www.forcepoint.com Open in urlscan Pro
2a04:4e42:600::740 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks
Effective URL:
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Submission: On October 10 via api (October 10th 2023, 3:24:39 pm UTC) from BE — Scanned from DE

Summary HTTP 90 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 13 IPs in 2 countries across 13 domains to perform 90 HTTP transactions. The main IP is 2a04:4e42:600::740, located in United States and belongs to FASTLY, US. The main domain is www.forcepoint.com. The Cisco Umbrella rank of the primary domain is 303562.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on January 17th 2023. Valid for: a year.

This is the only time www.forcepoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 73	2a04:4e42:600... 2a04:4e42:600::740	54113 (FASTLY) (FASTLY)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
3	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:9000:223... 2600:9000:223e:5800:7:2bfb:7c00:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:8ace	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	185.89.210.141 185.89.210.141	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:20a... 2600:9000:20a0:5400:12:3734:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6812:b07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	159.89.102.253 159.89.102.253	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2606:4700::68... 2606:4700::6811:cff9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
1	162.247.243.29 162.247.243.29	54113 (FASTLY) (FASTLY)
90	13

73 2a04:4e42:600::740 (United States) 1 redirects

ASN54113 (FASTLY, US)

www.forcepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:223e:5800:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8ace (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.141 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20a0:5400:12:3734:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:b07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.89.102.253 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

geolocation-db.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cff9 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.29 (United States)

ASN54113 (FASTLY, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
73	forcepoint.com 1 redirects www.forcepoint.com — Cisco Umbrella Rank: 303562	2 MB
4	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4956 forms-na1.hsforms.com — Cisco Umbrella Rank: 7966	16 KB
3	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 1241	116 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 373	14 KB
2	geolocation-db.com geolocation-db.com — Cisco Umbrella Rank: 24726	433 B
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 542	1 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 248	408 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 456	16 KB
1	ml-api.io attr.ml-api.io — Cisco Umbrella Rank: 22897	233 B
1	ml-attr.com 1 redirects s.ml-attr.com — Cisco Umbrella Rank: 18333	283 B
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 7677	175 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 250	56 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 925	31 KB
90	13

	Domain	Requested by
73	www.forcepoint.com	1 redirects www.forcepoint.com
3	forms.hsforms.com	js.hsforms.net www.forcepoint.com
3	tags.tiqcdn.com	www.forcepoint.com tags.tiqcdn.com
3	cdn.jsdelivr.net	www.forcepoint.com
2	geolocation-db.com	code.jquery.com
2	secure.adnxs.com	2 redirects
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.forcepoint.com
1	forms-na1.hsforms.com	www.forcepoint.com
1	attr.ml-api.io	www.forcepoint.com
1	s.ml-attr.com	1 redirects
1	js.hsforms.net	www.forcepoint.com
1	cdnjs.cloudflare.com	www.forcepoint.com
1	code.jquery.com	www.forcepoint.com
90	14

This site contains links to these domains. Also see Links.

Domain
partners.forcepoint.com
support.forcepoint.com
learn.forcepoint.com
gateway.on24.com
posts.specterops.io
zeltser.com
isc.sans.edu
www.harmj0y.net
medium.com
www.fortynorthsecurity.com
tech.nicolonsky.ch
www.linkedin.com
twitter.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
forcepoint.com Sectigo RSA Organization Validation Secure Server CA	`2023-01-17` - `2024-01-17`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
tags.tiqcdn.com Amazon RSA 2048 M01	`2023-04-18` - `2024-05-17`	a year	crt.sh
geolocation-db.com R3	`2023-08-14` - `2023-11-12`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Frame ID: 7202C7EDD49B60C7F06D088C18DF4594
Requests: 109 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Using C# for post-PowerShell attacks | Forcepoint

Page URL History Show full URLs

https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks HTTP 301
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

90
Requests

99 %
HTTPS

64 %
IPv6

13
Domains

14
Subdomains

13
IPs

2
Countries

1997 kB
Transfer

5415 kB
Size

2
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://partners.forcepoint.com/s/login/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://support.forcepoint.com/s/
Title: Support Login

Search URL Search Domain Scan URL

URL: https://learn.forcepoint.com/
Title: Training

Search URL Search Domain Scan URL

URL: https://gateway.on24.com/wcc/eh/2770759/forcepoint-webinar-hub
Title: The Forcepoint Webinar HubWatch Now

Search URL Search Domain Scan URL

URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
Title: security issue recently identified by Matt Graber

Search URL Search Domain Scan URL

URL: https://zeltser.com/fileless-malware-beyond-buzzword/
Title: 2017 blog post

Search URL Search Domain Scan URL

URL: https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/
Title: noted by Xavier Mertens earlier this month

Search URL Search Domain Scan URL

URL: http://www.harmj0y.net/blog/redteaming/ghostpack/
Title: released

Search URL Search Domain Scan URL

URL: https://medium.com/@malcomvetter/net-process-injection-1a1af00359bc
Title: published

Search URL Search Domain Scan URL

URL: https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike/
Title: blog post by Forty North Security

Search URL Search Domain Scan URL

URL: https://tech.nicolonsky.ch/windows-10-1709-cannot-access-smb2-share-guest-access/
Title: registry setting

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/forcepoint?trk=fc_badge
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/forcepointsec
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ForcepointLLC
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC4MbQECdktvwewRlAFwT_-w
Title: YouTube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks HTTP 301
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 69

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=5847236940724840546

90 HTTP transactions
19 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request using-c-post-powershell-attacks Show response
www.forcepoint.com/blog/x-labs/
Redirect Chain

https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

116 KB
42 KB

1303ms
1302ms

Document
text/html

2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cfabf6b51fb2fba17882b5c821ee0dc87f7d06687234a00d4986ea52ad4190c8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .fonts.net .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com .ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com .nr-data.net .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com .theadex.com .aumago.com .driftqa.com .scribblecdn.net .esg-global.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .clickagy.com .nimblestory.com .usemessages.com .stackadapt.com .googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net .w55c.net .demandbase.com .company-target.com .gstatic.com .tiqcdn.com .marketo.net .newrelic.com .facebook.net .ads-twitter.com .burly.io .bizographics.com .nr-data.net .licdn.com .tt.omtrdc.net .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com .ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com app.vwo.com .ubembed.com .driftt.com .vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com .adobe.com .consensu.org .bizible.com .theadex.com .aumago.com .zoominfo.com .clickagy.com .redditstatic.com .quantcount.com .g2crowd.com .steelhousemedia.com .scribblecdn.net .esg-global.com .6sc.co .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .jquery.com .google.com .hscollectedforms.net .jsdelivr.net .stackadapt.com .googlesyndication.com ; img-src * data: ; font-src 'self' .google.com .googleadservices.com; connect-src 'self' .vwo.com .demdex.net .omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net .theadex.com .aumago.com .google-analytics.com .6sc.co .adnxs.com .vidyard.com .6sense.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com api.hubapi.com .hsforms.net .hsforms.com .s3.amazonaws.com .drift.com .clickagy.com .facebook.com .zoominfo.com geolocation-db.com cdn.linkedin.oribi.io .hubspot.com .hscollectedforms.net .stackadapt.com .google.com .googletagmanager.com .googleadservices.com google.com .googlesyndication.com ; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: public, max-age=3600
content-encoding: gzip
content-language: en
content-length: 37400
content-security-policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com ; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com ; report-uri /admin/config/system/seckit/csp-report
content-type: text/html; charset=utf-8
date: Tue, 10 Oct 2023 15:24:33 GMT
etag: W/"1696951472-0"
expires: Sun, 19 Nov 1978 05:00:00 GMT
from-origin: same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent: EU
http_x_geo_region: DE-HE
last-modified: Tue, 10 Oct 2023 15:24:32 GMT
link: </sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; font/woff; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; font/woff; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff>; rel=preload; as=font; crossorigin; font/woff; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff>; rel=preload; as=font; crossorigin; font/woff; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff>; rel=preload; as=font; crossorigin; font/woff; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff>; rel=preload; as=font; crossorigin; font/woff; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff>; rel=preload; as=font; crossorigin; font/woff; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff>; rel=preload; as=font; crossorigin; font/woff; nopush,</misc/throbber-inactive.png>; rel=preload; as=image; image/png; nopush,</misc/throbber-active.gif>; rel=preload; as=image; image/gif; nopush,</misc/grippie.png>; rel=preload; as=image; image/png; nopush,</misc/draggable.png>; rel=preload; as=image; image/png; nopush,</misc/tree.png>; rel=preload; as=image; image/png; nopush,</misc/tree-bottom.png>; rel=preload; as=image; image/png; nopush,</misc/message-24-ok.png>; rel=preload; as=image; image/png; nopush,</misc/message-24-warning.png>; rel=preload; as=image; image/png; nopush,</misc/message-24-error.png>; rel=preload; as=image; image/png; nopush,</misc/help.png>; rel=preload; as=image; image/png; nopush,</misc/menu-expanded.png>; rel=preload; as=image; image/png; nopush,</misc/menu-collapsed.png>; rel=preload; as=image; image/png; nopush,</misc/progress.gif>; rel=preload; as=image; image/gif; nopush,</sites/all/libraries/chosen/chosen-sprite.png>; rel=preload; as=image; image/png; nopush,</sites/all/libraries/chosen/chosen-sprite@2x.png>; rel=preload; as=image; image/png; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png>; rel=preload; as=image; image/png; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png>; rel=preload; as=image; image/png; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png>; rel=preload; as=image; image/png; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png>; rel=preload; as=image; image/png; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_65_ffffff_1x400.png>; rel=preload; as=image; image/png; nopush,<https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks>; rel="canonical",<https://www.forcepoint.com/node/26751>; rel="shortlink"
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=18410000; includeSubDomains; preload
vary: Accept-Encoding, x-geo-country, Cookie, orig-host
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS, MISS
x-cache-hits: 0, 0, 0, 0
x-content-type-options: nosniff
x-drupal-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 7 (http://drupal.org)
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-mklm8
x-served-by: cache-chi-kigq8000024-CHI, cache-chi-klot8100071-CHI, cache-fra-eddf8230087-FRA, cache-fra-eddf8230137-FRA
x-styx-req-id: 1c74aaa1-6781-11ee-ad32-124ecfc32ae4
x-timer: S1696951472.023655,VS0,VE1294
x-ua-compatible: IE=Edge,chrome=1
x-xss-protection: 1

Redirect headers

accept-ranges: bytes
age: 0
cache-control: public, max-age=3600
content-length: 1
content-type: text/html; charset=UTF-8
date: Tue, 10 Oct 2023 15:24:32 GMT
etag: "1696951471-0"
expires: Sun, 19 Nov 1978 05:00:00 GMT
http_x_geo_continent: EU
http_x_geo_region: DE-HE
last-modified: Tue, 10 Oct 2023 15:24:31 GMT
location: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
server: nginx
strict-transport-security: max-age=300
vary: x-geo-country, Cookie, orig-host
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS, MISS
x-cache-hits: 0, 0, 0, 0
x-content-type-options: nosniff
x-drupal-cache: MISS
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-mzd9k
x-redirect-id: 46226
x-served-by: cache-chi-klot8100095-CHI, cache-chi-klot8100138-CHI, cache-fra-eddf8230136-FRA, cache-fra-eddf8230137-FRA
x-styx-req-id: 1c5507fd-6781-11ee-a6fa-5e85ccf9a607
x-timer: S1696951472.815695,VS0,VE197

GET
H2 200 Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
19 KB 121ms
117ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 39359, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-d4lxr
content-length: 18868
x-served-by: cache-chi-klot8100050-CHI, cache-chi-klot8100050-CHI, cache-fra-eddf8230101-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 04 Oct 2023 05:18:21 GMT
server: nginx
x-timer: S1696951473.340764,VS0,VE110
etag: "651cf59d-49b4"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: e56759fb-6393-11ee-884b-6ea38a268b26
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 05 Oct 2024 15:28:55 GMT

