Submitted URL: https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks
Effective URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Submission: On February 19 via api from BE — Scanned from DE

Summary

This website contacted 15 IPs in 3 countries across 14 domains to perform 126 HTTP transactions. The main IP is 2a04:4e42:600::740, located in United States and belongs to FASTLY, US. The main domain is www.forcepoint.com. The Cisco Umbrella rank of the primary domain is 412868.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on November 22nd 2023. Valid for: a year.
This is the only time www.forcepoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 107 2a04:4e42:600... 54113 (FASTLY)
1 2a04:4e42:600... 54113 (FASTLY)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2600:9000:235... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 68.67.153.60 29990 (ASN-APPNEX)
2 2 185.89.211.116 29990 (ASN-APPNEX)
1 2600:9000:267... 16509 (AMAZON-02)
1 2400:52e0:1e0... 200325 (BUNNYCDN)
1 212.8.253.238 ()
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 159.89.102.253 14061 (DIGITALOC...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 151.101.130.137 54113 (FASTLY)
1 162.247.241.14 23467 (NEWRELIC-...)
126 15
Apex Domain
Subdomains
Transfer
107 forcepoint.com
www.forcepoint.com — Cisco Umbrella Rank: 412868
2 MB
4 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 5005
forms-na1.hsforms.com — Cisco Umbrella Rank: 8184
16 KB
3 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1210
119 KB
3 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 353
14 KB
2 geolocation-db.com
geolocation-db.com — Cisco Umbrella Rank: 19232
543 B
2 simpleanalyticscdn.com
scripts.simpleanalyticscdn.com — Cisco Umbrella Rank: 42617
queue.simpleanalyticscdn.com — Cisco Umbrella Rank: 27129
5 KB
2 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 523
2 KB
1 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 260
467 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 737
16 KB
1 ml-api.io
attr.ml-api.io — Cisco Umbrella Rank: 22747
236 B
1 ml-attr.com
s.ml-attr.com — Cisco Umbrella Rank: 17900
283 B
1 hsforms.net
js.hsforms.net — Cisco Umbrella Rank: 7671
154 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 257
56 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 940
31 KB
126 14
Domain Requested by
107 www.forcepoint.com 1 redirects www.forcepoint.com
3 forms.hsforms.com js.hsforms.net
www.forcepoint.com
3 tags.tiqcdn.com www.forcepoint.com
tags.tiqcdn.com
3 cdn.jsdelivr.net www.forcepoint.com
2 geolocation-db.com code.jquery.com
2 secure.adnxs.com 2 redirects
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com www.forcepoint.com
1 forms-na1.hsforms.com www.forcepoint.com
1 queue.simpleanalyticscdn.com www.forcepoint.com
1 scripts.simpleanalyticscdn.com www.forcepoint.com
1 attr.ml-api.io www.forcepoint.com
1 s.ml-attr.com 1 redirects
1 js.hsforms.net www.forcepoint.com
1 cdnjs.cloudflare.com www.forcepoint.com
1 code.jquery.com www.forcepoint.com
126 16
Subject Issuer Validity Valid
forcepoint.com
Sectigo RSA Organization Validation Secure Server CA
2023-11-22 -
2024-11-21
a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2023-07-11 -
2024-07-14
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-02 -
2024-05-01
a year crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M01
2023-04-18 -
2024-05-17
a year crt.sh
scripts.simpleanalyticscdn.com
R3
2024-01-09 -
2024-04-08
3 months crt.sh
queue.simpleanalyticscdn.com
R3
2024-02-05 -
2024-05-05
3 months crt.sh
geolocation-db.com
R3
2024-02-10 -
2024-05-10
3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2024 Q1
2024-01-15 -
2025-02-15
a year crt.sh
*.nr-data.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-29 -
2024-10-01
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Frame ID: 015EA6796FE160D726995C63AB6B04FB
Requests: 147 HTTP requests in this frame

Screenshot

Page Title

Using C# for post-PowerShell attacks | Forcepoint

Page URL History Show full URLs

  1. https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks HTTP 301
    https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

126
Requests

99 %
HTTPS

63 %
IPv6

14
Domains

16
Subdomains

15
IPs

3
Countries

2011 kB
Transfer

5494 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks HTTP 301
    https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 105
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID HTTP 302
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=4869257680398510027

126 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request using-c-post-powershell-attacks
www.forcepoint.com/blog/x-labs/
Redirect Chain
  • https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks
  • https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
126 KB
44 KB
Document
General
Full URL
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
89a0e1ddaaf6065ecf35dbc63151f273e1249fb0737a14af71bd315848df9a94
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
cache-control
public, max-age=3600
content-encoding
gzip
content-language
en
content-length
39347
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report
content-type
text/html; charset=utf-8
date
Mon, 19 Feb 2024 09:23:51 GMT
etag
W/"1708334629-0"
expires
Sun, 19 Nov 1978 05:00:00 GMT
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent
EU
http_x_geo_region
DE-BY
last-modified
Mon, 19 Feb 2024 09:23:49 GMT
link
</sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</misc/throbber-inactive.png>; rel=preload; as=image; type="image/png"; nopush,</misc/throbber-active.gif>; rel=preload; as=image; type="image/gif"; nopush,</misc/grippie.png>; rel=preload; as=image; type="image/png"; nopush,</misc/draggable.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree-bottom.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-ok.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-warning.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-error.png>; rel=preload; as=image; type="image/png"; nopush,</misc/help.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-expanded.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-collapsed.png>; rel=preload; as=image; type="image/png"; nopush,</misc/progress.gif>; rel=preload; as=image; type="image/gif"; nopush,</sites/all/libraries/chosen/chosen-sprite.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/libraries/chosen/chosen-sprite@2x.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png>; rel=preload; as=image; type="image/png"; nopush,<https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks>; rel="canonical",<https://www.forcepoint.com/node/26751>; rel="shortlink"
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=18410000; includeSubDomains; preload
vary
Accept-Encoding, x-geo-country, Cookie, orig-host
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS, MISS
x-cache-hits
0, 0, 0, 0
x-content-type-options
nosniff
x-drupal-cache
MISS
x-frame-options
SAMEORIGIN
x-generator
Drupal 7 (http://drupal.org)
x-pantheon-styx-hostname
styx-fe3-a-768586b58-6h2z9
x-served-by
cache-chi-kigq8000024-CHI, cache-chi-klot8100071-CHI, cache-fra-eddf8230087-FRA, cache-fra-eddf8230064-FRA
x-styx-req-id
97396ade-cf08-11ee-b2c1-4e1dfad0263a
x-timer
S1708334630.823145,VS0,VE1988
x-ua-compatible
IE=Edge,chrome=1
x-xss-protection
1

