f42012ebb51d8497482e5c01d404579d49c6b04
e305e6a8b146ce7f6c54b3d45b4d723161d558c19b5fb1bda018ba3b8201af0d
e3640c9e176b212640e5d1ba0e522d80ebe382b5a18fc55ae4f7be28d1b138be
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6713fb9ddf25585f97a9c877f75edbb8b2c0d0691c1402fe85c145a9098527d
e7df4b027925d68c28b72f0c81fb8ae8f10943bff26dfec0309b6fbef1849326
e94bb9eafa09b4181f7208f1466552561329b27bc870ea785be1fbbeb32661d8
ebd811addff53145da623fb3ceec50819469d1bef75de7e16cbcd613623015ab
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01d9cd0634d4fa8541c0829c8fab42697ae069d7a2d30f57c0b0938fcaca556
f245654930e08bb9f598f150ec93987e396830dc1f258fd9f8efea6ef720e0d1
f268614e7be44fc18dbfa5350bfeea8539258da4830ef728c56e05bf62f46b57
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f54ad99ac9b8bf0271cc6d19132826863aa3dc7077b4d5c586f99c46130efb30
f75e7361bbcda225d800dd06644f99253ae2cf5ab6a0e47ff7967474e7afb4a6
f7e7df2f1ed4b8fadb42a0c35d58ef907229bc7f2145fcd8c8620e039fef596b
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fbb613590ab06b8838cad9193caa3797b2fb582dd88a444a1afe2424754d97ca
fbf4d29d3505a4790b827cde56ca8e4e1d03ab709bb9db801f0a4f02c0fcc0e1
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fd6aef7e70901bd5018e23bf8f366b1363e27c9263a2e058df2ca725cf81aab5
fd70a63872a411b5f43dc2b9c9a0ee83fa6ccc53d8d120c9fd166270ef4d3265
fe5f4af17be162aaf3e1dadbc08fe06e678c87620a221b3fef8e2ca7a779986d
ff4e0b144f55e6bf1ac619baad9714973a381bc5c106e2cf62543d8d671f9c19