GET
H2 200 Hoves_Medium.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
19 KB 138ms
133ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 2272, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 31367
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-zkb7x
content-length: 18688
x-served-by: cache-chi-klot8100111-CHI, cache-chi-klot8100111-CHI, cache-fra-etou8220104-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 09 Oct 2023 06:03:29 GMT
server: nginx
x-timer: S1696951473.349962,VS0,VE118
etag: "652397b1-4900"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: 14c2893d-6738-11ee-b0fe-6ee8b3a5b0cf
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 10 Oct 2024 06:41:45 GMT

GET
H2 200 Hoves_Regular.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
18 KB 147ms
142ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 38934, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-zsj5z
content-length: 18436
x-served-by: cache-chi-kigq8000080-CHI, cache-chi-kigq8000080-CHI, cache-fra-eddf8230093-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 04 Oct 2023 05:18:27 GMT
server: nginx
x-timer: S1696951473.350002,VS0,VE121
etag: "651cf5a3-4804"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: e5533b5e-6393-11ee-bb59-4eaf1f04b4e7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 05 Oct 2024 15:28:55 GMT

GET
H2 200 Hoves_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 19 KB
19 KB 150ms
145ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 38633, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-zsj5z
content-length: 19656
x-served-by: cache-chi-klot8100066-CHI, cache-chi-klot8100066-CHI, cache-fra-eddf8230055-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 04 Oct 2023 05:18:25 GMT
server: nginx
x-timer: S1696951473.349990,VS0,VE124
etag: "651cf5a1-4cc8"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: e56a41bb-6393-11ee-bb59-4eaf1f04b4e7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 05 Oct 2024 15:28:55 GMT

GET
H2 200 Hoves_Light.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
18 KB 151ms
147ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 38588, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-497xf
content-length: 18600
x-served-by: cache-chi-klot8100148-CHI, cache-chi-klot8100148-CHI, cache-fra-eddf8230065-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 04 Oct 2023 05:18:26 GMT
server: nginx
x-timer: S1696951473.350388,VS0,VE124
etag: "651cf5a2-48a8"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: e56a78b6-6393-11ee-830a-3ae4ddfd9e43
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 05 Oct 2024 15:28:55 GMT

GET
H2 200 Hoves_Light_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 19 KB
19 KB 131ms
127ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 38237, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-zmn2g
content-length: 19360
x-served-by: cache-chi-klot8100021-CHI, cache-chi-klot8100021-CHI, cache-fra-etou8220105-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 04 Oct 2023 05:18:30 GMT
server: nginx
x-timer: S1696951473.350732,VS0,VE111
etag: "651cf5a6-4ba0"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: e56b76d6-6393-11ee-a541-56525b9095c8
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 05 Oct 2024 15:28:55 GMT

GET
H2 200 Hoves_ExtraLight.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
18 KB 162ms
159ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 38427, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-9m4g9
content-length: 17944
x-served-by: cache-chi-kigq8000096-CHI, cache-chi-kigq8000096-CHI, cache-fra-eddf8230027-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 04 Oct 2023 05:18:30 GMT
server: nginx
x-timer: S1696951473.350799,VS0,VE143
etag: "651cf5a6-4618"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: e56c161d-6393-11ee-83a0-ba44389d6db1
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 05 Oct 2024 15:28:55 GMT

GET
H2 200 css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 6 KB
2 KB 127ms
123ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 21551, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-497xf
content-length: 2109
x-served-by: cache-chi-kigq8000158-CHI, cache-chi-kigq8000158-CHI, cache-fra-etou8220118-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 08 Mar 2023 18:00:58 GMT
server: nginx
x-timer: S1696951473.341777,VS0,VE114
etag: W/"6408cd5a-1797"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 41a33985-6208-11ee-89f1-3ae4ddfd9e43
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 16:16:49 GMT

GET
H2 200 css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 11 KB
3 KB 143ms
139ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 2328, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-pt5pm
content-length: 2662
x-served-by: cache-chi-kigq8000121-CHI, cache-chi-klot8100126-CHI, cache-fra-eddf8230118-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:22 GMT
server: nginx
x-timer: S1696951473.343459,VS0,VE125
etag: W/"6406263a-2d9a"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 493b6ff1-52c6-11ee-afb4-e2c6c2e254a3
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 14 Sep 2024 06:16:48 GMT

GET
H2 200 css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 789 B
761 B 118ms
115ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 36502, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-mxq9f
content-length: 405
x-served-by: cache-chi-kigq8000072-CHI, cache-chi-kigq8000072-CHI, cache-fra-eddf8230139-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 18:37:56 GMT
server: nginx
x-timer: S1696951473.343553,VS0,VE107
etag: W/"64063304-315"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 5fc0af89-620a-11ee-af0c-7ae92eee0f34
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 16:31:59 GMT

GET
H2 200 css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 14 KB
3 KB 127ms
124ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 36566, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-86d66977b5-5ll47
content-length: 2632
x-served-by: cache-chi-kigq8000077-CHI, cache-chi-kigq8000077-CHI, cache-fra-etou8220023-FRA, cache-fra-eddf8230137-FRA
last-modified: Thu, 15 Jun 2023 14:49:23 GMT
server: nginx
x-timer: S1696951473.343456,VS0,VE115
etag: W/"648b24f3-3962"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: a9070dd2-57cf-11ee-9bc0-a219bd3f6e17
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 20 Sep 2024 16:06:30 GMT

GET
H2 200 css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 512 B
533 B 131ms
128ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 36404, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-nxr8f
content-length: 230
x-served-by: cache-chi-kigq8000024-CHI, cache-chi-kigq8000024-CHI, cache-fra-eddf8230127-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 18:00:10 GMT
server: nginx
x-timer: S1696951473.343847,VS0,VE119
etag: W/"64062a2a-200"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 29c8d78e-6202-11ee-b26c-ae25379fe8c0
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 15:33:12 GMT

GET
H2 200 css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 3 KB
1 KB 121ms
118ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 21317, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-q48kl
content-length: 1172
x-served-by: cache-chi-klot8100165-CHI, cache-chi-klot8100165-CHI, cache-fra-etou8220056-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 08 Mar 2023 18:00:58 GMT
server: nginx
x-timer: S1696951473.344261,VS0,VE109
etag: W/"6408cd5a-c8c"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 5d99e30d-61ab-11ee-8fcc-e67e16785de6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 05:11:53 GMT

GET
H2 200 css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 506 B
531 B 120ms
117ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 21341, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-bq9mq
content-length: 175
x-served-by: cache-chi-klot8100176-CHI, cache-chi-klot8100176-CHI, cache-fra-etou8220032-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 08 Mar 2023 18:00:58 GMT
server: nginx
x-timer: S1696951473.343542,VS0,VE109
etag: W/"6408cd5a-1fa"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: d676bf9e-5796-11ee-be15-e20908b73524
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 20 Sep 2024 09:19:44 GMT

GET
H2 200 css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 454 B
601 B 129ms
126ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 21285, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-86d66977b5-p7558
content-length: 221
x-served-by: cache-chi-kigq8000113-CHI, cache-chi-kigq8000113-CHI, cache-fra-eddf8230055-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:23 GMT
server: nginx
x-timer: S1696951473.343112,VS0,VE118
etag: W/"6406263b-1c6"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 9ef2774c-5791-11ee-a5b8-0e53a248f8b5
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 20 Sep 2024 08:42:24 GMT

GET
H2 200 css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 502 B
633 B 123ms
121ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 21257, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-pv78z
content-length: 252
x-served-by: cache-chi-klot8100064-CHI, cache-chi-klot8100064-CHI, cache-fra-eddf8230062-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:22 GMT
server: nginx
x-timer: S1696951473.343078,VS0,VE112
etag: W/"6406263a-1f6"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 6f9d3bed-6136-11ee-8a29-2eeda6c80640
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 02 Oct 2024 15:14:52 GMT

GET
H2 200 css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 5 KB
2 KB 128ms
125ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 178, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-5cbc988cb-rwfbz
content-length: 2091
x-served-by: cache-chi-klot8100139-CHI, cache-chi-klot8100170-CHI, cache-fra-etou8220109-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:47 GMT
server: nginx
x-timer: S1696951473.349050,VS0,VE112
etag: W/"64062653-1218"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: eb23ab8e-5d29-11ee-b102-76465eb2d399
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 27 Sep 2024 11:35:11 GMT

GET
H2 200 css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 128 B
506 B 151ms
149ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 25032, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-497xf
content-length: 118
x-served-by: cache-chi-kigq8000142-CHI, cache-chi-kigq8000142-CHI, cache-fra-etou8220101-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:30 GMT
server: nginx
x-timer: S1696951473.348619,VS0,VE134
etag: W/"64062642-80"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 9f4fb909-6205-11ee-89f1-3ae4ddfd9e43
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 15:57:58 GMT

GET
H2 200 css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 203 B
480 B 124ms
122ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 21257, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-9m4g9
content-length: 137
x-served-by: cache-chi-kigq8000029-CHI, cache-chi-kigq8000029-CHI, cache-fra-etou8220109-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:55:40 GMT
server: nginx
x-timer: S1696951473.348049,VS0,VE107
etag: W/"6406291c-cb"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: ee541846-6213-11ee-858f-ba44389d6db1
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 17:40:23 GMT

GET
H2 200 css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 99 B
454 B 126ms
124ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 21231, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-5cbc988cb-ns76b
content-length: 100
x-served-by: cache-chi-klot8100037-CHI, cache-chi-klot8100037-CHI, cache-fra-eddf8230083-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:55:40 GMT
server: nginx
x-timer: S1696951473.349326,VS0,VE110
etag: W/"6406291c-63"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: e01e1e0c-5c29-11ee-95b6-e2fe7f471e9f
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 26 Sep 2024 05:02:21 GMT

GET
H2 200 css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 493 KB
118 KB 155ms
153ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 36651, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-86d66977b5-p8xp9
content-length: 120174
x-served-by: cache-chi-kigq8000161-CHI, cache-chi-kigq8000161-CHI, cache-fra-eddf8230033-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 31 May 2023 20:05:18 GMT
server: nginx
x-timer: S1696951473.349489,VS0,VE139
etag: W/"6477a87e-7b4f7"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 18d01218-5638-11ee-b317-eeb9918916c4
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 18 Sep 2024 15:29:02 GMT

GET
H2 200 css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI___rEPbPwxk07W7WH2kpNPsegIfUTFOlt28v8ous9WM4A__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 2 MB
292 KB 137ms
135ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI___rEPbPwxk07W7WH2kpNPsegIfUTFOlt28v8ous9WM4A__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

21795fd2a75d2f127807aa5e48e08af57799d6d314546f72f496addb3ac58356

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 15, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 39053
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-pv78z
content-length: 298906
x-served-by: cache-chi-klot8100169-CHI, cache-chi-klot8100169-CHI, cache-fra-etou8220060-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 20 Sep 2023 13:17:35 GMT
server: nginx
x-timer: S1696951473.349962,VS0,VE119
etag: W/"650af0ef-1e8c76"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 2f718a10-6726-11ee-bbfc-2eeda6c80640
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 10 Oct 2024 04:33:39 GMT