Redirect headers

accept-ranges
bytes
age
0
cache-control
public, max-age=3600
content-length
1
content-type
text/html; charset=UTF-8
date
Mon, 19 Feb 2024 09:23:49 GMT
etag
"1708334629-0"
expires
Sun, 19 Nov 1978 05:00:00 GMT
http_x_geo_continent
EU
http_x_geo_region
DE-BY
last-modified
Mon, 19 Feb 2024 09:23:49 GMT
location
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
server
nginx
strict-transport-security
max-age=300
vary
x-geo-country, Cookie, orig-host
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS, MISS
x-cache-hits
0, 0, 0, 0
x-content-type-options
nosniff
x-drupal-cache
MISS
x-pantheon-styx-hostname
styx-fe3-a-768586b58-s6djv
x-redirect-id
46226
x-served-by
cache-chi-klot8100095-CHI, cache-chi-klot8100138-CHI, cache-fra-etou8220096-FRA, cache-fra-eddf8230064-FRA
x-styx-req-id
97196ebb-cf08-11ee-969d-0ec939630534
x-timer
S1708334630.615723,VS0,VE200
Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized//
18 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21321, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-c8f7t
content-length
18868
x-served-by
cache-chi-klot8100046-CHI, cache-chi-klot8100046-CHI, cache-fra-eddf8230139-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:00:56 GMT
server
nginx
x-timer
S1708334632.824905,VS0,VE108
etag
"65ce3538-49b4"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
cf7e1699-cc38-11ee-af84-0a0c9eece043
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 19:31:26 GMT
Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
23336, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-c8f7t
content-length
18868
x-served-by
cache-chi-klot8100050-CHI, cache-chi-klot8100050-CHI, cache-fra-eddf8230101-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:00:56 GMT
server
nginx
x-timer
S1708334632.825713,VS0,VE118
etag
"65ce3538-49b4"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
cf7dfbca-cc38-11ee-af84-0a0c9eece043
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 19:31:26 GMT
Hoves_Medium.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
23314, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-768586b58-zxh75
content-length
18688
x-served-by
cache-chi-klot8100111-CHI, cache-chi-klot8100111-CHI, cache-fra-eddf8230137-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:00:57 GMT
server
nginx
x-timer
S1708334632.825718,VS0,VE115
etag
"65ce3539-4900"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
cf7eabaf-cc38-11ee-93e7-0606ae8e85e6
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 19:31:26 GMT
Hoves_Regular.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
23324, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-5rvs4
content-length
18436
x-served-by
cache-chi-kigq8000080-CHI, cache-chi-kigq8000080-CHI, cache-fra-etou8220139-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:00:56 GMT
server
nginx
x-timer
S1708334632.825463,VS0,VE135
etag
"65ce3538-4804"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
cbdb0f29-cc1b-11ee-9640-6a38df13e094
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 16:03:45 GMT
Hoves_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
19 KB
20 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
23126, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-768586b58-zjs7c
content-length
19656
x-served-by
cache-chi-klot8100066-CHI, cache-chi-klot8100066-CHI, cache-fra-eddf8230055-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:00:57 GMT
server
nginx
x-timer
S1708334632.825400,VS0,VE110
etag
"65ce3539-4cc8"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
cfc884d1-cc38-11ee-930d-12cbffd32492
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 19:31:27 GMT
Hoves_Light.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
23279, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-smkgt
content-length
18600
x-served-by
cache-chi-klot8100135-CHI, cache-chi-klot8100135-CHI, cache-fra-eddf8230065-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:00:57 GMT
server
nginx
x-timer
S1708334632.825374,VS0,VE106
etag
"65ce3539-48a8"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
cfc8dc8c-cc38-11ee-9864-8a570d025c82
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 19:31:27 GMT
Hoves_Light_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
19 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
23015, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-fnp6p
content-length
19360
x-served-by
cache-chi-klot8100021-CHI, cache-chi-klot8100021-CHI, cache-fra-etou8220105-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:00:57 GMT
server
nginx
x-timer
S1708334632.825372,VS0,VE145
etag
"65ce3539-4ba0"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
cfd367d1-cc38-11ee-8708-4e2188fbaee6
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 19:31:27 GMT
Hoves_ExtraLight.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
23085, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-768586b58-zhqhj
content-length
17944
x-served-by
cache-chi-kigq8000096-CHI, cache-chi-kigq8000096-CHI, cache-fra-eddf8230027-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:00:57 GMT
server
nginx
x-timer
S1708334632.825852,VS0,VE107
etag
"65ce3539-4618"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
cfdb8aa2-cc38-11ee-b447-723b1627109e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 19:31:27 GMT
throbber-inactive.png
www.forcepoint.com/misc/
140 B
581 B
Image
General
Full URL
https://www.forcepoint.com/misc/throbber-inactive.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 21, 133, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
fastly-io-served-by
vpop-mnz1300703
age
1701029
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=320 idim=15x13 ifmt=png ofsz=140 odim=15x13 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-f9d8bf5c4-d4lxr
content-length
140
x-served-by
cache-chi-kigq8000042-CHI, cache-chi-kigq8000057-CHI, cache-fra-etou8220113-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.851470,VS0,VE3
etag
"CYYfXWQxa+SPObSsE32Xk7Do+LMPmm8BZYCZJK1ZEUA"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
b39ba5be-61b8-11ee-88ba-6ea38a268b26
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 03 Oct 2024 06:47:21 GMT
throbber-active.gif
www.forcepoint.com/misc/
1 KB
2 KB
Image
General
Full URL
https://www.forcepoint.com/misc/throbber-active.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a0f75cf1362c1ec32b36d3f7ffa3eac1888ded73367c8e2693e809bac9e5f090
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 61, 249, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
2930578
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=1233 idim=15x13 ifmt=gif ofsz=1222 odim=15x13 ofmt=gif ofrm=12
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-86d66977b5-p8xp9
content-length
1222
x-served-by
cache-chi-kigq8000173-CHI, cache-chi-klot8100070-CHI, cache-fra-etou8220138-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.851394,VS0,VE3
etag
"cciM0uPCYoc09vCSqOmHV4nMniFUM15FCTn0mYxlwCQ"
vary
Accept, orig-host
content-type
image/gif
x-styx-req-id
ac2f7d13-57c0-11ee-b1e6-eeb9918916c4
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 20 Sep 2024 14:19:12 GMT
grippie.png
www.forcepoint.com/misc/
56 B
427 B
Image
General
Full URL
https://www.forcepoint.com/misc/grippie.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 437, 133, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
fastly-io-served-by
vpop-kiad7010217
age
2913373
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=106 idim=27x5 ifmt=png ofsz=56 odim=27x5 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-5ccf9cfdb-bvpg4
content-length
56
x-served-by
cache-chi-kigq8000099-CHI, cache-chi-klot8100126-CHI, cache-fra-etou8220070-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.851736,VS0,VE3
etag
"kt9RZLYHWjv58VxK34gY2gtJI3NheIs+DTYX4JV5AGA"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
0f37cccc-ab15-11ee-980c-c65d0c640b9b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 04 Jan 2025 15:22:23 GMT
draggable.png
www.forcepoint.com/misc/
268 B
713 B
Image
General
Full URL
https://www.forcepoint.com/misc/draggable.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 284, 1099, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
1235840
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=268 idim=15x60 ifmt=png ofsz=268 odim=15x60 ofmt=png
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-f64b97cc5-bq9mq
content-length
268
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000137-CHI, cache-chi-kigq8000095-CHI, cache-fra-etou8220055-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.851358,VS0,VE2
etag
"KWIpRFdw6XY1xKLUIvevvjFCVB7MVHDdktcCcAkddP0"
vary
Accept, orig-host
content-type
image/png
x-styx-req-id
9a20fc5b-520a-11ee-ac01-e20908b73524
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 13 Sep 2024 07:53:18 GMT
tree.png
www.forcepoint.com/misc/
82 B
486 B
Image
General
Full URL
https://www.forcepoint.com/misc/tree.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
1, 79, 131, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
fastly-io-served-by
vpop-mnz1300714
age
2312725
http_x_geo_region
DE-BY
x-cache
HIT, HIT, HIT, MISS
fastly-io-info
ifsz=130 idim=80x81 ifmt=png ofsz=82 odim=80x81 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-6fcbcb6768-sxfmv
content-length
82
x-served-by
cache-chi-klot8100136-CHI, cache-chi-klot8100136-CHI, cache-fra-etou8220127-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.851352,VS0,VE3
etag
"Z35FTfoaAVemLhiXshryO4rkEzH1KA6bO8GIRsSVaO0"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
f924f6e0-5bc3-11ee-9b37-de3a52dd242e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Sep 2024 16:52:55 GMT
tree-bottom.png
www.forcepoint.com/misc/
78 B
506 B
Image
General
Full URL
https://www.forcepoint.com/misc/tree-bottom.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 18, 125, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
fastly-io-served-by
vpop-mnz1300708
age
3988543
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=129 idim=80x81 ifmt=png ofsz=78 odim=80x81 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-8466695d9f-7kzsc
content-length
78
x-served-by
cache-chi-klot8100179-CHI, cache-chi-kigq8000116-CHI, cache-fra-etou8220127-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.851354,VS0,VE2
etag
"JyOt5s8au+dKwuKYWT9ybz2cVW6ZbelcJx3DlTABXvE"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
f98a7cd2-7234-11ee-8ab8-4a5fa7de18a2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 24 Oct 2024 06:17:14 GMT
message-24-ok.png
www.forcepoint.com/misc/
902 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/misc/message-24-ok.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 155, 131, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
6106994
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=1058 idim=24x24 ifmt=png ofsz=902 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-94d5cdf4b-zqw6f
content-length
902
x-served-by
cache-chi-kigq8000105-CHI, cache-chi-kigq8000105-CHI, cache-fra-etou8220060-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.853212,VS0,VE2
etag
"60PoYDt+1vFXU4yAkaVKB1clxMNlUR3MuNzEGSZ9U9Y"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
e74042a2-4bf0-11ee-ba7d-7269e63b1094
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 05 Sep 2024 13:34:13 GMT
message-24-warning.png
www.forcepoint.com/misc/
612 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/misc/message-24-warning.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
1, 275, 130, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
3504925
http_x_geo_region
DE-BY
x-cache
HIT, HIT, HIT, MISS
fastly-io-info
ifsz=753 idim=24x24 ifmt=png ofsz=612 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-f64b97cc5-f7jbb
content-length
612
x-served-by
cache-chi-kigq8000075-CHI, cache-chi-kigq8000075-CHI, cache-fra-eddf8230080-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.853220,VS0,VE2
etag
"etN9kWF1zriHIse4xor9Tv/e40PLoR3lRGg8xe6tRQE"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
e92e9328-5173-11ee-90dd-f67672c2264c
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 12 Sep 2024 13:54:37 GMT
message-24-error.png
www.forcepoint.com/misc/
614 B
1006 B
Image
General
Full URL
https://www.forcepoint.com/misc/message-24-error.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 164, 132, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
6557124
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=733 idim=24x24 ifmt=png ofsz=614 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-94d5cdf4b-sv9ss
content-length
614
x-served-by
cache-chi-klot8100090-CHI, cache-chi-klot8100101-CHI, cache-fra-etou8220109-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.853218,VS0,VE5
etag
"gVoMZ8dd1QgL/2SjIwn0GwzJENiBt143AYaoiF4Ws6M"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
d2736d1f-4bf3-11ee-ab95-7a125f96bbd6
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 05 Sep 2024 13:55:07 GMT
help.png
www.forcepoint.com/misc/
192 B
561 B
Image
General
Full URL
https://www.forcepoint.com/misc/help.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 105, 245, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
2986599
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=294 idim=16x16 ifmt=png ofsz=192 odim=16x16 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-f64b97cc5-pt5pm
content-length
192
x-served-by
cache-chi-klot8100025-CHI, cache-chi-klot8100138-CHI, cache-fra-etou8220134-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.853524,VS0,VE2
etag
"v6al66PXjd/2WqSfHyL2pCCxkfKAcJfvgCU3I6pbO+4"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
d6f38802-5641-11ee-a0a0-e2c6c2e254a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 18 Sep 2024 16:38:47 GMT
menu-expanded.png
www.forcepoint.com/misc/
46 B
444 B
Image
General
Full URL
https://www.forcepoint.com/misc/menu-expanded.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 219, 132, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
2568189
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=106 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-f64b97cc5-vhx5s
content-length
46
x-served-by
cache-chi-kigq8000158-CHI, cache-chi-kigq8000158-CHI, cache-fra-etou8220050-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.854317,VS0,VE2
etag
"lnOeF6KlRRR5aM+MCm3C8DB9Vu1cySrSTIEOJY+eTS4"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
aa5bf352-57b9-11ee-8725-5e511f59cab2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 20 Sep 2024 13:29:03 GMT
menu-collapsed.png
www.forcepoint.com/misc/
46 B
450 B
Image
General
Full URL
https://www.forcepoint.com/misc/menu-collapsed.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 110, 132, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
fastly-io-served-by
vpop-mnz1300716
age
2013448
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=105 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-8c86c97b-x24qq
content-length
46
x-served-by
cache-chi-klot8100149-CHI, cache-chi-kigq8000028-CHI, cache-fra-eddf8230090-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.853933,VS0,VE2
etag
"HJgRuOhWhAFgOazVOW2HjRFb16cHmG+HSX+vLor86a0"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
26bd1c51-7f6a-11ee-ae15-06a9b174c22b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 10 Nov 2024 01:40:38 GMT
progress.gif
www.forcepoint.com/misc/
6 KB
6 KB
Image
General
Full URL
https://www.forcepoint.com/misc/progress.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
74c0b34fce543ce085851b0d644471c036853519593e2c704615ddca08466999
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 139, 129, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
2823772
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=5872 idim=20x40 ifmt=gif ofsz=5852 odim=20x40 ofmt=gif ofrm=20
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-f64b97cc5-h4trs
content-length
5852
x-served-by
cache-chi-klot8100027-CHI, cache-chi-klot8100027-CHI, cache-fra-eddf8230084-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.853212,VS0,VE2
etag
"KSQIcjJuPSqTVV6Yjqa330VSb5j46NEcKLjR3ejGL1A"
vary
Accept, orig-host
content-type
image/gif
x-styx-req-id
05e87f2e-5190-11ee-b5e9-5e81615bdc04
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 12 Sep 2024 17:15:51 GMT
chosen-sprite.png
www.forcepoint.com/sites/all/libraries/chosen/
430 B
832 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 411, 175, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
3825392
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=538 idim=52x37 ifmt=png ofsz=430 odim=52x37 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-59d8b4cd4d-tcn4k
content-length