GET
H2 200 js__H5AFmq1RrXKsrazzPq_xPQPy4K0wUKqecPjczzRiTgQ__wor4r9P8YTtQ7p6fbywTetZ47Z_orumIfrrhgxrpLus__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 8 KB
3 KB 159ms
145ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__H5AFmq1RrXKsrazzPq_xPQPy4K0wUKqecPjczzRiTgQ__wor4r9P8YTtQ7p6fbywTetZ47Z_orumIfrrhgxrpLus__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2fd4ff0bb2c62470b3cbecbc717d7beb9db9141a0770cdb21deb75e2d66600e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 37517, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-6fcbcb6768-sxfmv
content-length: 3013
x-served-by: cache-chi-kigq8000176-CHI, cache-chi-kigq8000176-CHI, cache-fra-etou8220020-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:23 GMT
server: nginx
x-timer: S1696951474.622811,VS0,VE137
etag: W/"6406263b-1ea4"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 317dde03-5c6b-11ee-9b37-de3a52dd242e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 26 Sep 2024 12:49:55 GMT

GET
H2 200 js__jY3-3CF_aW2-zV7M-ZJG0aboHTCHOpI0LqsoubNNRFI__ldX-GYGVbJarE_FwlYdMigsz0wUJ72Qj_I4V8NwWM6E__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 10 KB
4 KB 128ms
114ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__jY3-3CF_aW2-zV7M-ZJG0aboHTCHOpI0LqsoubNNRFI__ldX-GYGVbJarE_FwlYdMigsz0wUJ72Qj_I4V8NwWM6E__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d204f5f4ba3ea1f82f2c6702aebeb0ca8297512735f50307e79df48a91433548

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 2338, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-86d66977b5-jhx6k
content-length: 3440
x-served-by: cache-chi-kigq8000028-CHI, cache-chi-kigq8000061-CHI, cache-fra-etou8220109-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:34 GMT
server: nginx
x-timer: S1696951474.623469,VS0,VE109
etag: W/"64062646-29bf"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 04ae964c-57c8-11ee-928d-4e5803b49562
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 20 Sep 2024 15:11:47 GMT

GET
H2 200 js__GM3GJPR36rRIz0TRkjC5OQwrioSyN9aoYRivDhCO_AM__qAl84FcCv2jyN22yFGS5Oc85cjd9zKX6p_cFNLGhe-M__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 8 KB
4 KB 133ms
119ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__GM3GJPR36rRIz0TRkjC5OQwrioSyN9aoYRivDhCO_AM__qAl84FcCv2jyN22yFGS5Oc85cjd9zKX6p_cFNLGhe-M__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a5289eae50ef45d991023c3382a736737219be26a1dd3453e5b7c9e163253b2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 22368, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-6fcbcb6768-sxfmv
content-length: 3726
x-served-by: cache-chi-klot8100119-CHI, cache-chi-klot8100119-CHI, cache-fra-eddf8230131-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:21 GMT
server: nginx
x-timer: S1696951474.623444,VS0,VE113
etag: W/"64062639-20a4"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: a8572381-5c4d-11ee-9b37-de3a52dd242e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 26 Sep 2024 09:18:30 GMT

GET
H2 200 forcepoint.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 2 KB
1 KB 136ms
122ms Image
image/svg+xml 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/forcepoint.svg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 35009, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-d7rjn
content-length: 783
x-served-by: cache-chi-klot8100133-CHI, cache-chi-klot8100133-CHI, cache-fra-eddf8230071-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 04 Oct 2023 05:18:24 GMT
server: nginx
x-timer: S1696951474.623459,VS0,VE114
etag: W/"651cf5a0-6ad"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: e577c96f-6393-11ee-9394-0e8b8ab6185f
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 05 Oct 2024 15:28:55 GMT

GET
H2 200 why_fp_menu_image.jpg
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 13 KB
14 KB 24ms
10ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/why_fp_menu_image.jpg?itok=YA7FRQSY

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5a3a0313429b22b8fd7b067a306c2733e73b8a1e038591f722ad524e9f60ab79

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 1, 107, 400, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 3621318
http_x_geo_region: DE-HE
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=15805 idim=396x395 ifmt=jpeg ofsz=13734 odim=396x395 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-59d8b4cd4d-z2m48
content-length: 13734
x-served-by: cache-chi-kigq8000066-CHI, cache-chi-klot8100148-CHI, cache-fra-eddf8230067-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.623376,VS0,VE4
etag: "6aifxfEJcNK5Dp3qpDZUECfoedZ/8IyHjeDfy+Q/V2c"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: addf6e71-3bc2-11ee-b3bd-1a10ba961981
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 15 Aug 2024 23:23:02 GMT

GET
H2 200 navigation-graphic-final_1.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 15 KB
15 KB 65ms
51ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/navigation-graphic-final_1.png?itok=9TY6J1QP

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0198a18e8efec8ddf2982bd82913e857999b9a420ade64adb8aa34b9f4c0df2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 0, 78, 395, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
fastly-io-served-by: vpop-mnz1300708
age: 547379
http_x_geo_region: DE-HE
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=15737 idim=395x395 ifmt=png ofsz=15092 odim=395x395 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-zmn2g
content-length: 15092
x-served-by: cache-chi-kigq8000094-CHI, cache-chi-kigq8000145-CHI, cache-fra-etou8220051-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.624446,VS0,VE40
etag: "uWZurJAS5a8wBCV+x7gyE7tnrp0ucZ9CakfKnUkz04g"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: a57caec4-6286-11ee-9edc-56525b9095c8
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Oct 2024 07:21:33 GMT

GET
H2 200 microsoftteams-image_10.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 4 KB
4 KB 30ms
16ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/microsoftteams-image_10.png?itok=edhSanZq

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

552724597375ea2ef31e983038907192f6799be327c5614ba45bc32d1c2bbecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 0, 49, 431, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
fastly-io-served-by: vpop-mnz1300713
age: 605852
http_x_geo_region: DE-HE
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=4136 idim=280x120 ifmt=jpeg ofsz=3874 odim=280x120 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-nxr8f
content-length: 3874
x-served-by: cache-chi-klot8100083-CHI, cache-chi-kigq8000168-CHI, cache-fra-etou8220030-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.625653,VS0,VE3
etag: "dtsDw/6KVBC+oZOvACMoTTRdu9j6vou/iBNgkoUDt6k"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 81640477-61fe-11ee-b26c-ae25379fe8c0
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 15:07:01 GMT

GET
H2 200 webinar_hub_-_hero_small_v2.jpg
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 11 KB
12 KB 31ms
17ms Image
image/jpeg 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/webinar_hub_-_hero_small_v2.jpg?itok=ouFUnrxI

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

311c3a27de6c5daa55ad7d1a3d16c0333ad53dad8bef15b6485260b4b395d44f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 1, 652, 428, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 2957530
http_x_geo_region: DE-HE
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=11574 idim=280x148 ifmt=jpeg ofsz=11574 odim=280x148 ofmt=jpeg
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-84697ccf7d-442xt
content-length: 11574
fastly-io-warning: Failed to shrink image
x-served-by: cache-chi-klot8100061-CHI, cache-chi-klot8100061-CHI, cache-fra-eddf8230088-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.625635,VS0,VE3
etag: "1wzteSx5YGAIW4hI/ACZng364RcDU78REoJcA8yHvsY"
vary: Accept, orig-host
content-type: image/jpeg
x-styx-req-id: 13f9ee4a-4c9b-11ee-ab56-fe53c0183163
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 06 Sep 2024 09:52:23 GMT

GET
H2 200 thumbnail-navigation-gartner-2023-svs-mq.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 4 KB
4 KB 30ms
17ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/thumbnail-navigation-gartner-2023-svs-mq.png?itok=e-t0E309

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7da70cd3d6fc03baf73219253cb40b2f9fe77d3a4ce29834e49e12a58ae59c6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 0, 127, 403, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
fastly-io-served-by: vpop-mnz1300706
age: 1069126
http_x_geo_region: DE-HE
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=5091 idim=280x148 ifmt=png ofsz=4092 odim=280x148 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-5cbc988cb-rwfbz
content-length: 4092
x-served-by: cache-chi-kigq8000042-CHI, cache-chi-kigq8000073-CHI, cache-fra-etou8220023-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.625628,VS0,VE3
etag: "pDuWR/Z4+fMRXLQvlf0EiUs3PGR82AFIT2pkaRwKgoE"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: dc5f2991-5dc7-11ee-9f1a-76465eb2d399
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 28 Sep 2024 06:25:47 GMT

GET
H2 200 photo-1520386950581-900a51cbbc93.jpeg
www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/ 79 KB
79 KB 29ms
15ms Image
image/jpeg 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/photo-1520386950581-900a51cbbc93.jpeg?itok=CGBPyn2U&timestamp=1552745701

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c0d3e8399d25a454b367e3156a62719226f9d283000f3d0ef30fcd9f9d968763

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 0, 4, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
fastly-io-served-by: vpop-mnz1300711
age: 1111836
http_x_geo_region: DE-HE
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=80875 idim=1180x346 ifmt=jpeg ofsz=80875 odim=1180x346 ofmt=jpeg
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-5cbc988cb-g7rhx
content-length: 80875
fastly-io-warning: Failed to shrink image
x-served-by: cache-chi-kigq8000165-CHI, cache-chi-kigq8000096-CHI, cache-fra-eddf8230055-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.625617,VS0,VE4
etag: "niTTHhBctfoOJUxPHuxEoGtZogv5kQ+YD9bnV5v4X1k"
vary: Accept, orig-host
content-type: image/jpeg
x-styx-req-id: 6ba05c51-5d64-11ee-810d-16c5e47dd368
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 27 Sep 2024 18:33:57 GMT

GET
H2 200 201809_mwcompiler_figure1.png
www.forcepoint.com/sites/default/files/inline/security-labs/ 65 KB
65 KB 34ms
21ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/inline/security-labs/201809_mwcompiler_figure1.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

06625e9ba031f00b8df2ad4206d3b0f6b47063b8ca6091d7b64a0b91474fc694

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 1, 6, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 2286982
http_x_geo_region: DE-HE
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=117796 idim=1002x156 ifmt=png ofsz=66482 odim=1002x156 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-7766b97b54-f8zvn
content-length: 66482
x-served-by: cache-chi-kigq8000025-CHI, cache-chi-kigq8000035-CHI, cache-fra-eddf8230126-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.625617,VS0,VE8
etag: "UkYgT3kAfnA5EtBczki4+Kv206A+2fDpahAgTC5gnmE"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 689788d4-4e74-11ee-8783-a2f59a41d1e8
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 08 Sep 2024 18:20:37 GMT

GET
H2 200 201809_mwcompiler_figure2.png
www.forcepoint.com/sites/default/files/inline/security-labs/ 429 KB
429 KB 42ms
29ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/inline/security-labs/201809_mwcompiler_figure2.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

1481c2c4e58796a109a75e680a6a772f65230168820d2dda34cac764e03f36e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 0, 5, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
fastly-io-served-by: vpop-mnz1300718
age: 1111835
http_x_geo_region: DE-HE
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=793628 idim=1002x802 ifmt=png ofsz=438958 odim=1002x802 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-6fcbcb6768-fnq7g
content-length: 438958
x-served-by: cache-chi-kigq8000027-CHI, cache-chi-klot8100144-CHI, cache-fra-eddf8230038-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.630868,VS0,VE5
etag: "Se5HYzFZ5SypbDw2YRUHeXMDl32cjCJobtYLCqfdW54"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 6ba3a1a4-5d64-11ee-bbdb-8a3bea2b6932
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 27 Sep 2024 18:33:57 GMT

GET
H2 200 placeholder_image.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 34 B
392 B 34ms
22ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/placeholder_image.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 0, 23, 158, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 4326655
http_x_geo_region: DE-HE
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=1272 idim=20x20 ifmt=png ofsz=34 odim=20x20 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-65d46855f6-fvs96
content-length: 34
x-served-by: cache-chi-klot8100035-CHI, cache-chi-kigq8000110-CHI, cache-fra-etou8220055-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.631928,VS0,VE3
etag: "1Cw1g26qcqy/qXiETpkqMbr8ayhbr57dIxJ0jC+RrrE"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 55de4888-4027-11ee-acfc-2ea97a8f8c9e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 21 Aug 2024 13:33:38 GMT

GET
H2 200 wallet_photo-1510681491618-3cb3e5bb6bf6.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/ 14 KB
18 KB 127ms
116ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/wallet_photo-1510681491618-3cb3e5bb6bf6.jpg?itok=qJprCTj6&timestamp=1556626061

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

39fc097244da7f028757c9e24ceebf4a5cd219af69cb7d30bcd252c55689fed1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .fonts.net .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com .ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com .nr-data.net .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com .theadex.com .aumago.com .driftqa.com .scribblecdn.net .esg-global.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .clickagy.com .nimblestory.com .usemessages.com .stackadapt.com .googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net .w55c.net .demandbase.com .company-target.com .gstatic.com .tiqcdn.com .marketo.net .newrelic.com .facebook.net .ads-twitter.com .burly.io .bizographics.com .nr-data.net .licdn.com .tt.omtrdc.net .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com .ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com app.vwo.com .ubembed.com .driftt.com .vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com .adobe.com .consensu.org .bizible.com .theadex.com .aumago.com .zoominfo.com .clickagy.com .redditstatic.com .quantcount.com .g2crowd.com .steelhousemedia.com .scribblecdn.net .esg-global.com .6sc.co .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .jquery.com .google.com .hscollectedforms.net .jsdelivr.net .stackadapt.com .googlesyndication.com ; img-src * data: ; font-src 'self' .google.com .googleadservices.com; connect-src 'self' .vwo.com .demdex.net .omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net .theadex.com .aumago.com .google-analytics.com .6sc.co .adnxs.com .vidyard.com .6sense.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com api.hubapi.com .hsforms.net .hsforms.com .s3.amazonaws.com .drift.com .clickagy.com .facebook.com .zoominfo.com geolocation-db.com cdn.linkedin.oribi.io .hubspot.com .hscollectedforms.net .stackadapt.com .google.com .googletagmanager.com .googleadservices.com google.com .googlesyndication.com ; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 0, 58, 0, 0
content-security-policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com ; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com ; report-uri /admin/config/system/seckit/csp-report
strict-transport-security: max-age=18410000; includeSubDomains; preload
x-content-type-options: nosniff
date: Tue, 10 Oct 2023 15:24:33 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
fastly-io-served-by: vpop-mnz1300716
age: 0
http_x_geo_region: DE-HE
x-cache: MISS, HIT, MISS, MISS
fastly-io-info: ifsz=16641 idim=570x270 ifmt=jpeg ofsz=14806 odim=570x270 ofmt=webp
from-origin: same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent: EU
fastly-stats: io=1
expires: Sun, 19 Nov 1978 05:00:00 GMT
content-length: 14806
x-xss-protection: 1
x-served-by: cache-chi-klot8100087-CHI, cache-chi-kigq8000074-CHI, cache-fra-eddf8230067-FRA, cache-fra-eddf8230137-FRA
referrer-policy: strict-origin-when-cross-origin
server: nginx
x-timer: S1696951474.630500,VS0,VE103
etag: "KmCH4g5Hz8VmwjO+gpy2vbagNRTYF4V4SEGuAxH01oc"
x-frame-options: SAMEORIGIN
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 1b2c4891-62ce-11ee-9edc-56525b9095c8
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-drupal-cache: MISS
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-zmn2g

GET
H2 200 gartner-ai-report-hero-2.jpg
www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/ 3 KB
6 KB 143ms
131ms Image
image/jpeg 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/gartner-ai-report-hero-2.jpg?itok=s7T8wqyl

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3bbbd2c90f15c1621ea226f2a5c281a03902335b75e404d575b3f5ccc9df7d4d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .fonts.net .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com .ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com .nr-data.net .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com .theadex.com .aumago.com .driftqa.com .scribblecdn.net .esg-global.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .clickagy.com .nimblestory.com .usemessages.com .stackadapt.com .googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net .w55c.net .demandbase.com .company-target.com .gstatic.com .tiqcdn.com .marketo.net .newrelic.com .facebook.net .ads-twitter.com .burly.io .bizographics.com .nr-data.net .licdn.com .tt.omtrdc.net .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com .ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com app.vwo.com .ubembed.com .driftt.com .vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com .adobe.com .consensu.org .bizible.com .theadex.com .aumago.com .zoominfo.com .clickagy.com .redditstatic.com .quantcount.com .g2crowd.com .steelhousemedia.com .scribblecdn.net .esg-global.com .6sc.co .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .jquery.com .google.com .hscollectedforms.net .jsdelivr.net .stackadapt.com .googlesyndication.com ; img-src * data: ; font-src 'self' .google.com .googleadservices.com; connect-src 'self' .vwo.com .demdex.net .omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net .theadex.com .aumago.com .google-analytics.com .6sc.co .adnxs.com .vidyard.com .6sense.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com api.hubapi.com .hsforms.net .hsforms.com .s3.amazonaws.com .drift.com .clickagy.com .facebook.com .zoominfo.com geolocation-db.com cdn.linkedin.oribi.io .hubspot.com .hscollectedforms.net .stackadapt.com .google.com .googletagmanager.com .googleadservices.com google.com .googlesyndication.com ; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 0, 2787, 0, 0
content-security-policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com ; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com ; report-uri /admin/config/system/seckit/csp-report
strict-transport-security: max-age=18410000; includeSubDomains; preload
x-content-type-options: nosniff
date: Tue, 10 Oct 2023 15:24:33 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
fastly-io-served-by: vpop-mnz1300715
age: 0
http_x_geo_region: DE-HE
x-cache: MISS, HIT, MISS, MISS
fastly-io-info: ifsz=2835 idim=199x111 ifmt=jpeg ofsz=2835 odim=199x111 ofmt=jpeg
from-origin: same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent: EU
fastly-stats: io=1
expires: Sun, 19 Nov 1978 05:00:00 GMT
content-length: 2835
x-xss-protection: 1
fastly-io-warning: Failed to shrink image
x-served-by: cache-chi-klot8100155-CHI, cache-chi-klot8100121-CHI, cache-fra-etou8220044-FRA, cache-fra-eddf8230137-FRA
referrer-policy: strict-origin-when-cross-origin
server: nginx
x-timer: S1696951474.630465,VS0,VE112
etag: "YXMi2qdQTlWJv9uYTy4EO49jVHj2GoLnPqkef4RDiwg"
x-frame-options: SAMEORIGIN
vary: Accept, orig-host
content-type: image/jpeg
x-styx-req-id: 0087024e-6762-11ee-9e5b-2e3e77253dd1
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-drupal-cache: MISS
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-lpn8n

GET
H2 200 jquery-3.6.4.min.js Show response
code.jquery.com/ 88 KB
31 KB 45ms
6ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.4.min.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 10 Oct 2023 15:24:33 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2150866
x-cache: HIT, HIT
content-length: 31011
x-served-by: cache-lga21953-LGA, cache-fra-eddf8230128-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1696951474.542874,VS0,VE0
etag: W/"28feccc0-15ec3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 133, 98538

GET
H3 200 jquery-migrate.min.js Show response
cdn.jsdelivr.net/npm/jquery-migrate@3.4.1/dist/ 13 KB
6 KB 25ms
16ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery-migrate@3.4.1/dist/jquery-migrate.min.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 10 Oct 2023 15:24:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 19100521
x-jsd-version: 3.4.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230072-FRA, cache-bma1670-BMA
x-jsd-version-type: version
server: cloudflare
etag: W/"3534-NFnzHKz0zt9oGLUq83IVXde7nEQ"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VqnIssF93DBX3JI2aoFZLqMy4HT9ldXw7fPPmc5G%2BHZsVzv1N9UiHVwuDWUPFRiVw%2FXCf0g8FBKFEmvmRrVMX91gITmxgyPRvdqhJBgXTsSS8dzFsEOj2tcP3KwNcUd7bITXtHOjmBTDEHJidAA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 813fdef62ad13683-FRA

GET
H2 200 jquery-ui.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/ 249 KB
56 KB 61ms
27ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 10 Oct 2023 15:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 11971169
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 56990
last-modified: Fri, 29 Jul 2022 20:40:53 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "62e445d5-de9e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1n%2F%2BIQj9XVALUx%2BK3MvfUA92ol9KBL209TpPQRf%2Fsxhtliu%2BzNXAm45p7pBg45Tstd3ba4FUdjzu1qsqcUkzxWJny19cD6R%2Fm34vujKIbiou38mMlM3%2BwBLOEgogmrbNdRmu12iKppNXsG%2Bf%2Bt8ifDlY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 813fdef65eff2c75-FRA
expires: Sun, 29 Sep 2024 15:24:33 GMT

GET
H2 200 jquery.cookie.js Show response
cdn.jsdelivr.net/gh/carhartl/jquery-cookie@1.4.1/ 3 KB
2 KB 34ms
15ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/carhartl/jquery-cookie@1.4.1/jquery.cookie.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 10 Oct 2023 15:24:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2817803
x-jsd-version: 1.4.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230063-FRA, cache-bma1654-BMA
x-jsd-version-type: version
server: cloudflare
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fG4miRugdQxRXNM158KG3h09rKve73H8Fs9nUhPUuCng6f2bWQsR8H6sw1veXmsp0Pp3pVkHFG14Nod2UGbMSs5Z0ALFn27tOSM%2Bu01euEul4CMcD5nBICkMfUefvbq%2BWyfB0tg9ay7QuwF4aBg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 813fdef5da38362d-FRA

GET
H2 200 jquery.form.min.js Show response
cdn.jsdelivr.net/gh/jquery-form/form@4.3.0/dist/ 17 KB
7 KB 18ms
17ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/jquery-form/form@4.3.0/dist/jquery.form.min.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 10 Oct 2023 15:24:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 19896645
x-jsd-version: 4.3.0
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230078-FRA, cache-yyz4569-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"42c6-Un0kth16nDganBgYV2qMDm0qpvQ"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aYDYHRJFAWLPsNywGXKWIQxkeflah3gNINJkXk5oBU0jJTLFu5e9ML3EGz8H%2ByoMa4NlfWQrN2KvCW83f4N9mPRDQCp0SHMvJJZDkEwDEVfdDDO5LVhJsooxflXMa7sIEzQPkSWr0VW7bMCqF9k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 813fdef5fa65362d-FRA

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/ 2 KB
1 KB 58ms
15ms Script
application/javascript 2600:9000:223e:5800:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:5800:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 876c2e0f65bbb6476e134741186fcd068cedd1eb2b956b9113a7b807965ea7ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-amz-version-id: CPxYqw3f3lzbllysBi5tfMgHpSEzwT7x
content-encoding: br
via: 1.1 88f858f045c3909fad9cebbada511aee.cloudfront.net (CloudFront)
date: Tue, 10 Oct 2023 15:24:33 GMT
last-modified: Tue, 03 Oct 2023 18:52:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 31
x-amz-server-side-encryption: AES256
etag: W/"9ddf858d47f1c381b4446bcbb14144de"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=300
x-amz-cf-id: 6JtdnOVZjOTmhFlWSZrFu9dH8X7etR57VkY0b3W2QGbASvdrWhnEGQ==