430
x-served-by
cache-chi-kigq8000072-CHI, cache-chi-kigq8000145-CHI, cache-fra-etou8220041-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.853545,VS0,VE2
etag
"pCuJ3WEDsPQPzkbIkY90U4TfuAo3yBgHEEN2IOPELGY"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
27ba8dbd-49dc-11ee-b8a1-b6a75a728231
cache-control
max-age=31622400
accept-ranges
bytes
expires
Mon, 02 Sep 2024 22:00:40 GMT
chosen-sprite@2x.png
www.forcepoint.com/sites/all/libraries/chosen/
628 B
1008 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 511, 183, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
489535
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=738 idim=104x74 ifmt=png ofsz=628 odim=104x74 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-94d5cdf4b-sv9ss
content-length
628
x-served-by
cache-chi-klot8100035-CHI, cache-chi-kigq8000055-CHI, cache-fra-etou8220070-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.853212,VS0,VE2
etag
"1954vZ3omyWtqZWjx3EPpQPU3ZMgJvFFfwvKeF5rhm0"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
691c25b8-4bc0-11ee-ab95-7a125f96bbd6
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 05 Sep 2024 07:47:06 GMT
ui-bg_flat_75_ffffff_40x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
44 B
456 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
1, 34, 203, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
fastly-io-served-by
vpop-kiad7010214
age
1147435
http_x_geo_region
DE-BY
x-cache
HIT, HIT, HIT, MISS
fastly-io-info
ifsz=178 idim=40x100 ifmt=png ofsz=44 odim=40x100 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-768586b58-wqzn7
content-length
44
x-served-by
cache-chi-klot8100108-CHI, cache-chi-kigq8000094-CHI, cache-fra-etou8220134-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.853568,VS0,VE2
etag
"O9SdHkbja5Mmzi4DWOWJdZgUQirITGa5uuAK5R/QoyM"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
034e02d3-c499-11ee-8a32-f62ebc9d749a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 06 Feb 2025 02:39:55 GMT
ui-bg_highlight-soft_75_cccccc_1x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
54 B
426 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 98, 202, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
fastly-io-served-by
vpop-mnz1300713
age
1413396
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=101 idim=1x100 ifmt=png ofsz=54 odim=1x100 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-8466695d9f-wkcpr
content-length
54
x-served-by
cache-chi-klot8100051-CHI, cache-chi-kigq8000037-CHI, cache-fra-etou8220033-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.852887,VS0,VE6
etag
"SVL3LfYtpcUTzNEo8mHT+EoBDkNcvK2l7xiLlLE7P6w"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
8091a018-7804-11ee-96c6-b2f9f5dd882e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 31 Oct 2024 15:45:22 GMT
ui-bg_glass_75_e6e6e6_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
78 B
458 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 84, 382, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
fastly-io-served-by
vpop-mnz1300716
age
1580666
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=110 idim=1x400 ifmt=png ofsz=78 odim=1x400 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-f9d8bf5c4-fd4t4
content-length
78
x-served-by
cache-chi-kigq8000077-CHI, cache-chi-klot8100165-CHI, cache-fra-eddf8230050-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.852880,VS0,VE2
etag
"4s1MwOZKDfGEu/a/SFo57USn639l3MbW8dYbzZPyEag"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
4ea43432-61e4-11ee-89c0-0a8bf9062628
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 03 Oct 2024 11:59:29 GMT
ui-bg_glass_75_dadada_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
84 B
452 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 88, 202, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
2973350
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=111 idim=1x400 ifmt=png ofsz=84 odim=1x400 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-549fb86767-nsvlj
content-length
84
x-served-by
cache-chi-kigq8000136-CHI, cache-chi-kigq8000023-CHI, cache-fra-eddf8230071-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.852889,VS0,VE2
etag
"msf+sm6St45S//5aPCnGaIqq4DmKLsS3uxv+ikcGyuY"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
a527ec09-4d90-11ee-91ee-3e79583b6ece
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 07 Sep 2024 15:10:13 GMT
css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
12515, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309051
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-55f9644964-sszb8
content-length
2109
x-served-by
cache-chi-kigq8000158-CHI, cache-chi-kigq8000158-CHI, cache-fra-etou8220118-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 08 Mar 2023 18:00:58 GMT
server
nginx
x-timer
S1708334632.827314,VS0,VE106
etag
W/"6408cd5a-1797"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
8257d62e-7a11-11ee-b08b-4e82373ded40
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 03 Nov 2024 06:23:31 GMT
css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
11 KB
3 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
20107, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-f9d8bf5c4-ffczj
content-length
2662
x-served-by
cache-chi-klot8100126-CHI, cache-chi-klot8100126-CHI, cache-fra-eddf8230118-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:22 GMT
server
nginx
x-timer
S1708334632.827449,VS0,VE106
etag
W/"6406263a-2d9a"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
114b838c-6826-11ee-863d-3ee2b5662298
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 11 Oct 2024 11:05:20 GMT
css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
789 B
817 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21866, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-5cc456d87b-p9zk7
content-length
405
x-served-by
cache-chi-kigq8000072-CHI, cache-chi-kigq8000072-CHI, cache-fra-eddf8230139-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 18:37:56 GMT
server
nginx
x-timer
S1708334632.831208,VS0,VE103
etag
W/"64063304-315"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
56724c79-8cd2-11ee-bb05-72fe7b7b95b6
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 27 Nov 2024 03:09:11 GMT
css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
14 KB
3 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21884, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-86d66977b5-5ll47
content-length
2632
x-served-by
cache-chi-kigq8000077-CHI, cache-chi-kigq8000077-CHI, cache-fra-etou8220134-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Jun 2023 14:49:23 GMT
server
nginx
x-timer
S1708334632.831592,VS0,VE104
etag
W/"648b24f3-3962"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
a9070dd2-57cf-11ee-9bc0-a219bd3f6e17
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 20 Sep 2024 16:06:30 GMT
css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
512 B
642 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21905, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-55f9644964-w824f
content-length
230
x-served-by
cache-chi-kigq8000024-CHI, cache-chi-kigq8000024-CHI, cache-fra-eddf8230127-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 18:00:10 GMT
server
nginx
x-timer
S1708334632.831500,VS0,VE107
etag
W/"64062a2a-200"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
ea9469c2-7c50-11ee-9989-e6d8576c5cd3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 06 Nov 2024 03:02:26 GMT
css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
3 KB
1 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
12505, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-68df48cffd-q48kl
content-length
1172
x-served-by
cache-chi-klot8100165-CHI, cache-chi-klot8100165-CHI, cache-fra-etou8220056-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 08 Mar 2023 18:00:58 GMT
server
nginx
x-timer
S1708334632.831157,VS0,VE110
etag
W/"6408cd5a-c8c"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
5d99e30d-61ab-11ee-8fcc-e67e16785de6
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 03 Oct 2024 05:11:53 GMT
css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
506 B
485 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
12473, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-5ff98d754f-f54vr
content-length
175
x-served-by
cache-chi-klot8100176-CHI, cache-chi-klot8100176-CHI, cache-fra-etou8220032-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 08 Mar 2023 18:00:58 GMT
server
nginx
x-timer
S1708334632.831142,VS0,VE109
etag
W/"6408cd5a-1fa"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
c136dbc4-c195-11ee-832e-dea0e841987e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 02 Feb 2025 06:39:03 GMT
css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
454 B
512 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
12455, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309051
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-8466695d9f-2qkg2
content-length
221
x-served-by
cache-chi-kigq8000113-CHI, cache-chi-kigq8000113-CHI, cache-fra-eddf8230055-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:23 GMT
server
nginx
x-timer
S1708334632.831145,VS0,VE106
etag
W/"6406263b-1c6"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
318da244-7210-11ee-bd02-5a9569c1a30c
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 24 Oct 2024 01:53:57 GMT
css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
502 B
672 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
12472, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-68df48cffd-pv78z
content-length
252
x-served-by
cache-chi-klot8100064-CHI, cache-chi-klot8100064-CHI, cache-fra-etou8220093-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:22 GMT
server
nginx
x-timer
S1708334632.832263,VS0,VE132
etag
W/"6406263a-1f6"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
6f9d3bed-6136-11ee-8a29-2eeda6c80640
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 02 Oct 2024 15:14:52 GMT
css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
5 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
5395, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
308944
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-78789f5ddb-q4rn6
content-length
2091
x-served-by
cache-chi-klot8100170-CHI, cache-chi-klot8100170-CHI, cache-fra-etou8220109-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:47 GMT
server
nginx
x-timer
S1708334632.832275,VS0,VE121
etag
W/"64062653-1218"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
a28765ea-a864-11ee-9850-52c5336c7e54
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 01 Jan 2025 05:14:27 GMT
css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
128 B
528 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
14466, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-7c5cb85795-2lhtb
content-length
118
x-served-by
cache-chi-kigq8000142-CHI, cache-chi-kigq8000142-CHI, cache-fra-etou8220101-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:30 GMT
server
nginx
x-timer
S1708334632.832009,VS0,VE105
etag
W/"64062642-80"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
fe223b0b-be55-11ee-ad81-9a583bed8266
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 29 Jan 2025 03:25:04 GMT
css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
203 B
404 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
12433, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-t7p9n
content-length
137
x-served-by
cache-chi-kigq8000029-CHI, cache-chi-kigq8000029-CHI, cache-fra-etou8220109-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:55:40 GMT
server
nginx
x-timer
S1708334632.831995,VS0,VE108
etag
W/"6406291c-cb"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
aba3a89b-c925-11ee-bd9c-1a9522143bb3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Tue, 11 Feb 2025 21:36:52 GMT
css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
99 B
409 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
12445, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309051
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-5cbc988cb-ns76b
content-length
100
x-served-by
cache-chi-klot8100037-CHI, cache-chi-klot8100037-CHI, cache-fra-eddf8230083-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:55:40 GMT
server
nginx
x-timer
S1708334632.832318,VS0,VE106
etag
W/"6406291c-63"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
e01e1e0c-5c29-11ee-95b6-e2fe7f471e9f
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 26 Sep 2024 05:02:21 GMT
css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
493 KB
118 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
22068, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-86d66977b5-p8xp9
content-length
120174
x-served-by
cache-chi-kigq8000161-CHI, cache-chi-kigq8000161-CHI, cache-fra-eddf8230033-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 31 May 2023 20:05:18 GMT
server
nginx
x-timer
S1708334632.832290,VS0,VE116
etag
W/"6477a87e-7b4f7"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
18d01218-5638-11ee-b317-eeb9918916c4
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 18 Sep 2024 15:29:02 GMT
css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__rQsW9bSqEc35mv-RVyy5KEuBxJAzAghjQT0h0Qp-ihE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
2 MB
299 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__rQsW9bSqEc35mv-RVyy5KEuBxJAzAghjQT0h0Qp-ihE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ecf6f89d6f17bfb945b064ef7af52f42c76c98b4660b2c554191fd1093751f01
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
196, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309051
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-fn8kq
content-length
305602
x-served-by
cache-chi-kigq8000110-CHI, cache-chi-kigq8000110-CHI, cache-fra-eddf8230037-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:03:23 GMT
server
nginx
x-timer
S1708334632.831961,VS0,VE109
etag
W/"65ce35cb-1f48f5"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
bff612cf-cc1b-11ee-846e-de94bbde03f9
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 16:03:25 GMT
forcepoint.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/forcepoint.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
34029, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309150
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-5rvs4
content-length
783
x-served-by
cache-chi-klot8100133-CHI, cache-chi-klot8100133-CHI, cache-fra-eddf8230071-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:00:57 GMT
server
nginx
x-timer
S1708334632.831960,VS0,VE109
etag
W/"65ce3539-6ad"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
ccc31f5c-cc38-11ee-9640-6a38df13e094
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 19:31:22 GMT
about_us_0.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/about_us_0.svg?itok=3xrS9jXe
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21945, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-8466695d9f-zsm6w
content-length
866
x-served-by
cache-chi-kigq8000102-CHI, cache-chi-kigq8000102-CHI, cache-fra-eddf8230069-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:53:36 GMT
server
nginx
x-timer
S1708334632.831952,VS0,VE112
etag
W/"652fc740-76e"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
00ae430f-6dad-11ee-98c4-b2833923a796
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:53:50 GMT
our_approach_0.svg
www.forcepoint.com/sites/default/files/
3 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/our_approach_0.svg?itok=XjvgKmGS
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21972, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-vglvx
content-length
1012
x-served-by
cache-chi-klot8100030-CHI, cache-chi-klot8100030-CHI, cache-fra-eddf8230098-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:53:58 GMT
server
nginx
x-timer
S1708334632.850719,VS0,VE110
etag
W/"652fc756-a97"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
efbfda87-c3da-11ee-aeca-6e308abf6ab1
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 05 Feb 2025 03:59:18 GMT
our_customers_0.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/our_customers_0.svg?itok=pljm0BZO
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21948, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309145
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-78789f5ddb-d5gfx
content-length
913
x-served-by
cache-chi-kigq8000025-CHI, cache-chi-kigq8000025-CHI, cache-fra-eddf8230094-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:54:19 GMT
server
nginx
x-timer
S1708334632.851729,VS0,VE108
etag
W/"652fc76b-9af"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