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 549 KB
175 KB 260ms
221ms Script
application/javascript 2606:4700::6810:8ace
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8ace , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a24e66d830ef814bbcc4553b662e0c2afe733f8f30fb4a86be6df577d146bec2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3812/bundles/project-v2.js&cfRay=813fdef648a09bcb-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"84d6c03b19ba72ee08ca8c27dee147c2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3812/bundles/project-v2.js
date: Tue, 10 Oct 2023 15:24:33 GMT
x-amz-version-id: 4b09e6_AhU37WJHx62r2StyRWH0KMlOF
via: 1.1 9bba1485ff47cf63bc393925f38d12fc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD61-P1
x-hubspot-correlation-id: 4b3be6db-f40e-4ec9-84d9-5bc4c1c0c107
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4b3be6db-f40e-4ec9-84d9-5bc4c1c0c107
last-modified: Fri, 22 Sep 2023 08:13:06 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cp6VUUPP3ryrAWMN%2FDFBlHfksC30ce4cAl%2Bh%2B5gh%2B7I%2B0KqWKmnRO43UYto%2FCYYqryvDrpGpmJSTca5H8bMkDso0v12nVFrXY0gtQKC8cxkVReILPWLXc1Bglm90h3GY5uPVeu28G16xpXaR"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-mlg6m
cf-ray: 813fdef648a09bcb-FRA
x-amz-cf-id: E1fqJBOg5krqIut7fSqLFeUmHs-8v1rvLe3OW8QGSseKQvDupY9neQ==

GET
H2 200 js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 11 KB
5 KB 137ms
126ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e7e02c8510e5cdcf18b17c36aab04ff6867e018178fe5594aa9c1fb40f252838

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 21805, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-5cbc988cb-z244t
content-length: 4874
x-served-by: cache-chi-kigq8000131-CHI, cache-chi-kigq8000131-CHI, cache-fra-eddf8230063-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:24 GMT
server: nginx
x-timer: S1696951474.631031,VS0,VE108
etag: W/"6406263c-2a52"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 178f4999-5c49-11ee-be09-820da9060d6c
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 26 Sep 2024 08:45:49 GMT

GET
H2 200 js__pqoYaVR8NVhof-vNXe50j2TKhFv__IihVag_h4G6kus__B4mbn4wICLQjWm1m3-z1kw8F1FtP0cDAHKp00Xy_-88__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 5 KB
2 KB 153ms
142ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__pqoYaVR8NVhof-vNXe50j2TKhFv__IihVag_h4G6kus__B4mbn4wICLQjWm1m3-z1kw8F1FtP0cDAHKp00Xy_-88__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

718acf7ce1a500805ed2086e1c8b569f3e7d77397070e85bfec278dead876b23

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 36764, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-jw8z9
content-length: 2082
x-served-by: cache-chi-kigq8000029-CHI, cache-chi-kigq8000029-CHI, cache-fra-etou8220024-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:23 GMT
server: nginx
x-timer: S1696951474.630570,VS0,VE119
etag: W/"6406263b-159a"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: c78d1469-571e-11ee-a582-060b28f27a51
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 19 Sep 2024 19:00:20 GMT

GET
H2 200 js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 548 B
610 B 140ms
130ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0afb763c1de6f6fbc5f775e18225ab96ced3818b62a597b7bac98d3fa29f3f23

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 21574, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-86d66977b5-v7v4t
content-length: 294
x-served-by: cache-chi-klot8100141-CHI, cache-chi-klot8100141-CHI, cache-fra-eddf8230092-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:23 GMT
server: nginx
x-timer: S1696951474.630647,VS0,VE112
etag: W/"6406263b-224"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 1837fc37-51fc-11ee-8007-52bf6d5340ba
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 13 Sep 2024 06:09:27 GMT

GET
H2 200 js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 27 KB
8 KB 135ms
125ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7c38acd92ae6bde95f3f8108a03252fffb82ccd6abea48e29ea0b7f365297287

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 32918, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-9m4g9
content-length: 7980
x-served-by: cache-chi-kigq8000022-CHI, cache-chi-kigq8000022-CHI, cache-fra-eddf8230068-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:26 GMT
server: nginx
x-timer: S1696951474.630461,VS0,VE108
etag: W/"6406263e-6d76"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 39d6f213-628a-11ee-83a0-ba44389d6db1
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Oct 2024 07:47:11 GMT

GET
H2 200 js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 22 KB
8 KB 153ms
143ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

26be2c4cd498798df8895f91aacf2b8ffc5bd02686c4f695b081987fbe12c8c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 20666, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-86d66977b5-v7v4t
content-length: 7765
x-served-by: cache-chi-klot8100140-CHI, cache-chi-klot8100140-CHI, cache-fra-etou8220052-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:53 GMT
server: nginx
x-timer: S1696951474.630139,VS0,VE121
etag: W/"64062659-59a4"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 54d495e6-516b-11ee-8a5b-52bf6d5340ba
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 12 Sep 2024 12:53:12 GMT

GET
H2 200 js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 711 B
672 B 132ms
122ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0370218a5b3b2dd0fafe99389e5c792eba8f07d4ef1959ccbaf023692e9ce25a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 3037, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-mxq9f
content-length: 306
x-served-by: cache-chi-kigq8000155-CHI, cache-chi-kigq8000155-CHI, cache-fra-eddf8230078-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:37 GMT
server: nginx
x-timer: S1696951474.630048,VS0,VE108
etag: W/"64062649-2c7"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 79b8ce59-627d-11ee-af0c-7ae92eee0f34
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Oct 2024 06:15:54 GMT

GET
H2 200 js__9VYdbJBpcH32txuFWAQpsFgy4R_xikM4ZcV04PYhdJk__ATsmH00KPR8D-OtQoKDqAvfBpHBWMMXYMEJhrk3msOE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 2 KB
1 KB 149ms
139ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__9VYdbJBpcH32txuFWAQpsFgy4R_xikM4ZcV04PYhdJk__ATsmH00KPR8D-OtQoKDqAvfBpHBWMMXYMEJhrk3msOE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0c66405721ef5102aa366585b67c067832a1d58cafa84a796a4e8ea4b408873e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 21577, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-xz888
content-length: 719
x-served-by: cache-chi-klot8100128-CHI, cache-chi-klot8100128-CHI, cache-fra-etou8220073-FRA, cache-fra-eddf8230137-FRA
last-modified: Thu, 15 Jun 2023 15:21:57 GMT
server: nginx
x-timer: S1696951474.631291,VS0,VE114
etag: W/"648b2c95-713"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: de359975-5233-11ee-aa95-9e967b8d2ac0
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 13 Sep 2024 12:48:41 GMT

GET
H2 200 js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 32 KB
14 KB 129ms
119ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2609e47af9b5fd41bcc697b9545be93106f378abde6263e1ca3394420121770f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 21461, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-5cbc988cb-rwfbz
content-length: 14179
x-served-by: cache-chi-kigq8000065-CHI, cache-chi-kigq8000065-CHI, cache-fra-etou8220075-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:30 GMT
server: nginx
x-timer: S1696951474.630021,VS0,VE107
etag: W/"64062642-81ba"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 0779039f-5c48-11ee-9618-76465eb2d399
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 26 Sep 2024 08:38:12 GMT

GET
H2 200 js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__5t1bwuf_6UapbfBl8BVgxkNe2IwCFG2FnD40d8mFKKc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 5 KB
2 KB 137ms
127ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__5t1bwuf_6UapbfBl8BVgxkNe2IwCFG2FnD40d8mFKKc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0b7943307c6a7d7f4d6008a4746a25fd1bb56da6280123ede2e5ba8013d95527

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 36471, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-fd4t4
content-length: 1551
x-served-by: cache-chi-klot8100084-CHI, cache-chi-klot8100084-CHI, cache-fra-eddf8230045-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:30 GMT
server: nginx
x-timer: S1696951474.630017,VS0,VE112
etag: W/"64062642-14af"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: fee9ac9c-61fe-11ee-89c0-0a8bf9062628
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 15:10:32 GMT

GET
H2 200 js___KFZohdGg-ie8--4khn_Rbu0owzTi64Q4WuafowE26c__ZGyj10G50S3FTk6OreFu7ozdrQiDU9ZMx8Rf_Pq5Uaw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 3 KB
1 KB 147ms
138ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js___KFZohdGg-ie8--4khn_Rbu0owzTi64Q4WuafowE26c__ZGyj10G50S3FTk6OreFu7ozdrQiDU9ZMx8Rf_Pq5Uaw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b649db84ff4865e9bd17134e33f0ac2a7edc47831f92ca9d67f400f0f5068e75

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 2403, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-pv78z
content-length: 1066
x-served-by: cache-chi-kigq8000153-CHI, cache-chi-klot8100058-CHI, cache-fra-eddf8230048-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:23 GMT
server: nginx
x-timer: S1696951474.630008,VS0,VE115
etag: W/"6406263b-cde"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 9d519130-61e1-11ee-8a29-2eeda6c80640
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 11:40:13 GMT

GET
H2 200 js__rBaTTf1fQBzlxu7gNxD_MIg0GfwXBGL_iQ5hfX8X6HA__NyoF9NZ0VA8tURed92r8Oc6xhXqZs_30vm_ejSW_g5o__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 599 B
640 B 133ms
123ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__rBaTTf1fQBzlxu7gNxD_MIg0GfwXBGL_iQ5hfX8X6HA__NyoF9NZ0VA8tURed92r8Oc6xhXqZs_30vm_ejSW_g5o__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e8688ed428ee7216ab214eab583dea5128e9c557df2d06a503b1fbb981f76dd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 207, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431696
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-5cbc988cb-rwfbz
content-length: 299
x-served-by: cache-chi-kigq8000065-CHI, cache-chi-kigq8000065-CHI, cache-fra-eddf8230103-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:49 GMT
server: nginx
x-timer: S1696951474.630001,VS0,VE109
etag: W/"64062655-257"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: eb5265bf-5d29-11ee-b102-76465eb2d399
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 27 Sep 2024 11:35:11 GMT

GET
H2 200 js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 4 KB
2 KB 137ms
128ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

83906d4f8a0f8d0364be66f304608d8a10f014e67336265dd89a01269c11ca0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 2407, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-nxr8f
content-length: 1540
x-served-by: cache-chi-kigq8000172-CHI, cache-chi-kigq8000167-CHI, cache-fra-etou8220042-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:30 GMT
server: nginx
x-timer: S1696951474.634658,VS0,VE107
etag: W/"64062642-f26"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: da088606-6287-11ee-a10b-ae25379fe8c0
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Oct 2024 07:30:11 GMT

GET
H2 200 js__WQCxDDoXjGAZvt7VD-NaIkFyWxC4nRtGayCDhRWmPt8__uG2GWq8RdITP76Jm6o5ZR4UiKVQWuJb-haVTg3uVJ0A__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 1 KB
890 B 144ms
135ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__WQCxDDoXjGAZvt7VD-NaIkFyWxC4nRtGayCDhRWmPt8__uG2GWq8RdITP76Jm6o5ZR4UiKVQWuJb-haVTg3uVJ0A__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

765bfd7990382cef3d9dbadff551c1273d5fe462591ca46b5f924484cd7f0266

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 6249, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431736
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-d7rjn
content-length: 548
x-served-by: cache-chi-kigq8000160-CHI, cache-chi-kigq8000160-CHI, cache-fra-etou8220103-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:52 GMT
server: nginx
x-timer: S1696951474.634169,VS0,VE110
etag: W/"64062658-52c"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 14dc10c8-61ea-11ee-869a-0e8b8ab6185f
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 12:40:49 GMT

GET
H2 200 js__G1AYRw2VrrKpS5MyIgpGI5dJ3XS_NTIedS_fS2Rxn0M__5F0t9HsV1TmeL81h5PFf9jTvTCaSs_m2-VBJj0rfWMs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 2 KB
1 KB 135ms
127ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__G1AYRw2VrrKpS5MyIgpGI5dJ3XS_NTIedS_fS2Rxn0M__5F0t9HsV1TmeL81h5PFf9jTvTCaSs_m2-VBJj0rfWMs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ce520b5f64c85f0ee2bd8607101decca8bd5ebe683d0c461c6c6c9a81b3aef61