ffe06b0f-a1b4-11ee-8396-d22db1a8beb6
cache-control
max-age=31622400
accept-ranges
bytes
expires
Mon, 23 Dec 2024 17:02:05 GMT
fp_one_icon_0.svg
www.forcepoint.com/sites/default/files/
1 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon_0.svg?itok=eKi29PlI
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21909, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309144
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-f9d8bf5c4-zjm2q
content-length
725
x-served-by
cache-chi-kigq8000174-CHI, cache-chi-kigq8000174-CHI, cache-fra-eddf8230135-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:35:43 GMT
server
nginx
x-timer
S1708334632.852863,VS0,VE109
etag
W/"652fc30f-5ed"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
95480b8d-6daa-11ee-922a-f6544157d242
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:36:31 GMT
fp_one_icon-hover_0.svg
www.forcepoint.com/sites/default/files/
1 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon-hover_0.svg?itok=ecRnPBsZ
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21891, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309144
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-8466695d9f-zsm6w
content-length
737
x-served-by
cache-chi-klot8100104-CHI, cache-chi-klot8100104-CHI, cache-fra-etou8220092-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:35:50 GMT
server
nginx
x-timer
S1708334632.852852,VS0,VE115
etag
W/"652fc316-5fb"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
954458af-6daa-11ee-98c4-b2833923a796
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:36:31 GMT
casb_0.svg
www.forcepoint.com/sites/default/files/
1 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/casb_0.svg?itok=RgNIGydh
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
95466f54e05aa0e66fb31d01cd96eef195e7f2f005ee35f21f41c38b2aac758f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21916, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309144
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-f9d8bf5c4-zjm2q
content-length
702
x-served-by
cache-chi-kigq8000163-CHI, cache-chi-kigq8000163-CHI, cache-fra-eddf8230020-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:40:43 GMT
server
nginx
x-timer
S1708334632.858205,VS0,VE103
etag
W/"652fc43b-5bd"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
31989c52-6dab-11ee-922a-f6544157d242
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:40:53 GMT
ztna_0.svg
www.forcepoint.com/sites/default/files/
4 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/ztna_0.svg?itok=cas6-JTf
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
42139af63a51353a5ebd189672677d738178e64fcf6f4cd66db3c009ada46386
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21897, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309144
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-f9d8bf5c4-zjm2q
content-length
973
x-served-by
cache-chi-klot8100035-CHI, cache-chi-klot8100035-CHI, cache-fra-etou8220106-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:41:05 GMT
server
nginx
x-timer
S1708334632.858621,VS0,VE108
etag
W/"652fc451-f51"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
3fc913b2-6dab-11ee-922a-f6544157d242
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:41:17 GMT
swg_0.svg
www.forcepoint.com/sites/default/files/
5 KB
2 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/swg_0.svg?itok=WPDw6UKp
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
315a9c305e1926c48ac8da233a318ad97e847efdeda17656e4f3a1ec3baca916
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21959, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309144
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-8466695d9f-4ghbh
content-length
1437
x-served-by
cache-chi-klot8100133-CHI, cache-chi-klot8100133-CHI, cache-fra-etou8220101-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:41:31 GMT
server
nginx
x-timer
S1708334632.858173,VS0,VE111
etag
W/"652fc46b-12ad"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
4d564778-6dab-11ee-9a25-46ec2dabab8a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:41:39 GMT
dlp_0.svg
www.forcepoint.com/sites/default/files/
1 KB
889 B
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/dlp_0.svg?itok=WmmjIIRu
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
db5ca58b27a83629cd3331e6bcf94831488c4f5656b1bc39fa6154b37921ac45
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21902, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309144
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-f9d8bf5c4-crgks
content-length
554
x-served-by
cache-chi-klot8100081-CHI, cache-chi-klot8100081-CHI, cache-fra-eddf8230030-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:41:52 GMT
server
nginx
x-timer
S1708334632.858197,VS0,VE110
etag
W/"652fc480-4e3"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
5b9edfc9-6dab-11ee-aa27-eeb965297791
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:42:03 GMT
sd_wan_1.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/sd_wan_1.svg?itok=HvI13Jsz
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7df1285277e150259e2352c0490924c2cc1f048e2899d8652ec17da6d0e9b50
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21935, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309144
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-8466695d9f-7kzsc
content-length
841
x-served-by
cache-chi-klot8100148-CHI, cache-chi-klot8100148-CHI, cache-fra-etou8220052-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:45:13 GMT
server
nginx
x-timer
S1708334632.858247,VS0,VE107
etag
W/"652fc549-829"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d200f1bc-6dab-11ee-8810-4a5fa7de18a2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:45:22 GMT
enterprise_dlp_icon.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/enterprise_dlp_icon.svg?itok=nwHFOSac
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a56f2c1bfb78496d7e0497dd5c79dbf789c1b9ef3833d319e0d143650d041757
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21924, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309144
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-68df48cffd-6t6pj
content-length
896
x-served-by
cache-chi-kigq8000127-CHI, cache-chi-kigq8000127-CHI, cache-fra-eddf8230079-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:03:54 GMT
server
nginx
x-timer
S1708334632.858548,VS0,VE105
etag
W/"652fbb9a-8a1"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
12f97e6b-6da6-11ee-b9ce-22cb0e5727e5
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:04:14 GMT
enterprise_dlp_icon-hover_0.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/enterprise_dlp_icon-hover_0.svg?itok=5GckOGCw
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ad2064f58daf0c71dc4f1cd5c97ebe1a5fc1eae8cb6c6f75e5e0e696be1cb07d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21845, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309144
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-vglvx
content-length
827
x-served-by
cache-chi-klot8100131-CHI, cache-chi-klot8100131-CHI, cache-fra-etou8220122-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:03:58 GMT
server
nginx
x-timer
S1708334632.858237,VS0,VE107
etag
W/"652fbb9e-7b0"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
6571da54-c884-11ee-a827-6e308abf6ab1
cache-control
max-age=31622400
accept-ranges
bytes
expires
Tue, 11 Feb 2025 02:22:25 GMT
data_visibility.svg
www.forcepoint.com/sites/default/files/
2 KB
980 B
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/data_visibility.svg?itok=QEg-acZX
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ceb7f847854cbb5e36829e45e1ed24bbd035cf2f333de9877f2f228253034eb0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21901, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309144
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-f9d8bf5c4-kfk9k
content-length
656
x-served-by
cache-chi-klot8100072-CHI, cache-chi-klot8100072-CHI, cache-fra-etou8220090-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:05:15 GMT
server
nginx
x-timer
S1708334632.858533,VS0,VE105
etag
W/"652fbbeb-6ba"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
3add6013-6da6-11ee-b778-eae9bcafece4
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:05:21 GMT
insider_threat.svg
www.forcepoint.com/sites/default/files/
2 KB
1013 B
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/insider_threat.svg?itok=GAdHhtwt
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8ab97d2d02e110fb83898b0ee9cfbdac8e84b2ae207dd382ec4befceaf19f26e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21893, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309144
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-68df48cffd-zqjxc
content-length
678
x-served-by
cache-chi-kigq8000113-CHI, cache-chi-kigq8000113-CHI, cache-fra-eddf8230085-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:05:46 GMT
server
nginx
x-timer
S1708334632.857901,VS0,VE110
etag
W/"652fbc0a-600"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
4dd039c4-6da6-11ee-9107-022aec931b41
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:05:53 GMT
data_classification.svg
www.forcepoint.com/sites/default/files/
1 KB
805 B
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/data_classification.svg?itok=DNis0AQq
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9a5b4817923ddcf72a52cacaace5f31905defc508f06ee2f76a40c6b9f3441c0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21902, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309144
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-f9d8bf5c4-crgks
content-length
441
x-served-by
cache-chi-klot8100092-CHI, cache-chi-klot8100092-CHI, cache-fra-eddf8230031-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:06:20 GMT
server
nginx
x-timer
S1708334632.857895,VS0,VE109
etag
W/"652fbc2c-447"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
631aefb7-6da6-11ee-aa27-eeb965297791
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:06:28 GMT
risk_adaptive.svg
www.forcepoint.com/sites/default/files/
875 B
822 B
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/risk_adaptive.svg?itok=D2OZgBkD
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
75de14e55fe4b7b7ee193c5f3c8a4447b8928c21354e28e194f0e89506f85e18
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21839, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-768586b58-zw74s
content-length
410
x-served-by
cache-chi-kigq8000068-CHI, cache-chi-kigq8000068-CHI, cache-fra-eddf8230102-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:07:25 GMT
server
nginx
x-timer
S1708334632.857896,VS0,VE108
etag
W/"652fbc6d-36b"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
67b232ed-c215-11ee-a142-b647b6ce3c63
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 02 Feb 2025 21:52:48 GMT
ngfw_icon.svg
www.forcepoint.com/sites/default/files/
3 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/ngfw_icon.svg?itok=zOEg6GW-
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9e364511ec9f9b84758e997b3f4492bb37b58219411647ca206e3e43daa685b1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21845, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-68b948c8df-zfphv
content-length
1025
x-served-by
cache-chi-klot8100073-CHI, cache-chi-klot8100073-CHI, cache-fra-etou8220036-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:18:23 GMT
server
nginx
x-timer
S1708334632.857865,VS0,VE111
etag
W/"652fbeff-ad1"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
c16be8ca-b7c6-11ee-9142-6af4876059ab
cache-control
max-age=31622400
accept-ranges
bytes
expires
Mon, 20 Jan 2025 19:04:37 GMT
ngfw_icon-hover.svg
www.forcepoint.com/sites/default/files/
4 KB
2 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/ngfw_icon-hover.svg?itok=rmtfxbJN
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2e762e8da9e634ed25afc29890f55b60fa70da718945b14f106b402b00b445be
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21865, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-kdpb7
content-length
1776
x-served-by
cache-chi-kigq8000167-CHI, cache-chi-kigq8000167-CHI, cache-fra-etou8220056-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:18:33 GMT
server
nginx
x-timer
S1708334632.857830,VS0,VE112
etag
W/"652fbf09-1088"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
7ecdbea7-c855-11ee-bc58-3607ecdbbea4
cache-control
max-age=31622400
accept-ranges
bytes
expires
Mon, 10 Feb 2025 20:46:42 GMT
cross_domain_solution.svg
www.forcepoint.com/sites/default/files/
2 KB
1011 B
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/cross_domain_solution.svg?itok=lUhjIfwx
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f12ed71bda9274dedc7c023f0bc8f1fd4d83ca512b1cce028d05a5e9dd6d71ae
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21846, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-f9d8bf5c4-m24kb
content-length
691
x-served-by
cache-chi-klot8100045-CHI, cache-chi-klot8100045-CHI, cache-fra-eddf8230124-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:19:21 GMT
server
nginx
x-timer
S1708334632.862704,VS0,VE104
etag
W/"652fbf39-75f"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
348d4b88-6da8-11ee-8998-8a3fa4259494
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:19:29 GMT
sd_wan.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/sd_wan.svg?itok=pnOwb0ZT
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7df1285277e150259e2352c0490924c2cc1f048e2899d8652ec17da6d0e9b50
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21770, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-kdpb7
content-length
841
x-served-by
cache-chi-klot8100074-CHI, cache-chi-klot8100074-CHI, cache-fra-eddf8230111-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:20:46 GMT
server
nginx
x-timer
S1708334632.864077,VS0,VE105
etag
W/"652fbf8e-829"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
532a1463-c837-11ee-bc58-3607ecdbbea4
cache-control
max-age=31622400
accept-ranges
bytes
expires
Mon, 10 Feb 2025 17:10:43 GMT
zero_trust_cdr.svg
www.forcepoint.com/sites/default/files/
1 KB
967 B
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/zero_trust_cdr.svg?itok=R8cwkadm
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
50f6481e8c65a0c9796497b33a24bf50a90a531fc3e1cc0dc019e2af14c8abef
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21949, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-68df48cffd-sc865
content-length
614
x-served-by
cache-chi-klot8100132-CHI, cache-chi-klot8100132-CHI, cache-fra-eddf8230118-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:21:17 GMT
server
nginx
x-timer
S1708334632.864346,VS0,VE111
etag
W/"652fbfad-5ba"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
79a4de02-6da8-11ee-ab8d-228bfac65d7e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 11:21:25 GMT
rbi.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/rbi.svg?itok=QEu-UiI0
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2775873de34599848dfcd2b6a5772d9ebb2cf56d0ba8df5925fe0b20b3c1cf50
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21836, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-8466695d9f-fm4xg
content-length
859
x-served-by
cache-chi-klot8100176-CHI, cache-chi-klot8100176-CHI, cache-fra-eddf8230124-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 11:21:42 GMT
server
nginx
x-timer
S1708334632.862376,VS0,VE124
etag
W/"652fbfc6-87c"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
8bc8450c-72e5-11ee-ba9f-169583607588
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 25 Oct 2024 03:21:11 GMT
cyber_edu_icon.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/cyber_edu_icon.svg?itok=XXkKE01K
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21851, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-pfrnt
content-length
813
x-served-by
cache-chi-klot8100127-CHI, cache-chi-klot8100127-CHI, cache-fra-etou8220058-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 12:02:27 GMT
server
nginx
x-timer
S1708334632.862402,VS0,VE110
etag
W/"652fc953-9a9"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
773def9d-c209-11ee-ad83-66046ae7d6f6
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 02 Feb 2025 20:27:20 GMT
cyber_edu_icon-hover.svg
www.forcepoint.com/sites/default/files/
3 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/cyber_edu_icon-hover.svg?itok=ymKcsOZ4
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2528d731c4e61e67f78982f202d1de7e6f7a234117b4d9c98325c27e33c6e1d3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21792, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-8466695d9f-4ghbh
content-length
869
x-served-by
cache-chi-kigq8000084-CHI, cache-chi-kigq8000084-CHI, cache-fra-etou8220083-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 18 Oct 2023 12:02:37 GMT
server
nginx
x-timer
S1708334632.863171,VS0,VE104
etag
W/"652fc95d-b0c"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
4266b026-6dae-11ee-9a25-46ec2dabab8a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 18 Oct 2024 12:02:50 GMT
photo-1520386950581-900a51cbbc93.jpeg
www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/
79 KB
79 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/photo-1520386950581-900a51cbbc93.jpeg?itok=CGBPyn2U&timestamp=1552745701
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c0d3e8399d25a454b367e3156a62719226f9d283000f3d0ef30fcd9f9d968763
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 4, 1, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
fastly-io-served-by
vpop-mnz1300711
age
1368203
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=80875 idim=1180x346 ifmt=jpeg ofsz=80875 odim=1180x346 ofmt=jpeg
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-5cbc988cb-g7rhx
content-length
80875
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000165-CHI, cache-chi-kigq8000096-CHI, cache-fra-eddf8230055-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.862271,VS0,VE7
etag
"niTTHhBctfoOJUxPHuxEoGtZogv5kQ+YD9bnV5v4X1k"
vary
Accept, orig-host
content-type
image/jpeg
x-styx-req-id
6ba05c51-5d64-11ee-810d-16c5e47dd368
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Sep 2024 18:33:57 GMT
201809_mwcompiler_figure1.png
www.forcepoint.com/sites/default/files/inline/security-labs/
65 KB
65 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/inline/security-labs/201809_mwcompiler_figure1.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b934c733fb9cc7adc0a58a18c1d852e61f045256683b162f746c1e662d40da89
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
1, 2, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
fastly-io-served-by
vpop-mnz1300719
age
224057
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS, MISS
fastly-io-info
ifsz=117796 idim=1002x156 ifmt=png ofsz=66466 odim=1002x156 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-68df48cffd-vdpf6
content-length
66466
x-served-by
cache-chi-kigq8000025-CHI, cache-chi-kigq8000035-CHI, cache-fra-eddf8230126-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.863072,VS0,VE107
etag
"UkYgT3kAfnA5EtBczki4+Kv206A+2fDpahAgTC5gnmE"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
8ba65a91-6781-11ee-b15f-22b56de3d27f
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 10 Oct 2024 15:27:38 GMT
201809_mwcompiler_figure2.png
www.forcepoint.com/sites/default/files/inline/security-labs/
429 KB
429 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/inline/security-labs/201809_mwcompiler_figure2.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1481c2c4e58796a109a75e680a6a772f65230168820d2dda34cac764e03f36e2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 5, 1, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
fastly-io-served-by
vpop-mnz1300718
age
1718651
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=793628 idim=1002x802 ifmt=png ofsz=438958 odim=1002x802 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-6fcbcb6768-fnq7g
content-length
438958
x-served-by
cache-chi-kigq8000027-CHI, cache-chi-klot8100144-CHI, cache-fra-eddf8230038-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.862062,VS0,VE5
etag
"Se5HYzFZ5SypbDw2YRUHeXMDl32cjCJobtYLCqfdW54"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
6ba3a1a4-5d64-11ee-bbdb-8a3bea2b6932
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Sep 2024 18:33:57 GMT
placeholder_image.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
34 B
432 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/placeholder_image.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 23, 58, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
2999153
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=1272 idim=20x20 ifmt=png ofsz=34 odim=20x20 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-65d46855f6-fvs96
content-length
34
x-served-by
cache-chi-klot8100035-CHI, cache-chi-kigq8000110-CHI, cache-fra-etou8220055-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.862859,VS0,VE2
etag
"1Cw1g26qcqy/qXiETpkqMbr8ayhbr57dIxJ0jC+RrrE"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
55de4888-4027-11ee-acfc-2ea97a8f8c9e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 21 Aug 2024 13:33:38 GMT
css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ee27e3cdc69e172aac4b82b3f20d30a2e9b8fc56e7154475292f0ce338b8a5a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
12360, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-78789f5ddb-th96l
content-length
1421
x-served-by
cache-chi-klot8100164-CHI, cache-chi-klot8100164-CHI, cache-fra-etou8220111-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 13 Dec 2023 14:23:28 GMT
server
nginx
x-timer
S1708334632.861537,VS0,VE110
etag
W/"6579be60-19a6"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
32e86c06-99c3-11ee-be22-a665a8a9a280
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 13 Dec 2024 14:23:34 GMT
network-dlp-vs-endpoint-dlp_hero_image_0.jpg
www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/
8 KB
11 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/network-dlp-vs-endpoint-dlp_hero_image_0.jpg?itok=8Z1Vedrl
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e89d6323ee8242c1b8d6e40efefa01ef488dda3593679dfc6220fbb733e9c495
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 48266, 0, 0
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report
strict-transport-security
max-age=18410000; includeSubDomains; preload
x-content-type-options
nosniff
date
Mon, 19 Feb 2024 09:23:51 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
fastly-io-served-by
vpop-kiad7010211
age
0
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS, MISS
fastly-io-info
ifsz=7857 idim=199x111 ifmt=jpeg ofsz=7857 odim=199x111 ofmt=jpeg
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent
EU
fastly-stats
io=1
expires
Sun, 19 Nov 1978 05:00:00 GMT
content-length
7857
x-xss-protection
1
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000048-CHI, cache-chi-kigq8000055-CHI, cache-fra-etou8220029-FRA, cache-fra-eddf8230064-FRA
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-timer
S1708334632.862598,VS0,VE104
etag
"D/fYnFLfzpJXyyLY8LVtQxWwxyrw6HU7jFgcla9+hU0"
x-frame-options
SAMEORIGIN
vary
Accept, orig-host
content-type
image/jpeg
x-styx-req-id
48653e7c-cb3a-11ee-930d-12cbffd32492
cache-control
no-cache, must-revalidate
accept-ranges
bytes
x-drupal-cache
MISS
x-pantheon-styx-hostname
styx-fe3-a-768586b58-zjs7c
jquery-3.6.4.min.js
code.jquery.com/
88 KB
31 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.6.4.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 09:23:51 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
13532432
x-cache
HIT, HIT
content-length
31011
x-served-by
cache-lga21953-LGA, cache-fra-eddf8230080-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1708334632.888766,VS0,VE0
etag
W/"28feccc0-15ec3"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
133, 186050
jquery-migrate.min.js
cdn.jsdelivr.net/npm/jquery-migrate@3.4.1/dist/
13 KB
5 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/jquery-migrate@3.4.1/dist/jquery-migrate.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 09:23:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
6919882
x-jsd-version
3.4.1
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230065-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"3534-NFnzHKz0zt9oGLUq83IVXde7nEQ"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FHv3AaGhSgLXH%2F7VfTPx9am6HOhS%2FyrrZWDGDWF5IldCaX7Z%2F8Udgjfnr0qh133tE2a53LpsnzHB1aAypHcMA8p58A33ih6m%2FxSozb0zbDonebSw1LJwa3KKqnXd6kSEPqXTsOXNplD8bn9VTq4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
857d74193c697185-FRA
jquery-ui.min.js
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/
249 KB
56 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 09:23:51 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
8948168
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
56990
last-modified
Fri, 29 Jul 2022 20:40:53 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"62e445d5-de9e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ygyzGtDzDeZO6x3BIKu3REp%2Fg1mAG2GDzpV1lx2KdnWPHxOJb0rpypiwiNyq31Ay5camv4OByeKy4g4t7IfF%2FHW1FfzxPhI5zZBS1G6gSAeS5CxqJ3YejqFyDOXbatLS8%2FBsdih9brb%2FETsvBtWiLFZ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
857d741939599962-FRA
expires
Sat, 08 Feb 2025 09:23:51 GMT
jquery.cookie.js
cdn.jsdelivr.net/gh/carhartl/jquery-cookie@1.4.1/
3 KB
2 KB
Script
General
Full URL
https://cdn.jsdelivr.net/gh/carhartl/jquery-cookie@1.4.1/jquery.cookie.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 09:23:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
8657171
x-jsd-version
1.4.1
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230125-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t24lHbwK%2BGAYWTpDESCrm4jHjxeYKgrLz1DQ5DeQwXn4ike7r7VrltYdJvHx1kVgM6t4UtvPKARrmjE93Y6%2BJVRfMcbGUzcAqO2oAoqDWyF9XkFtWKX2PHxgRJAgMtri0mGAd8VJMx%2BVsodoMog%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
857d74193c667185-FRA
jquery.form.min.js
cdn.jsdelivr.net/gh/jquery-form/form@4.3.0/dist/
17 KB
7 KB
Script
General
Full URL
https://cdn.jsdelivr.net/gh/jquery-form/form@4.3.0/dist/jquery.form.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 09:23:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
7186108
x-jsd-version
4.3.0
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230091-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"42c6-Un0kth16nDganBgYV2qMDm0qpvQ"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n8KbEsmjtMXNxIZxBgKP6fSftnTePD3EXOs6Wjil7pWziR7JHS40KVnHo1HWymsa9iyw7260B9YgJtIyR8EXjQMWrsIEg74QbZquzRbxf3QmYofKLXU4KmMf%2BFsLBKeTEAy6CYXFH0gBfnurVO0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
857d74193c677185-FRA
utag.sync.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:7a00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
77fac33afdd25a55694ba10a159b37ea0c0898180f94a46d5cdb58e7032b4f3b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
kKZkGiJTy.JrRWkqFxOCLu6vH2zINvae
content-encoding
br
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
date
Mon, 19 Feb 2024 09:23:51 GMT
last-modified
Tue, 30 Jan 2024 17:06:06 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
104
x-amz-server-side-encryption
AES256
etag
W/"625ea07eec486c68f3fc96a72310ed1c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
CbGu_XaeGzS96IcO1VDoL6pxKdSrdvml8fU8ppGXe2sFDtV6WuM-CQ==
v2.js
js.hsforms.net/forms/
481 KB
154 KB
Script
General
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8cce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0bce3c69009ee89078e9eed1305d9e6df0ff6ca83bd3fdab59ee0ba03e23b31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-encoding
br
age
126
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4708/bundles/project-v2.js&cfRay=857d710198e59bdc-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"6c024a19bf6fceb0d8b66919507353ec"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.4708/bundles/project-v2.js
date
Mon, 19 Feb 2024 09:23:51 GMT
x-amz-version-id
K1IDq5oXgFf6Gf.V6vMhXddDfxNDLbE_
via
1.1 f01dafb3bec9893b47152910d47900a4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
71847e91-7d47-4075-a4de-d0d6387dee2a
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
71847e91-7d47-4075-a4de-d0d6387dee2a
last-modified
Thu, 15 Feb 2024 14:03:45 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Agiv2Lsf2z7iPVNOhcA8HAZwAG0TzLEQ%2FraY3KLcMSavbM7qW969aaO3sCI7TWqLXw8SunivRyLx76K%2F4FnOvRK2XcKGoSLv0UxRBGEm%2FNRiaNK982EIY%2F1bC5GhIjXLed5sumsm87batV8%2F"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-748b697-h9dw7
cf-ray
857d74194f33048b-FRA
x-amz-cf-id
0ys8EMBLckKb6k52UYVrjs7FhHHfBIwCIzlY-Yq4ibxO0i_tmCLQPw==
js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
11 KB
5 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e7e02c8510e5cdcf18b17c36aab04ff6867e018178fe5594aa9c1fb40f252838
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
13145, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-68b948c8df-lrphv
content-length
4874
x-served-by
cache-chi-kigq8000131-CHI, cache-chi-kigq8000131-CHI, cache-fra-eddf8230063-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:24 GMT
server
nginx
x-timer
S1708334632.862551,VS0,VE111
etag
W/"6406263c-2a52"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
ffc2d41b-b239-11ee-b3d9-8ac6f643d138
cache-control
max-age=31622400
accept-ranges
bytes
expires
Mon, 13 Jan 2025 17:34:26 GMT
js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
13 KB
5 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2d6c54b4b4a8eaee36561dea258e5b8de817e8001f049b785dec91199a1d41db
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
22586, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-65d7dffcdb-4gzm7
content-length
4853
x-served-by
cache-chi-klot8100147-CHI, cache-chi-klot8100147-CHI, cache-fra-etou8220083-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 06 Dec 2023 14:48:25 GMT
server
nginx
x-timer
S1708334632.862255,VS0,VE109
etag
W/"657089b9-343a"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
843ad66c-9446-11ee-81ef-ee6151816431
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 06 Dec 2024 14:48:28 GMT
js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
548 B
598 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0afb763c1de6f6fbc5f775e18225ab96ced3818b62a597b7bac98d3fa29f3f23
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
13099, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-f9d8bf5c4-xxqnh
content-length
294
x-served-by
cache-chi-klot8100141-CHI, cache-chi-klot8100141-CHI, cache-fra-eddf8230092-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:23 GMT
server
nginx
x-timer
S1708334632.863752,VS0,VE107
etag
W/"6406263b-224"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
0c221523-673b-11ee-8d93-6a328032ef0d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 10 Oct 2024 07:02:59 GMT
js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
27 KB
8 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7c38acd92ae6bde95f3f8108a03252fffb82ccd6abea48e29ea0b7f365297287
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
18998, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:52 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-68df48cffd-9m4g9
content-length
7980
x-served-by
cache-chi-kigq8000022-CHI, cache-chi-kigq8000022-CHI, cache-fra-etou8220121-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:26 GMT
server
nginx
x-timer
S1708334632.863758,VS0,VE139
etag
W/"6406263e-6d76"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
39d6f213-628a-11ee-83a0-ba44389d6db1
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Oct 2024 07:47:11 GMT
js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
22 KB
8 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
26be2c4cd498798df8895f91aacf2b8ffc5bd02686c4f695b081987fbe12c8c5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
11478, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-5ff98d754f-5cf4b
content-length
7765
x-served-by
cache-chi-klot8100140-CHI, cache-chi-klot8100140-CHI, cache-fra-etou8220052-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:53 GMT
server
nginx
x-timer
S1708334632.861919,VS0,VE110
etag
W/"64062659-59a4"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
402f91a9-c196-11ee-a3ef-76f41b23cf7e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 02 Feb 2025 06:42:36 GMT
js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
3 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
aae32b2bc7f6bc3224ccd8e50e4b9b5e740ef619fa66e7c75b9fb135470f45d9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
19953, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-768586b58-zt5rm
content-length
1275
x-served-by
cache-chi-kigq8000032-CHI, cache-chi-kigq8000032-CHI, cache-fra-etou8220133-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 31 Jan 2024 14:35:14 GMT
server
nginx
x-timer
S1708334632.862890,VS0,VE114
etag
W/"65ba5aa2-a4e"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
64e4b06d-c7ce-11ee-ac71-daaca32af5c3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Mon, 10 Feb 2025 04:39:36 GMT
js__NNwpmEpC8JVN9o5mIVcqmVFWE2Wlvz8PDDqjOgHQW7E__Fmhc_sYxYs7J1zC8fFtGDqTwoHpMVrdrys64INBGbz8__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
24 KB
9 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__NNwpmEpC8JVN9o5mIVcqmVFWE2Wlvz8PDDqjOgHQW7E__Fmhc_sYxYs7J1zC8fFtGDqTwoHpMVrdrys64INBGbz8__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