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 32529, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-86d66977b5-nvmnk
content-length: 899
x-served-by: cache-chi-klot8100064-CHI, cache-chi-klot8100064-CHI, cache-fra-etou8220100-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:30 GMT
server: nginx
x-timer: S1696951474.633812,VS0,VE107
etag: W/"64062642-993"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 3d03b16b-5627-11ee-96bb-d6b29378e4c8
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 18 Sep 2024 13:28:22 GMT

GET
H2 200 js__Z8_z4Ixa-D0iNdI4Vha8piNlJPIvuqBB03fpnqgg0ZU__7hSyf_bmxpB7an3khq1utmSHnVzI32jc5ywGqSrYb0g__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 3 KB
1 KB 145ms
136ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__Z8_z4Ixa-D0iNdI4Vha8piNlJPIvuqBB03fpnqgg0ZU__7hSyf_bmxpB7an3khq1utmSHnVzI32jc5ywGqSrYb0g__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

26f6f2926c170406be9bcda1ba6ded2f1a630153ea9db27c285af57516930c30

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 15560, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-5cbc988cb-rwfbz
content-length: 1088
x-served-by: cache-chi-kigq8000088-CHI, cache-chi-kigq8000088-CHI, cache-fra-eddf8230085-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:44:47 GMT
server: nginx
x-timer: S1696951474.633883,VS0,VE111
etag: W/"6406268f-bef"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: fefcf4d2-5d59-11ee-9f1a-76465eb2d399
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 27 Sep 2024 17:19:20 GMT

GET
H2 200 js__3PyHVp_4SRq6pNQOBF08IE7KMR78aq2RPCDHv-23ni8__jnBy3voieCOrT5mS-H2uMYWYMPWls4qT80FsxpVYpiw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 2 KB
1 KB 139ms
131ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__3PyHVp_4SRq6pNQOBF08IE7KMR78aq2RPCDHv-23ni8__jnBy3voieCOrT5mS-H2uMYWYMPWls4qT80FsxpVYpiw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ab3a941eba1e57e2866b318553ec467bf68403bfa5be52f13ad06b70167b8dd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 20250, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-jw8z9
content-length: 940
x-served-by: cache-chi-klot8100051-CHI, cache-chi-klot8100051-CHI, cache-fra-eddf8230054-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:53 GMT
server: nginx
x-timer: S1696951474.634174,VS0,VE109
etag: W/"64062659-8ec"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 90b1537c-5784-11ee-a582-060b28f27a51
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 20 Sep 2024 07:08:56 GMT

GET
H2 200 js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 2 KB
1 KB 147ms
139ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

39964c58ecfd8f2e123e69ac0cff4fa389b5aa7a26191883e2a4289819e19b53

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 31557, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-6fcbcb6768-87vz4
content-length: 762
x-served-by: cache-chi-kigq8000027-CHI, cache-chi-kigq8000027-CHI, cache-fra-etou8220062-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:40 GMT
server: nginx
x-timer: S1696951474.633788,VS0,VE112
etag: W/"6406264c-76e"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: f9551466-5c61-11ee-81ac-f6d5c4abf348
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 26 Sep 2024 11:43:55 GMT

GET
H2 200 js__tZaPWNsxV0YnLWLQ14MCclXF0_atjBOGD8nknubNfFA__WUqhWOApV_Sl7_y-X8iIMl5urPFzE5GsD78cdIn0QQ0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 3 KB
2 KB 142ms
134ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__tZaPWNsxV0YnLWLQ14MCclXF0_atjBOGD8nknubNfFA__WUqhWOApV_Sl7_y-X8iIMl5urPFzE5GsD78cdIn0QQ0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

51bc72e85e99dfeebfb9a4e727349fd2b6e71ea60d84e71beaf095fc9547bacc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 5013, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-p9pht
content-length: 1331
x-served-by: cache-chi-klot8100131-CHI, cache-chi-klot8100131-CHI, cache-fra-eddf8230113-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:44:46 GMT
server: nginx
x-timer: S1696951474.633854,VS0,VE110
etag: W/"6406268e-d28"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 0e48d659-57c8-11ee-895e-72e894c97ba0
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 20 Sep 2024 15:12:03 GMT

GET
H2 200 js__MOVof0-jCtZxebdlUxdmFD2VKi88uwJnygWWneQhUB8__UYgCc0wBc4JsXIED7N4DzZM0Vw9xcFtR2XIXLrfvYiE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 4 KB
2 KB 141ms
133ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__MOVof0-jCtZxebdlUxdmFD2VKi88uwJnygWWneQhUB8__UYgCc0wBc4JsXIED7N4DzZM0Vw9xcFtR2XIXLrfvYiE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7082fc18af82f5f4813e76d6e8506876beba1ac2fc1b0bf541a333085cd6be14

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 20335, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-clrvk
content-length: 1512
x-served-by: cache-chi-kigq8000125-CHI, cache-chi-kigq8000125-CHI, cache-fra-etou8220080-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:44:42 GMT
server: nginx
x-timer: S1696951474.634232,VS0,VE110
etag: W/"6406268a-e3f"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 15c1761b-5623-11ee-a50e-56c0dd5c93fe
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 18 Sep 2024 12:58:38 GMT

GET
H2 200 js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 1018 B
902 B 148ms
141ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2e235a7be093a4acc3aada042f4f7c934e26bcaadacf6c3bb0e525e28ba21000

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 3092, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-zmn2g
content-length: 566
x-served-by: cache-chi-kigq8000083-CHI, cache-chi-kigq8000083-CHI, cache-fra-etou8220078-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:25 GMT
server: nginx
x-timer: S1696951474.633509,VS0,VE113
etag: W/"6406263d-3fa"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 8e374d04-61e6-11ee-b97f-56525b9095c8
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 12:15:35 GMT

GET
H2 200 js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 2 KB
965 B 151ms
143ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2fffee549f20803f72907134dc44b0b44c72684ecf69e92ec7b1f034fa03efa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 32408, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-bq9mq
content-length: 629
x-served-by: cache-chi-kigq8000113-CHI, cache-chi-kigq8000113-CHI, cache-fra-eddf8230061-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:27 GMT
server: nginx
x-timer: S1696951474.634562,VS0,VE120
etag: W/"6406263f-61f"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 4e4475c2-5201-11ee-ac01-e20908b73524
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 13 Sep 2024 06:46:45 GMT

GET
H2 200 js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q___Kce72mjxzCemOnzhg6JFCRtdLj5jLY-LhQZu8ywaHE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 17 KB
5 KB 130ms
123ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q___Kce72mjxzCemOnzhg6JFCRtdLj5jLY-LhQZu8ywaHE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

28a5c6d13db5c292e46726de2bcd92beed6a6924c72254d5f8402a32b4a83ea6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 36318, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-vhx5s
content-length: 5308
x-served-by: cache-chi-kigq8000029-CHI, cache-chi-kigq8000029-CHI, cache-fra-eddf8230133-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 20 Sep 2023 13:16:53 GMT
server: nginx
x-timer: S1696951474.633812,VS0,VE105
etag: W/"650af0c5-426d"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: f8639139-57b7-11ee-8725-5e511f59cab2
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 20 Sep 2024 13:16:55 GMT

GET
H2 200 js__5JgaXR8D2C00E22GhU2eB1lVAKgbz2L03t9_2mjtbvU__jsf8gUmjQabawiet5xN7FARmhje4S0BRk0UtxOVEzLY__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 1 KB
867 B 147ms
140ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__5JgaXR8D2C00E22GhU2eB1lVAKgbz2L03t9_2mjtbvU__jsf8gUmjQabawiet5xN7FARmhje4S0BRk0UtxOVEzLY__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e6e9870f494b1c2287e84247ac3399299d17337087788b2f40d4f7c9fcb42f46

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 3236, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-pv78z
content-length: 553
x-served-by: cache-chi-kigq8000095-CHI, cache-chi-kigq8000095-CHI, cache-fra-eddf8230106-FRA, cache-fra-eddf8230137-FRA
last-modified: Tue, 21 Mar 2023 15:18:14 GMT
server: nginx
x-timer: S1696951474.633449,VS0,VE112
etag: W/"6419cab6-481"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: f4db2897-61fe-11ee-8a29-2eeda6c80640
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 15:10:15 GMT

GET
H2 200 js__WK2wKCua6tR1X5r491Q3GA713rdP6Jm3NTS6xOiE_tE__UvPNpIBIdiJMb6wev5ERma1ahSULnvmD6M2rkEV0KZc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 47 KB
15 KB 132ms
125ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__WK2wKCua6tR1X5r491Q3GA713rdP6Jm3NTS6xOiE_tE__UvPNpIBIdiJMb6wev5ERma1ahSULnvmD6M2rkEV0KZc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

de1ccc61608bb1e8eb9632efe315cd870c47f438c49a15911a9cacea957733fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 256, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431733
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-5cbc988cb-b26gr
content-length: 15488
x-served-by: cache-chi-kigq8000073-CHI, cache-chi-kigq8000073-CHI, cache-fra-etou8220040-FRA, cache-fra-eddf8230137-FRA
last-modified: Fri, 11 Aug 2023 12:38:45 GMT
server: nginx
x-timer: S1696951474.633435,VS0,VE106
etag: W/"64d62bd5-bdfe"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 01c95359-5d42-11ee-a80e-cae2b6140172
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 27 Sep 2024 14:27:37 GMT

GET
H2 200 js__2eraOjl91H_Mkq6QPGFZLWHvF5ka_oMJWLmUsf9osSI__ptXz_4rBoXcc8IgsbOx5s7d4FuelZoordeChsrjvNVA__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 5 KB
2 KB 135ms
129ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__2eraOjl91H_Mkq6QPGFZLWHvF5ka_oMJWLmUsf9osSI__ptXz_4rBoXcc8IgsbOx5s7d4FuelZoordeChsrjvNVA__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0f83cbf5347921619fc2db67c11366512bfc57a5a5e863926190dc2c6d2e98f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 12, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431346
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-6fcbcb6768-vzfpb
content-length: 1587
x-served-by: cache-chi-klot8100044-CHI, cache-chi-klot8100044-CHI, cache-fra-etou8220042-FRA, cache-fra-eddf8230137-FRA
last-modified: Mon, 06 Mar 2023 17:43:53 GMT
server: nginx
x-timer: S1696951474.633426,VS0,VE109
etag: W/"64062659-129b"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 5d0b73d7-5cc2-11ee-b599-2eb5376b3416
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 26 Sep 2024 23:13:54 GMT

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=5847236940724840546

0
233 B

250ms
201ms

Image
application/json

2600:9000:20a0:5400:12:3734:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=www.forcepoint.com&pId=5847236940724840546
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol: H2
Server: 2600:9000:20a0:5400:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 10 Oct 2023 15:24:34 GMT
via: 1.1 05f3f10124c24e16ce708020c976c78a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-cache: Miss from cloudfront
content-type: application/json
x-amz-cf-id: lodnutIpQnJSIq5cAtxxVb8-HWKNdaBecgsjlYZUWj7dxPfUmW48Uw==
content-length: 0
apigw-requestid: Ml3r5iLfIAMEVIg=

Redirect headers

pragma: no-cache
date: Tue, 10 Oct 2023 15:24:34 GMT
an-x-request-uuid: cf5bf54e-f36a-4b76-abf1-36c05678c9b4
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://attr.ml-api.io/?domain=www.forcepoint.com&pId=5847236940724840546
x-proxy-origin: 45.141.152.77; 45.141.152.77; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__b12a-BvYob4LLlQYUPPU1-B7lqPs3CLCFxSZCkc_1U4__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 6 KB
2 KB 150ms
144ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__b12a-BvYob4LLlQYUPPU1-B7lqPs3CLCFxSZCkc_1U4__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b8ed47b66e00822b7902b62176b23647641a4d4ec087dd0933a9b0fc6f1dd156