33b128756a04391f0db5eb0002fc1d19d63bb5739cfa4a81004d995bf0624550
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
10868, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-68b948c8df-rw4ql
content-length
8875
x-served-by
cache-chi-kigq8000092-CHI, cache-chi-kigq8000092-CHI, cache-fra-eddf8230133-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 22 Nov 2023 14:48:29 GMT
server
nginx
x-timer
S1708334632.863766,VS0,VE107
etag
W/"655e14bd-618f"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
08205b05-b1ac-11ee-8822-0a05e7c31cf5
cache-control
max-age=31622400
accept-ranges
bytes
expires
Mon, 13 Jan 2025 00:38:12 GMT
js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
711 B
694 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0370218a5b3b2dd0fafe99389e5c792eba8f07d4ef1959ccbaf023692e9ce25a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
18518, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-f9d8bf5c4-mxq9f
content-length
306
x-served-by
cache-chi-kigq8000155-CHI, cache-chi-kigq8000155-CHI, cache-fra-eddf8230078-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:37 GMT
server
nginx
x-timer
S1708334632.863766,VS0,VE109
etag
W/"64062649-2c7"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
79b8ce59-627d-11ee-af0c-7ae92eee0f34
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Oct 2024 06:15:54 GMT
js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
799 B
816 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
809bf772861d5903dcd978e3712a6d2934cc4c74961358159ece9d1442c41eda
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
12811, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6cbc4fb79d-hs6qw
content-length
428
x-served-by
cache-chi-klot8100133-CHI, cache-chi-klot8100133-CHI, cache-fra-etou8220126-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 15 Nov 2023 13:09:20 GMT
server
nginx
x-timer
S1708334632.863015,VS0,VE118
etag
W/"6554c300-31f"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
b65afecd-9fad-11ee-a739-9a716c69de7b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 21 Dec 2024 03:04:53 GMT
js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
981 B
787 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7277aa6992f8d84c899d9677fe5624ad79d80bdf298ddd5a2d0dd27b0a28041b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
13537, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6cbc4fb79d-dd9f6
content-length
451
x-served-by
cache-chi-klot8100054-CHI, cache-chi-klot8100054-CHI, cache-fra-eddf8230031-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 23 Oct 2023 16:45:57 GMT
server
nginx
x-timer
S1708334632.861890,VS0,VE120
etag
W/"6536a345-3d5"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
2fa7ef4e-99c3-11ee-a029-2ac235d6c894
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 13 Dec 2024 14:23:29 GMT
js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__5jACLbT9uRgX3grq7eSNoPytVSVJYcw9-aqwfGvMKvc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
3 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__5jACLbT9uRgX3grq7eSNoPytVSVJYcw9-aqwfGvMKvc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2af1dabc6233e7b3659be90a89d4c82800f59940141b1237ac46db89461a8f27
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
22626, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309142
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-5dw86
content-length
1386
x-served-by
cache-chi-klot8100169-CHI, cache-chi-klot8100169-CHI, cache-fra-etou8220054-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 31 Jan 2024 14:35:14 GMT
server
nginx
x-timer
S1708334632.862741,VS0,VE121
etag
W/"65ba5aa2-c69"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
55c2b47d-cb4a-11ee-a266-b270c4907e57
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 14 Feb 2025 15:04:22 GMT
js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
32 KB
14 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2609e47af9b5fd41bcc697b9545be93106f378abde6263e1ca3394420121770f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
12659, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-5cbc988cb-rwfbz
content-length
14179
x-served-by
cache-chi-klot8100060-CHI, cache-chi-klot8100060-CHI, cache-fra-etou8220075-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:30 GMT
server
nginx
x-timer
S1708334632.862716,VS0,VE107
etag
W/"64062642-81ba"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
0779039f-5c48-11ee-9618-76465eb2d399
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 26 Sep 2024 08:38:12 GMT
js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__5t1bwuf_6UapbfBl8BVgxkNe2IwCFG2FnD40d8mFKKc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
5 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__5t1bwuf_6UapbfBl8BVgxkNe2IwCFG2FnD40d8mFKKc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0b7943307c6a7d7f4d6008a4746a25fd1bb56da6280123ede2e5ba8013d95527
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
22088, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6cbc4fb79d-f6hj2
content-length
1551
x-served-by
cache-chi-klot8100084-CHI, cache-chi-klot8100084-CHI, cache-fra-etou8220123-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:30 GMT
server
nginx
x-timer
S1708334632.864081,VS0,VE108
etag
W/"64062642-14af"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
0cf533ca-9df5-11ee-9fe4-6ae021cc8ab5
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 18 Dec 2024 22:30:30 GMT
js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
4 KB
1 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
91e4bb6ed20592449430c1edb1d80b903c81c9d63dd48ebb1e0692039a88ee2a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
109, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
308941
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-8c86c97b-k4xj7
content-length
1195
x-served-by
cache-chi-klot8100028-CHI, cache-chi-klot8100028-CHI, cache-fra-etou8220061-FRA, cache-fra-eddf8230064-FRA
last-modified
Tue, 07 Nov 2023 15:35:01 GMT
server
nginx
x-timer
S1708334632.863502,VS0,VE108
etag
W/"654a5925-f35"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
3dc07e65-7d83-11ee-af68-9efa8a798b68
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 07 Nov 2024 15:35:12 GMT
js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
4 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
83906d4f8a0f8d0364be66f304608d8a10f014e67336265dd89a01269c11ca0d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
8003, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309098
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-68df48cffd-nxr8f
content-length
1540
x-served-by
cache-chi-kigq8000167-CHI, cache-chi-kigq8000167-CHI, cache-fra-etou8220042-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:30 GMT
server
nginx
x-timer
S1708334632.863462,VS0,VE103
etag
W/"64062642-f26"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
da088606-6287-11ee-a10b-ae25379fe8c0
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Oct 2024 07:30:11 GMT
js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
4 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3646dc608888e2d7ad7a83a79d6ad6ffe7c3012fbbe2c944314840436e9f5716
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
4731, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
308941
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6bcf4d4f8-qf4fr
content-length
1260
x-served-by
cache-chi-klot8100098-CHI, cache-chi-klot8100098-CHI, cache-fra-etou8220102-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 15 Nov 2023 13:09:50 GMT
server
nginx
x-timer
S1708334632.863263,VS0,VE108
etag
W/"6554c31e-ebf"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
5d007633-c85f-11ee-953a-3e94db4ce57e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Mon, 10 Feb 2025 21:57:20 GMT
js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
7 KB
3 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7f02b711e88c0e385f12ecdeb9a97ba2d72465cd4dc24d3087410536d74f60a3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21615, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309137
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-78789f5ddb-lwczr
content-length
2200
x-served-by
cache-chi-kigq8000156-CHI, cache-chi-kigq8000156-CHI, cache-fra-eddf8230080-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 13 Dec 2023 14:22:05 GMT
server
nginx
x-timer
S1708334632.863393,VS0,VE105
etag
W/"6579be0d-1a28"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
ff16bce1-99c2-11ee-a4d4-0681f956c5f0
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 13 Dec 2024 14:22:07 GMT
js__RKHlmU6t0RLUncGnTujiufoFCC5MbSOoksjftmO9T3k__PHePze22Uzz7HaF6V_B3Zp-lKOIceEBNxv2aCEmB4PU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
6 KB
3 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__RKHlmU6t0RLUncGnTujiufoFCC5MbSOoksjftmO9T3k__PHePze22Uzz7HaF6V_B3Zp-lKOIceEBNxv2aCEmB4PU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76e0a509323608a889e87905b524cf659ea2d7fcb1a3987869b416961b60a529
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
9790, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-5cc456d87b-ctxkg
content-length
2354
x-served-by
cache-chi-kigq8000111-CHI, cache-chi-kigq8000111-CHI, cache-fra-eddf8230033-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 22 Nov 2023 14:50:46 GMT
server
nginx
x-timer
S1708334632.863506,VS0,VE105
etag
W/"655e1546-1963"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
857c765b-8946-11ee-9b2c-da844195c16f
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 22 Nov 2024 14:50:47 GMT
js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
2 KB
1 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
39964c58ecfd8f2e123e69ac0cff4fa389b5aa7a26191883e2a4289819e19b53
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
19714, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-6fcbcb6768-87vz4
content-length
762
x-served-by
cache-chi-kigq8000027-CHI, cache-chi-kigq8000027-CHI, cache-fra-etou8220062-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:40 GMT
server
nginx
x-timer
S1708334632.864127,VS0,VE103
etag
W/"6406264c-76e"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
f9551466-5c61-11ee-81ac-f6d5c4abf348
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 26 Sep 2024 11:43:55 GMT
js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__4jW-CTXC7WRzLIe4AvHnBl9dyUG5uLWnaNbUL-jgrYw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
7 KB
3 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__4jW-CTXC7WRzLIe4AvHnBl9dyUG5uLWnaNbUL-jgrYw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
38bf60e9e3b26f4bbbd3cb6594d3954a3e36d2a4167b09bb746acba0fa85d4ce
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
7857, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309032
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-8466695d9f-n4zsl
content-length
2517
x-served-by
cache-chi-kigq8000070-CHI, cache-chi-kigq8000070-CHI, cache-fra-eddf8230110-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 02 Nov 2023 15:51:44 GMT
server
nginx
x-timer
S1708334632.862096,VS0,VE106
etag
W/"6543c590-1b67"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
b9e94a88-7997-11ee-a730-0a7f0eacbbcc
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 02 Nov 2024 15:51:46 GMT
js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
1018 B
871 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2e235a7be093a4acc3aada042f4f7c934e26bcaadacf6c3bb0e525e28ba21000
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21477, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309137
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-6cbc4fb79d-vst7h
content-length
566
x-served-by
cache-chi-klot8100065-CHI, cache-chi-klot8100065-CHI, cache-fra-etou8220078-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:25 GMT
server
nginx
x-timer
S1708334632.863177,VS0,VE110
etag
W/"6406263d-3fa"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
0dfb9335-a675-11ee-a18b-bec8f5b2fee0
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 29 Dec 2024 18:06:57 GMT
js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
2 KB
950 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2fffee549f20803f72907134dc44b0b44c72684ecf69e92ec7b1f034fa03efa7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
20171, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309143
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-85576d6d5b-q7n7g
content-length
629
x-served-by
cache-chi-kigq8000113-CHI, cache-chi-kigq8000113-CHI, cache-fra-eddf8230061-FRA, cache-fra-eddf8230064-FRA
last-modified
Mon, 06 Mar 2023 17:43:27 GMT
server
nginx
x-timer
S1708334632.861879,VS0,VE107
etag
W/"6406263f-61f"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
1312e9f6-8a0c-11ee-8c81-7e3af7233cd7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 23 Nov 2024 14:24:55 GMT
js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__QWVTkBrgI8Ts0VdMw11j7QuM5gAXyH3Kxpk_PEZLE7w__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
18 KB
6 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__QWVTkBrgI8Ts0VdMw11j7QuM5gAXyH3Kxpk_PEZLE7w__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ee2eacb783191c9897eb92041b40c6330e37e46624ebd2204a501fbb94b4fb06
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
21885, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309142
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-68b948c8df-rw4ql
content-length
5859
x-served-by
cache-chi-klot8100074-CHI, cache-chi-klot8100074-CHI, cache-fra-etou8220080-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 11 Jan 2024 22:52:25 GMT
server
nginx
x-timer
S1708334632.862394,VS0,VE107
etag
W/"65a07129-48bf"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
178acd64-b0d4-11ee-8822-0a05e7c31cf5
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 11 Jan 2025 22:52:26 GMT
js__5JgaXR8D2C00E22GhU2eB1lVAKgbz2L03t9_2mjtbvU__jsf8gUmjQabawiet5xN7FARmhje4S0BRk0UtxOVEzLY__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
1 KB
905 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__5JgaXR8D2C00E22GhU2eB1lVAKgbz2L03t9_2mjtbvU__jsf8gUmjQabawiet5xN7FARmhje4S0BRk0UtxOVEzLY__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e6e9870f494b1c2287e84247ac3399299d17337087788b2f40d4f7c9fcb42f46
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
6869, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
309050
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-55f9644964-pbzhj
content-length
553
x-served-by
cache-chi-kigq8000095-CHI, cache-chi-kigq8000095-CHI, cache-fra-eddf8230106-FRA, cache-fra-eddf8230064-FRA
last-modified
Tue, 21 Mar 2023 15:18:14 GMT
server
nginx
x-timer
S1708334632.861588,VS0,VE107
etag
W/"6419cab6-481"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
9dd672bc-7bb6-11ee-a3e4-56191d0501b8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Tue, 05 Nov 2024 08:37:55 GMT
js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__eQMNX1J_yYJ4wrcKxmm6-CsxuEQY4boNkiT2QEYRJC0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
www.forcepoint.com/sites/default/files/advagg_js/
81 KB
27 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__eQMNX1J_yYJ4wrcKxmm6-CsxuEQY4boNkiT2QEYRJC0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cb1213a2fe62895e9809c70e606a1234c107d4fb5d1d9e9fe3579a0e87305464
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
950, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:51 GMT
age
308941
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-5ff98d754f-f54vr
content-length
27516
x-served-by
cache-chi-klot8100099-CHI, cache-chi-klot8100121-CHI, cache-fra-eddf8230074-FRA, cache-fra-eddf8230064-FRA
last-modified
Wed, 31 Jan 2024 14:35:48 GMT
server
nginx
x-timer
S1708334632.861549,VS0,VE110
etag
W/"65ba5ac4-1439e"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
0141ce4c-c195-11ee-832e-dea0e841987e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 02 Feb 2025 06:33:41 GMT
/
attr.ml-api.io/
Redirect Chain
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=4869257680398510027
0
236 B
Image
General
Full URL
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=4869257680398510027
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Server
2600:9000:2670:a200:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 09:23:52 GMT
via
1.1 ad3a844607df41a7152eab5ebe6e4056.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P9
x-cache
Miss from cloudfront
content-type
application/json
x-amz-cf-id
qzMPxd1XIqgocBDmAHFBoMbx7oZgniS655TqDUNSfFJZ56URd9RIgQ==
content-length
0
apigw-requestid
TYGmWgTZIAMEaBg=