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 20546, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-65d46855f6-p9chw
content-length: 1437
x-served-by: cache-chi-kigq8000138-CHI, cache-chi-kigq8000138-CHI, cache-fra-eddf8230032-FRA, cache-fra-eddf8230137-FRA
last-modified: Thu, 22 Jun 2023 14:43:54 GMT
server: nginx
x-timer: S1696951474.633406,VS0,VE122
etag: W/"64945e2a-19c1"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: cecd11d7-4687-11ee-be60-ea00115d0b5d
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 29 Aug 2024 16:19:19 GMT

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/ 509 KB
115 KB 46ms
17ms Script
application/javascript 2600:9000:223e:5800:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:5800:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 679d7260baab6c17046213846265b23d53809fc4af5706817f4fbb2d691fab46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-amz-version-id: eLhkS3UhMN.o_igm3nH1SuNEhA9NuLzT
content-encoding: br
via: 1.1 88f858f045c3909fad9cebbada511aee.cloudfront.net (CloudFront)
date: Tue, 10 Oct 2023 15:24:33 GMT
last-modified: Tue, 03 Oct 2023 18:52:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 31
x-amz-server-side-encryption: AES256
etag: W/"9cdaf26e1f3c53825a3f85d9306011c7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=300
x-amz-cf-id: DUYoUEngrVISRqfhRZT-3vuz7nkTi4yVwLWy_8pO4k93y3-JROAesQ==

GET
DATA 200
OK truncated
/ 166 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 450 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 141 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 187 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 660 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 372 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 372 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 248 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 angle-right-black.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/ 121 B
476 B 118ms
118ms Image
image/svg+xml 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/angle-right-black.svg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI___rEPbPwxk07W7WH2kpNPsegIfUTFOlt28v8ous9WM4A__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6d9a7fd96a3f724833b9b68c20877b5701f64df5446138733baec495138cfb3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI___rEPbPwxk07W7WH2kpNPsegIfUTFOlt28v8ous9WM4A__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 19580, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431738
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-mxq9f
content-length: 127
x-served-by: cache-chi-kigq8000125-CHI, cache-chi-kigq8000125-CHI, cache-fra-eddf8230116-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 04 Oct 2023 05:18:28 GMT
server: nginx
x-timer: S1696951474.652018,VS0,VE111
etag: W/"651cf5a4-79"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: e5f1b092-6393-11ee-a167-7ae92eee0f34
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 05 Oct 2024 15:28:56 GMT

GET
H2 200 icon-anchor-arrow-teal.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/ 655 B
704 B 125ms
123ms Image
image/svg+xml 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/icon-anchor-arrow-teal.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI___rEPbPwxk07W7WH2kpNPsegIfUTFOlt28v8ous9WM4A__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 1412, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-zmn2g
content-length: 400
x-served-by: cache-chi-klot8100063-CHI, cache-chi-klot8100063-CHI, cache-fra-etou8220073-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 04 Oct 2023 05:18:28 GMT
server: nginx
x-timer: S1696951474.657146,VS0,VE116
etag: W/"651cf5a4-28f"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: e5f1916e-6393-11ee-a541-56525b9095c8
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 05 Oct 2024 15:28:56 GMT

GET
DATA 200
OK truncated
/ 636 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 banner-woman.jpg
www.forcepoint.com/sites/default/files/ 12 KB
13 KB 12ms
11ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/banner-woman.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 0, 363, 2, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 2596012
http_x_geo_region: DE-HE
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=139269 idim=591x426 ifmt=jpeg ofsz=12712 odim=591x426 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-7766b97b54-bj622
content-length: 12712
x-served-by: cache-chi-kigq8000020-CHI, cache-chi-kigq8000031-CHI, cache-fra-eddf8230087-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.666887,VS0,VE3
etag: "N0lQYBtHe5ciagpRVpui8m2mvIrccgSXz/6JZdtfgoA"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: cda0e6ce-4fe4-11ee-ad17-1680089671b6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 10 Sep 2024 14:17:41 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 750 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H2 200 ajax-loader.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 363 B
729 B 22ms
10ms Image
image/gif 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ajax-loader.gif

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f6111a2b70adc74b366e13097ef3bc968003d16bbebbd72d324cdb73edb32c36

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI___rEPbPwxk07W7WH2kpNPsegIfUTFOlt28v8ous9WM4A__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 1, 914, 241, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 3459126
http_x_geo_region: DE-HE
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=404 idim=43x11 ifmt=gif ofsz=363 odim=43x11 ofmt=gif ofrm=4
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-65d46855f6-q6ct7
content-length: 363
x-served-by: cache-chi-kigq8000078-CHI, cache-chi-kigq8000100-CHI, cache-fra-eddf8230069-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.687917,VS0,VE2
etag: "c9vdSz1SobFgJvEEIebuVOe3obQGnXd87HeEFJfv0io"
vary: Accept, orig-host
content-type: image/gif
x-styx-req-id: 358aeb06-480b-11ee-9505-2a73621cb626
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 31 Aug 2024 14:32:27 GMT

GET
H2 200 bg-blog-podcast-final-plea.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/ 136 KB
137 KB 28ms
16ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/bg-blog-podcast-final-plea.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

bed855d9eb766292b67f4821eb934eee96b385b8520659165f57bbae90c362c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI___rEPbPwxk07W7WH2kpNPsegIfUTFOlt28v8ous9WM4A__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 1, 352, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 3055130
http_x_geo_region: DE-HE
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=236236 idim=580x458 ifmt=png ofsz=139702 odim=580x458 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-94d5cdf4b-vcvx6
content-length: 139702
x-served-by: cache-chi-kigq8000089-CHI, cache-chi-kigq8000089-CHI, cache-fra-etou8220060-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.687864,VS0,VE8
etag: "J4HM7COV6lmZQG/n7TaO0MtxZmafgyzKI2fNbOojs8E"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: d61f9c7f-4bb7-11ee-8070-8a096f00bb10
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 05 Sep 2024 06:45:43 GMT

GET
H2 200 f-white.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 257 B
480 B 146ms
135ms Image
image/svg+xml 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/f-white.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI___rEPbPwxk07W7WH2kpNPsegIfUTFOlt28v8ous9WM4A__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 26836, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:33 GMT
age: 431737
http_x_geo_region: DE-HE
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-zsj5z
content-length: 187
x-served-by: cache-chi-klot8100116-CHI, cache-chi-klot8100116-CHI, cache-fra-etou8220042-FRA, cache-fra-eddf8230137-FRA
last-modified: Wed, 04 Oct 2023 05:18:24 GMT
server: nginx
x-timer: S1696951474.687859,VS0,VE127
etag: W/"651cf5a0-101"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: e5f284b4-6393-11ee-bb59-4eaf1f04b4e7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 05 Oct 2024 15:28:56 GMT

GET
DATA 200
OK truncated
/ 442 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 383 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 558 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 356 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 431 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 688 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
431 B 7ms
6ms Script
application/javascript 2600:9000:223e:5800:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=websense/forcepoint-2018/202310031851&cb=1696951474061
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:5800:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date: Tue, 10 Oct 2023 15:15:04 GMT
via: 1.1 88f858f045c3909fad9cebbada511aee.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 571
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
server: AmazonS3
etag: "7bc0ee636b3b83484fc3b9348863bd22"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: U1l4IysibRSlD1HUddY8ssj8YkgjLvhNYp_-ooEIVgRoSHAshQaMBw==

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/ 47 KB
7 KB 207ms
162ms XHR
application/json 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.3812&X-HubSpot-Static-App-Info=forms-embed-1.3812

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c6d54b832be832e9640705da8c77efdfbb4be2347c66dc9d276e39375690d11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.forcepoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Origin-Hublet: na1
Date: Tue, 10 Oct 2023 15:24:34 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: c8a11edd-4ae1-40f0-8062-1f8074f357b0
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 35
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c8a11edd-4ae1-40f0-8062-1f8074f357b0
Server: cloudflare
X-Trace: 2BBB3C826CB2992C8B2087146EC975D78A811F7BA3000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.forcepoint.com
x-evy-trace-virtual-host: all
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 813fdef9589b1c60-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-jt4pd

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/ 47 KB
7 KB 193ms
148ms XHR
application/json 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.3812&X-HubSpot-Static-App-Info=forms-embed-1.3812

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4ed274c53bea0ff250a7e4990ed0d55673804a59e46d447b7946d7e315362db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.forcepoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Origin-Hublet: na1
Date: Tue, 10 Oct 2023 15:24:34 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 978210d8-99d0-4f9a-b2ff-9c709e93b8c3
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 26
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 978210d8-99d0-4f9a-b2ff-9c709e93b8c3
Server: cloudflare
X-Trace: 2B87842AF7557C3E17C1EB296425E0906D2F39599E000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.forcepoint.com
x-evy-trace-virtual-host: all
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 813fdef95d6f9b83-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-xhvvh

GET
H2 200 chosen-sprite.png
www.forcepoint.com/sites/all/libraries/chosen/ 430 B
890 B 10ms
10ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 0, 411, 279, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:34 GMT
age: 3259434
http_x_geo_region: DE-HE
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=538 idim=52x37 ifmt=png ofsz=430 odim=52x37 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-59d8b4cd4d-tcn4k
content-length: 430
x-served-by: cache-chi-kigq8000072-CHI, cache-chi-kigq8000145-CHI, cache-fra-etou8220041-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.096153,VS0,VE3
etag: "pCuJ3WEDsPQPzkbIkY90U4TfuAo3yBgHEEN2IOPELGY"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 27ba8dbd-49dc-11ee-b8a1-b6a75a728231
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 02 Sep 2024 22:00:40 GMT

GET
H2 200 loading.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 76 KB
77 KB 10ms
10ms Image
image/gif 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/loading.gif

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

dd0779c9ae69f9d8cd8728663703ce2cc6ec972dc5350a5f6948a15d67fbeea9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 0, 111, 147, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 10 Oct 2023 15:24:34 GMT
age: 3662674
http_x_geo_region: DE-HE
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=80522 idim=200x200 ifmt=gif ofsz=78220 odim=200x200 ofmt=gif ofrm=30
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-65d46855f6-xk7dc
content-length: 78220
x-served-by: cache-chi-kigq8000111-CHI, cache-chi-kigq8000104-CHI, cache-fra-etou8220099-FRA, cache-fra-eddf8230137-FRA
server: nginx
x-timer: S1696951474.108365,VS0,VE3
etag: "Nxhc6+NYNokf+oi4tit7qUckgh54LwQ6JJFLiU/ddPg"
vary: Accept, orig-host
content-type: image/gif
x-styx-req-id: 49ab558b-4631-11ee-b790-6a2528cd0596
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 29 Aug 2024 05:59:59 GMT

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
626 B 140ms
128ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 10 Oct 2023 15:24:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c547f8a0-fef7-44d0-b326-9536c4572c51
x-envoy-upstream-service-time: 11
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c547f8a0-fef7-44d0-b326-9536c4572c51
server: cloudflare
x-trace: 2BE0D2044EB7A374595E58B50411FDCDF3EA21566F000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-97gbm
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 813fdefa7f85bb5b-FRA

GET
DATA 200
OK truncated
/ 133 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
geolocation-db.com/json/ 181 B
217 B 44ms
15ms XHR
text/html 159.89.102.253
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://geolocation-db.com/json/
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.4.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 35e560ee0ece3e78935b202db14e24c47a9d613f7fd6100eefeb27a70e3470ea

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.forcepoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 10 Oct 2023 15:24:34 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1016 B 443ms
409ms Image
image/gif 2606:4700::6811:cff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Tue, 10 Oct 2023 15:24:34 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 61083381-00c9-4f28-93fd-a614f874a7b8
x-envoy-upstream-service-time: 23
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 61083381-00c9-4f28-93fd-a614f874a7b8
Server: cloudflare
X-Trace: 2B2DE419BDE43FEC7BFC7337E1189DBC90874C9420000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-4qqf5
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 813fdefafd981cb7-FRA

GET
H2 200 / Show response
geolocation-db.com/json/ 181 B
216 B 13ms
13ms XHR
text/html 159.89.102.253
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://geolocation-db.com/json/
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.4.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 35e560ee0ece3e78935b202db14e24c47a9d613f7fd6100eefeb27a70e3470ea

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.forcepoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 10 Oct 2023 15:24:34 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
content-type: text/html; charset=UTF-8

GET
H2 200 nr-rum-1.243.1.min.js Show response
js-agent.newrelic.com/ 44 KB
16 KB 107ms
7ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-rum-1.243.1.min.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

78a12bde83047ba6df20096866cedb3f717095d4a65fbc4f8e8a0cc6e3dcab72

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-amz-version-id: 9M6PIxkdb_gH3YtSgpELC5qtKSKjJtEc
content-encoding: br
via: 1.1 varnish
date: Tue, 10 Oct 2023 15:24:34 GMT
strict-transport-security: max-age=300
x-amz-request-id: EGNKEXYT426Q1AZ5
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 15691
x-amz-id-2: GMGIATW0Fg7GOGHobWhUPZkBeg73B5bRL6QmmGGtixMCjWuLwv9NY2u4flxxQsZSSQr8i3hXslE=
x-served-by: cache-fra-eddf8230038-FRA
last-modified: Wed, 04 Oct 2023 19:55:57 GMT
server: AmazonS3
x-timer: S1696951475.913879,VS0,VE0
etag: "827690767da58bf2f5ec106898c1e8e4"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 252173

POST
H/1.1 200
OK NRJS-922263b7f65c352c48b Show response
bam.nr-data.net/1/ 40 B
408 B 306ms
223ms XHR
text/plain 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-922263b7f65c352c48b?a=477262540&v=1.243.1&to=YFEDbUMFXBBXB0RbXlkbIFpFDV0NGRRRVVRoWQBXUANXEWkKX1ZUaEIIXEY7QgJRAQ%3D%3D&rst=3170&ck=0&s=117d3d6a273814a0&ref=https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks&ap=1121&be=1561&fe=1485&dc=741&at=TBYAGwsfTx4%3D&perf=%7B%22timing%22:%7B%22of%22:1696951471760,%22n%22:0,%22re%22:258,%22f%22:258,%22dn%22:258,%22dne%22:258,%22c%22:258,%22s%22:258,%22ce%22:258,%22rq%22:260,%22rp%22:1561,%22rpe%22:1568,%22di%22:2268,%22ds%22:2297,%22de%22:2302,%22dc%22:3042,%22l%22:3042,%22le%22:3046%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=1965&fcp=1965
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.243.1.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d

Request headers

Referer: https://www.forcepoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 10 Oct 2023 15:24:35 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.forcepoint.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 40
x-served-by: cache-fra-eddf8230067-FRA

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.forcepoint.com/	1970-01-21 00:08:07	Name: utag_main Value: v_id:018b1a3096b7001b7ad06192d19d03074004606c00b08$_sn:1$_se:1$_ss:1$_st:1696953273848$ses_id:1696951473848%3Bexp-session$_pn:1%3Bexp-session
			.adnxs.com/	1970-01-20 17:32:07	Name: uuid2 Value: 5847236940724840546

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .fonts.net .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com .ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com .nr-data.net .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com .theadex.com .aumago.com .driftqa.com .scribblecdn.net .esg-global.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .clickagy.com .nimblestory.com .usemessages.com .stackadapt.com .googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net .w55c.net .demandbase.com .company-target.com .gstatic.com .tiqcdn.com .marketo.net .newrelic.com .facebook.net .ads-twitter.com .burly.io .bizographics.com .nr-data.net .licdn.com .tt.omtrdc.net .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com .ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com app.vwo.com .ubembed.com .driftt.com .vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com .adobe.com .consensu.org .bizible.com .theadex.com .aumago.com .zoominfo.com .clickagy.com .redditstatic.com .quantcount.com .g2crowd.com .steelhousemedia.com .scribblecdn.net .esg-global.com .6sc.co .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .jquery.com .google.com .hscollectedforms.net .jsdelivr.net .stackadapt.com .googlesyndication.com ; img-src * data: ; font-src 'self' .google.com .googleadservices.com; connect-src 'self' .vwo.com .demdex.net .omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net .theadex.com .aumago.com .google-analytics.com .6sc.co .adnxs.com .vidyard.com .6sense.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com api.hubapi.com .hsforms.net .hsforms.com .s3.amazonaws.com .drift.com .clickagy.com .facebook.com .zoominfo.com geolocation-db.com cdn.linkedin.oribi.io .hubspot.com .hscollectedforms.net .stackadapt.com .google.com .googletagmanager.com .googleadservices.com google.com .googlesyndication.com ; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

attr.ml-api.io
bam.nr-data.net
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
forms-na1.hsforms.com
forms.hsforms.com
geolocation-db.com
js-agent.newrelic.com
js.hsforms.net
s.ml-attr.com
secure.adnxs.com
tags.tiqcdn.com
www.forcepoint.com
151.101.194.137
159.89.102.253
162.247.243.29
185.89.210.141
2600:9000:20a0:5400:12:3734:2a40:93a1
2600:9000:223e:5800:7:2bfb:7c00:93a1
2606:4700::6810:5814
2606:4700::6810:8ace
2606:4700::6811:190e
2606:4700::6811:cff9
2606:4700::6812:b07d
2a04:4e42:600::649
2a04:4e42:600::740
68.67.153.60
0198a18e8efec8ddf2982bd82913e857999b9a420ade64adb8aa34b9f4c0df2b
0370218a5b3b2dd0fafe99389e5c792eba8f07d4ef1959ccbaf023692e9ce25a
06625e9ba031f00b8df2ad4206d3b0f6b47063b8ca6091d7b64a0b91474fc694
0afb763c1de6f6fbc5f775e18225ab96ced3818b62a597b7bac98d3fa29f3f23
0b7943307c6a7d7f4d6008a4746a25fd1bb56da6280123ede2e5ba8013d95527
0c66405721ef5102aa366585b67c067832a1d58cafa84a796a4e8ea4b408873e
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae
0f83cbf5347921619fc2db67c11366512bfc57a5a5e863926190dc2c6d2e98f3
1481c2c4e58796a109a75e680a6a772f65230168820d2dda34cac764e03f36e2
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d
21795fd2a75d2f127807aa5e48e08af57799d6d314546f72f496addb3ac58356
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
2609e47af9b5fd41bcc697b9545be93106f378abde6263e1ca3394420121770f
26be2c4cd498798df8895f91aacf2b8ffc5bd02686c4f695b081987fbe12c8c5
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4
26f6f2926c170406be9bcda1ba6ded2f1a630153ea9db27c285af57516930c30
28a5c6d13db5c292e46726de2bcd92beed6a6924c72254d5f8402a32b4a83ea6
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
2e235a7be093a4acc3aada042f4f7c934e26bcaadacf6c3bb0e525e28ba21000
2fd4ff0bb2c62470b3cbecbc717d7beb9db9141a0770cdb21deb75e2d66600e2
2fffee549f20803f72907134dc44b0b44c72684ecf69e92ec7b1f034fa03efa7
311c3a27de6c5daa55ad7d1a3d16c0333ad53dad8bef15b6485260b4b395d44f
35e560ee0ece3e78935b202db14e24c47a9d613f7fd6100eefeb27a70e3470ea
39964c58ecfd8f2e123e69ac0cff4fa389b5aa7a26191883e2a4289819e19b53
39fc097244da7f028757c9e24ceebf4a5cd219af69cb7d30bcd252c55689fed1
3bbbd2c90f15c1621ea226f2a5c281a03902335b75e404d575b3f5ccc9df7d4d
3c6d54b832be832e9640705da8c77efdfbb4be2347c66dc9d276e39375690d11
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70
51bc72e85e99dfeebfb9a4e727349fd2b6e71ea60d84e71beaf095fc9547bacc
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
552724597375ea2ef31e983038907192f6799be327c5614ba45bc32d1c2bbecf
5a3a0313429b22b8fd7b067a306c2733e73b8a1e038591f722ad524e9f60ab79
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53
679d7260baab6c17046213846265b23d53809fc4af5706817f4fbb2d691fab46
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d9a7fd96a3f724833b9b68c20877b5701f64df5446138733baec495138cfb3b
7082fc18af82f5f4813e76d6e8506876beba1ac2fc1b0bf541a333085cd6be14
718acf7ce1a500805ed2086e1c8b569f3e7d77397070e85bfec278dead876b23
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
765bfd7990382cef3d9dbadff551c1273d5fe462591ca46b5f924484cd7f0266
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455
78a12bde83047ba6df20096866cedb3f717095d4a65fbc4f8e8a0cc6e3dcab72
7c38acd92ae6bde95f3f8108a03252fffb82ccd6abea48e29ea0b7f365297287
7da70cd3d6fc03baf73219253cb40b2f9fe77d3a4ce29834e49e12a58ae59c6d
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
83906d4f8a0f8d0364be66f304608d8a10f014e67336265dd89a01269c11ca0d
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
876c2e0f65bbb6476e134741186fcd068cedd1eb2b956b9113a7b807965ea7ee
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a24e66d830ef814bbcc4553b662e0c2afe733f8f30fb4a86be6df577d146bec2
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d
a4ed274c53bea0ff250a7e4990ed0d55673804a59e46d447b7946d7e315362db
a5289eae50ef45d991023c3382a736737219be26a1dd3453e5b7c9e163253b2d
ab3a941eba1e57e2866b318553ec467bf68403bfa5be52f13ad06b70167b8dd7
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef
b649db84ff4865e9bd17134e33f0ac2a7edc47831f92ca9d67f400f0f5068e75
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
b8ed47b66e00822b7902b62176b23647641a4d4ec087dd0933a9b0fc6f1dd156
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
bed855d9eb766292b67f4821eb934eee96b385b8520659165f57bbae90c362c5
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c
c0d3e8399d25a454b367e3156a62719226f9d283000f3d0ef30fcd9f9d968763
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
ce520b5f64c85f0ee2bd8607101decca8bd5ebe683d0c461c6c6c9a81b3aef61
cfabf6b51fb2fba17882b5c821ee0dc87f7d06687234a00d4986ea52ad4190c8
d204f5f4ba3ea1f82f2c6702aebeb0ca8297512735f50307e79df48a91433548
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
dd0779c9ae69f9d8cd8728663703ce2cc6ec972dc5350a5f6948a15d67fbeea9
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3
de1ccc61608bb1e8eb9632efe315cd870c47f438c49a15911a9cacea957733fa
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6e9870f494b1c2287e84247ac3399299d17337087788b2f40d4f7c9fcb42f46
e7e02c8510e5cdcf18b17c36aab04ff6867e018178fe5594aa9c1fb40f252838
e8688ed428ee7216ab214eab583dea5128e9c557df2d06a503b1fbb981f76dd7
ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241
f6111a2b70adc74b366e13097ef3bc968003d16bbebbd72d324cdb73edb32c36
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0

www.forcepoint.com Open in urlscan Pro 2a04:4e42:600::740 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

90 Requests

99 %HTTPS

64 %IPv6

13 Domains

14 Subdomains

13 IPs

2 Countries

1997 kBTransfer

5415 kBSize

2 Cookies

15 Outgoing links

Page URL History

Redirected requests

90 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 19 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.forcepoint.com Open in urlscan Pro
2a04:4e42:600::740 Public Scan

Screenshot
Live screenshot

Full Image

90
Requests

99 %
HTTPS

64 %
IPv6

13
Domains

14
Subdomains

13
IPs

2
Countries

1997 kB
Transfer

5415 kB
Size

2
Cookies

90 HTTP transactions
19 data transactions