Redirect headers

pragma
no-cache
date
Mon, 19 Feb 2024 09:23:52 GMT
an-x-request-uuid
b28485ee-b1db-4eb4-833b-10e4015ddf87
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=4869257680398510027
x-proxy-origin
81.95.5.36; 81.95.5.36; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
latest.js
scripts.simpleanalyticscdn.com/
7 KB
5 KB
Script
General
Full URL
https://scripts.simpleanalyticscdn.com/latest.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
a965bdafdcbdf6a1bc0a04fb81ee6d5fb86e1fde7a2da4e8998ab3bcf467bdb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 09:23:51 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-storageserver
DE-676
cdn-cachedat
10/31/2023 19:00:09
cdn-pullzone
103822
last-modified
Mon, 10 Jul 2023 03:50:47 GMT
server
BunnyCDN-DE1-1082
cdn-fileserver
635
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"64ab8017-1d5b"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
621ef7c8-45de-46e4-8237-2eca0c3a2d75
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=604800
simple-analytics
true
cdn-requestid
725d7224b9fb3330024c30a3dffd8796
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
utag.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/
517 KB
118 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:7a00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
353b7592145c487b03075bbd2caf324daf97710b4710d0013cda703d14cacc6c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
yVB9ZDRAfvXntq4lRPDsRETRXLcoxwx.
content-encoding
br
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
date
Mon, 19 Feb 2024 09:23:51 GMT
last-modified
Tue, 30 Jan 2024 17:06:05 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
257
x-amz-server-side-encryption
AES256
etag
W/"b49875f587069f2f6a1cc5cd199a197a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
tv_3Aabk4VNwYj27Sa1VyrDOcVPd7ZnD-8c1rPw6PLeJFgXOsgreLA==
truncated
/
166 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
450 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
141 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
187 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
660 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
372 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
372 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
248 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
chevron-right-xxs.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/
213 B
520 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/chevron-right-xxs.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__rQsW9bSqEc35mv-RVyy5KEuBxJAzAghjQT0h0Qp-ihE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
eb06d9c1faf512de924b0840e5ff2cea13ea5154e84b9a2edb23c3ee94602bd7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__rQsW9bSqEc35mv-RVyy5KEuBxJAzAghjQT0h0Qp-ihE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
11978, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:52 GMT
age
309141
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-768586b58-6h2z9
content-length
174
x-served-by
cache-chi-klot8100148-CHI, cache-chi-klot8100148-CHI, cache-fra-eddf8230075-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:00:56 GMT
server
nginx
x-timer
S1708334632.092221,VS0,VE109
etag
W/"65ce3538-d5"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d22a7b8d-cc38-11ee-9fd2-4e1dfad0263a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 19:31:31 GMT
truncated
/
636 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
636 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
636 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
banner-woman.jpg
www.forcepoint.com/sites/default/files/
12 KB
13 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/banner-woman.jpg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 363, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:52 GMT
age
2999153
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=139269 idim=591x426 ifmt=jpeg ofsz=12712 odim=591x426 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-7766b97b54-bj622
content-length
12712
x-served-by
cache-chi-kigq8000020-CHI, cache-chi-kigq8000031-CHI, cache-fra-eddf8230087-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.096834,VS0,VE2
etag
"N0lQYBtHe5ciagpRVpui8m2mvIrccgSXz/6JZdtfgoA"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
cda0e6ce-4fe4-11ee-ad17-1680089671b6
cache-control
max-age=31622400
accept-ranges
bytes
expires
Tue, 10 Sep 2024 14:17:41 GMT
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
750 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
ajax-loader.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
363 B
761 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ajax-loader.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__rQsW9bSqEc35mv-RVyy5KEuBxJAzAghjQT0h0Qp-ihE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f6111a2b70adc74b366e13097ef3bc968003d16bbebbd72d324cdb73edb32c36
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__rQsW9bSqEc35mv-RVyy5KEuBxJAzAghjQT0h0Qp-ihE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
1, 914, 90, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:52 GMT
age
2288418
http_x_geo_region
DE-BY
x-cache
HIT, HIT, HIT, MISS
fastly-io-info
ifsz=404 idim=43x11 ifmt=gif ofsz=363 odim=43x11 ofmt=gif ofrm=4
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-65d46855f6-q6ct7
content-length
363
x-served-by
cache-chi-kigq8000078-CHI, cache-chi-kigq8000100-CHI, cache-fra-eddf8230069-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.098522,VS0,VE2
etag
"c9vdSz1SobFgJvEEIebuVOe3obQGnXd87HeEFJfv0io"
vary
Accept, orig-host
content-type
image/gif
x-styx-req-id
358aeb06-480b-11ee-9505-2a73621cb626
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 31 Aug 2024 14:32:27 GMT
bg-blog-podcast-final-plea.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/
136 KB
137 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/bg-blog-podcast-final-plea.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__rQsW9bSqEc35mv-RVyy5KEuBxJAzAghjQT0h0Qp-ihE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
defd01b0db74c62e4efe18ef38e5ec968f2b8c2cf51ab6b14f12e1ad250eec84
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__rQsW9bSqEc35mv-RVyy5KEuBxJAzAghjQT0h0Qp-ihE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
1, 743, 3, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:52 GMT
fastly-io-served-by
vpop-mnz1300715
age
6458443
http_x_geo_region
DE-BY
x-cache
HIT, HIT, HIT, MISS
fastly-io-info
ifsz=236236 idim=580x458 ifmt=png ofsz=139710 odim=580x458 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-68df48cffd-d7rjn
content-length
139710
x-served-by
cache-chi-kigq8000089-CHI, cache-chi-kigq8000089-CHI, cache-fra-etou8220060-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.098682,VS0,VE3
etag
"J4HM7COV6lmZQG/n7TaO0MtxZmafgyzKI2fNbOojs8E"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
66fdc4a2-6286-11ee-94c4-0e8b8ab6185f
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Oct 2024 07:19:48 GMT
f-white.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/
257 B
502 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/f-white.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__rQsW9bSqEc35mv-RVyy5KEuBxJAzAghjQT0h0Qp-ihE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__rQsW9bSqEc35mv-RVyy5KEuBxJAzAghjQT0h0Qp-ihE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
16422, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:52 GMT
age
309137
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-768586b58-zhqhj
content-length
187
x-served-by
cache-chi-klot8100116-CHI, cache-chi-klot8100116-CHI, cache-fra-etou8220042-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:00:56 GMT
server
nginx
x-timer
S1708334632.099037,VS0,VE126
etag
W/"65ce3538-101"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d43ed58c-cc38-11ee-b447-723b1627109e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 19:31:34 GMT
truncated
/
442 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
icon-anchor-arrow-teal.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/
655 B
698 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/icon-anchor-arrow-teal.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__rQsW9bSqEc35mv-RVyy5KEuBxJAzAghjQT0h0Qp-ihE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__rQsW9bSqEc35mv-RVyy5KEuBxJAzAghjQT0h0Qp-ihE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
16189, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:52 GMT
age
309138
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-768586b58-6h2z9
content-length
400
x-served-by
cache-chi-klot8100063-CHI, cache-chi-klot8100063-CHI, cache-fra-etou8220138-FRA, cache-fra-eddf8230064-FRA
last-modified
Thu, 15 Feb 2024 16:01:02 GMT
server
nginx
x-timer
S1708334632.099384,VS0,VE121
etag
W/"65ce353e-28f"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d43ec65c-cc38-11ee-9fd2-4e1dfad0263a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 15 Feb 2025 19:31:34 GMT
truncated
/
383 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
558 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
356 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
431 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
688 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
utag.v.js
tags.tiqcdn.com/utag/tiqapp/
2 B
431 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=websense/forcepoint-2018/202401301705&cb=1708334632230
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:7a00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date
Mon, 19 Feb 2024 09:21:44 GMT
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
age
129
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2
last-modified
Sat, 11 Mar 2023 06:57:46 GMT
server
AmazonS3
etag
"7bc0ee636b3b83484fc3b9348863bd22"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
oW0Cs7cLBeeJGwSV92EXnHdpGOEBO3EPl9kNsYAboOdlwFpRmgrFzA==
simple.gif
queue.simpleanalyticscdn.com/
43 B
410 B
Image
General
Full URL
https://queue.simpleanalyticscdn.com/simple.gif?version=cdn_latest_11&hostname=www.forcepoint.com&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F121.0.6167.184%20Safari%2F537.36&https=true&timezone=Europe%2FBerlin&page_id=53da5585-2fd6-4079-8baf-acb3d80dcb20&session_id=02192137-2f81-4ca6-8828-0ece87ac43b9&sri=false&mobile=false&brands=%5B%5D&os_name=&os_version=&path=%2Fblog%2Fx-labs%2Fusing-c-post-powershell-attacks&viewport_width=1600&viewport_height=1200&language=en-US&screen_width=1600&screen_height=1200&unique=true&id=53da5585-2fd6-4079-8baf-acb3d80dcb20&type=pageview&time=1708334632235
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.8.253.238 Naaldwijk, Netherlands, ASN (),
Reverse DNS
212-8-253-238.hosted-by-worldstream.net
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 19 Feb 2024 09:23:52 GMT
Simple-Analytics-Feedback
Thanks for sending this page view!
Simple-Analytics-Location
not_set
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
43
Expires
0
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/
47 KB
7 KB
XHR
General
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.4708&X-HubSpot-Static-App-Info=forms-embed-1.4708
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a972d16a5ab7491f522dd36ddb7c6d7c5e2759367b0d8d54f8da0393de5222c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.forcepoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

X-Origin-Hublet
na1
Date
Mon, 19 Feb 2024 09:23:52 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
Content-Encoding
br
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
69c4fc63-44bc-4dd2-a0b2-b13422a5e0af
Transfer-Encoding
chunked
x-envoy-upstream-service-time
35
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
69c4fc63-44bc-4dd2-a0b2-b13422a5e0af
Server
cloudflare
X-Trace
2B9913D3A7F425A5B11E69680537111EBA6A5B2F88000000000000000000
Vary
origin
Access-Control-Allow-Methods
OPTIONS, GET
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.forcepoint.com
x-evy-trace-virtual-host
all
Access-Control-Expose-Headers
X-Origin-Hublet
Access-Control-Max-Age
180
Access-Control-Allow-Credentials
false
Cache-Control
max-age=0, no-cache, no-store
X-Robots-Tag
none
Access-Control-Allow-Headers
*
CF-RAY
857d741bbf591cab-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-bfd765d7d-whsvb
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/
47 KB
7 KB
XHR
General
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.4708&X-HubSpot-Static-App-Info=forms-embed-1.4708
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
368f40b9fcb7205049b5f3249bed6315e18be7faabc9372fa844b8db9f2d5856
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.forcepoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

X-Origin-Hublet
na1
Date
Mon, 19 Feb 2024 09:23:52 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
Content-Encoding
br
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
3732abd0-39f4-4db4-af45-8bc1c3f48f20
Transfer-Encoding
chunked
x-envoy-upstream-service-time
14
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
3732abd0-39f4-4db4-af45-8bc1c3f48f20
Server
cloudflare
X-Trace
2BA6CB1E3492E576186B33DF6F444F7CCCDD0FFB8D000000000000000000
Vary
origin
Access-Control-Allow-Methods
OPTIONS, GET
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.forcepoint.com
x-evy-trace-virtual-host
all
Access-Control-Expose-Headers
X-Origin-Hublet
Access-Control-Max-Age
180
Access-Control-Allow-Credentials
false
Cache-Control
max-age=0, no-cache, no-store
X-Robots-Tag
none
Access-Control-Allow-Headers
*
CF-RAY
857d741bb86d5d9d-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-bfd765d7d-8vflb
loading.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
76 KB
77 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/loading.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
dd0779c9ae69f9d8cd8728663703ce2cc6ec972dc5350a5f6948a15d67fbeea9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits
0, 90, 57, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Mon, 19 Feb 2024 09:23:52 GMT
age
2345418
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=80522 idim=200x200 ifmt=gif ofsz=78220 odim=200x200 ofmt=gif ofrm=30
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-65d46855f6-xk7dc
content-length
78220
x-served-by
cache-chi-kigq8000111-CHI, cache-chi-kigq8000104-CHI, cache-fra-etou8220099-FRA, cache-fra-eddf8230064-FRA
server
nginx
x-timer
S1708334632.259292,VS0,VE2
etag
"Nxhc6+NYNokf+oi4tit7qUckgh54LwQ6JJFLiU/ddPg"
vary
Accept, orig-host
content-type
image/gif
x-styx-req-id
49ab558b-4631-11ee-b790-6a2528cd0596
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 29 Aug 2024 05:59:59 GMT
counters.gif
forms.hsforms.com/embed/v3/
35 B
625 B
Image
General
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 09:23:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
e453681f-eeda-43ab-b5c3-350404924285
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e453681f-eeda-43ab-b5c3-350404924285
server
cloudflare
x-trace
2B0DABA7F736508C5882D7DFD878401406BF60F92A000000000000000000
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-bfd765d7d-pd6kl
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
857d741cc99918cf-FRA
truncated
/
133 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
geolocation-db.com/json/
161 B
272 B
XHR
General
Full URL
https://geolocation-db.com/json/
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.4.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
47a4b3e0162c12510f8fb3fcb902abafbc5e6c20a83a67b2cf5d5e3a55de9003

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.forcepoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 19 Feb 2024 09:23:52 GMT
content-encoding
gzip
server
nginx/1.14.0 (Ubuntu)
content-type
text/html; charset=UTF-8
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
1015 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Mon, 19 Feb 2024 09:23:52 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
54c59ba3-6bb3-4509-833a-4e5d44f92fd9
x-envoy-upstream-service-time
4
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
54c59ba3-6bb3-4509-833a-4e5d44f92fd9
Server
cloudflare
X-Trace
2B0ABC500A7EC9A19757C39F1CE84259BBCA70318F000000000000000000
Vary
origin
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-bfd765d7d-z8vxw
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
857d741d1fe99bd0-FRA
/
geolocation-db.com/json/
161 B
271 B
XHR
General
Full URL
https://geolocation-db.com/json/
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.4.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
47a4b3e0162c12510f8fb3fcb902abafbc5e6c20a83a67b2cf5d5e3a55de9003

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.forcepoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 19 Feb 2024 09:23:52 GMT
content-encoding
gzip
server
nginx/1.14.0 (Ubuntu)
content-type
text/html; charset=UTF-8
nr-rum-1.252.0.min.js
js-agent.newrelic.com/
45 KB
16 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-rum-1.252.0.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b7970f123e87891537b8ffc02756230f04ab709f6e86d99628d1d7517b1ce06
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
MnZvesGWBG.EVnzUmRfpgushluAYDfro
content-encoding
br
via
1.1 varnish
date
Mon, 19 Feb 2024 09:23:52 GMT
strict-transport-security
max-age=300
x-amz-request-id
3AZFGQ65YT7G8WVS
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
15806
x-amz-id-2
A6Mfgavx6/jBn6/p5RqADam52Skp+cv0q72fzqwsbGIfcM/uJRKZ23E6bG9Gx8TO10Lh/t7V67A=
x-served-by
cache-fra-etou8220107-FRA
last-modified
Tue, 13 Feb 2024 00:41:07 GMT
server
AmazonS3
x-timer
S1708334633.638323,VS0,VE0
etag
"2c25d4506676f166485b739ec4e56a2e"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
73012
NRJS-922263b7f65c352c48b
bam.nr-data.net/1/
40 B
467 B
XHR
General
Full URL
https://bam.nr-data.net/1/NRJS-922263b7f65c352c48b?a=477262540&v=1.252.0&to=YFEDbUMFXBBXB0RbXlkbIFpFDV0NGRRRVVRoWQBXUANXEWkKX1ZUaEIIXEY7QgJRAQ%3D%3D&rst=3148&ck=0&s=3cc47f0213c38acb&ref=https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks&hr=0&ap=1824&be=2311&fe=800&dc=420&at=TBYAGwsfTx4%3D&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1708334629500,%22n%22:0,%22re%22:316,%22f%22:316,%22dn%22:316,%22dne%22:316,%22c%22:316,%22s%22:316,%22ce%22:316,%22rq%22:317,%22rp%22:2312,%22rpe%22:2318,%22di%22:2719,%22ds%22:2726,%22de%22:2731,%22dc%22:3109,%22l%22:3109,%22le%22:3111%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=2566&fcp=2672
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.252.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5b1b39cb4bb3f74c125d87f24c7db43e7e65d14c2184e74d77b7857c2785ede

Request headers

Referer
https://www.forcepoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type
text/plain

Response headers

Date
Mon, 19 Feb 2024 09:23:53 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.forcepoint.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
Connection
keep-alive
CF-Ray
857d741e9c569072-FRA
Content-Length
40

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| NREUM object| webpackChunk:NRBA-1.252.0.PROD object| newrelic object| utag_data undefined| $ function| jQuery number| _vis_opt_account_id string| _vis_opt_protocol string| _vis_opt_script1src string| _vis_opt_script2src function| _vis_opt_loadScript function| vwoSyncCode function| consentCookie function| vwoConsentGiven object| hubspot object| HubSpotForms object| hbspt object| hsFormsOnReady function| advagg_mod_2 function| advagg_mod_2_check function| advagg_mod_defer_1 function| init_drupal_core_settings object| utag_err boolean| utag_condload string| url object| utag function| e object| s function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap object| _linkedin object| _qevents function| _tealium_old_error boolean| __tealium_twc_switch object| linkedInLoaderObj object| adobe function| Visitor function| rdt object| s_c_il number| s_c_in number| s_objectID number| s_giq object| _linkedin_data_partner_ids string| gtagRename object| dataLayer function| gtag function| fbq function| _fbq boolean| sa_event_loaded boolean| sa_loaded function| sa_event object| html5 object| Modernizr object| Drupal function| DOMPurify function| lazyloaderDebounceOrThrottle object| echo function| Waypoint object| AOS object| picturefillCFG function| picturefill function| tealiumGetResourceSearchData function| tealiumTrackResourceSearch object| tealFuncs object| options object| _hsq

9 Cookies

Domain/Path Name / Value
.forcepoint.com/ Name: utag_main__sn
Value: 1
.forcepoint.com/ Name: utag_main__se
Value: 1%3Bexp-session
.forcepoint.com/ Name: utag_main__ss
Value: 1%3Bexp-session
.forcepoint.com/ Name: utag_main__st
Value: 1708336432208%3Bexp-session
.forcepoint.com/ Name: utag_main_ses_id
Value: 1708334632208%3Bexp-session
.forcepoint.com/ Name: utag_main__pn
Value: 1%3Bexp-session
.adnxs.com/ Name: XANDR_PANID
Value: QbYGwKq_X-ue6_l8QCxyatfm0aIZmOnvsdCfcjZkTP4j2n7GitcRlRkNDM4l9kqsk4KxJXq-N3RJNnz2k2asHFrbErAVd3BVZ_CuT88Wir4.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 4869257680398510027

21 Console Messages

Source Level URL
Text
other warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/help.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/message-24-warning.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/message-24-error.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/menu-expanded.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/tree-bottom.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/menu-collapsed.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/message-24-ok.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/throbber-inactive.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/draggable.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/grippie.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/tree.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/throbber-active.gif was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/using-c-post-powershell-attacks
Message:
The resource https://www.forcepoint.com/misc/progress.gif was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

attr.ml-api.io
bam.nr-data.net
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
forms-na1.hsforms.com
forms.hsforms.com
geolocation-db.com
js-agent.newrelic.com
js.hsforms.net
queue.simpleanalyticscdn.com
s.ml-attr.com
scripts.simpleanalyticscdn.com
secure.adnxs.com
tags.tiqcdn.com
www.forcepoint.com
151.101.130.137
159.89.102.253
162.247.241.14
185.89.211.116
212.8.253.238
2400:52e0:1e00::1082:1
2600:9000:235a:7a00:7:2bfb:7c00:93a1
2600:9000:2670:a200:12:3734:2a40:93a1
2606:4700::6810:5814
2606:4700::6810:8cce
2606:4700::6811:180e
2606:4700::6812:a07d
2606:4700::6812:c07d
2a04:4e42:600::649
2a04:4e42:600::740
68.67.153.60
0370218a5b3b2dd0fafe99389e5c792eba8f07d4ef1959ccbaf023692e9ce25a
0afb763c1de6f6fbc5f775e18225ab96ced3818b62a597b7bac98d3fa29f3f23
0b7943307c6a7d7f4d6008a4746a25fd1bb56da6280123ede2e5ba8013d95527
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae
10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
1481c2c4e58796a109a75e680a6a772f65230168820d2dda34cac764e03f36e2
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
2528d731c4e61e67f78982f202d1de7e6f7a234117b4d9c98325c27e33c6e1d3
2609e47af9b5fd41bcc697b9545be93106f378abde6263e1ca3394420121770f
26be2c4cd498798df8895f91aacf2b8ffc5bd02686c4f695b081987fbe12c8c5
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4
2775873de34599848dfcd2b6a5772d9ebb2cf56d0ba8df5925fe0b20b3c1cf50
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
2af1dabc6233e7b3659be90a89d4c82800f59940141b1237ac46db89461a8f27
2d6c54b4b4a8eaee36561dea258e5b8de817e8001f049b785dec91199a1d41db
2e235a7be093a4acc3aada042f4f7c934e26bcaadacf6c3bb0e525e28ba21000
2e762e8da9e634ed25afc29890f55b60fa70da718945b14f106b402b00b445be
2fffee549f20803f72907134dc44b0b44c72684ecf69e92ec7b1f034fa03efa7
3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d
315a9c305e1926c48ac8da233a318ad97e847efdeda17656e4f3a1ec3baca916
33b128756a04391f0db5eb0002fc1d19d63bb5739cfa4a81004d995bf0624550
353b7592145c487b03075bbd2caf324daf97710b4710d0013cda703d14cacc6c
3646dc608888e2d7ad7a83a79d6ad6ffe7c3012fbbe2c944314840436e9f5716
368f40b9fcb7205049b5f3249bed6315e18be7faabc9372fa844b8db9f2d5856
38bf60e9e3b26f4bbbd3cb6594d3954a3e36d2a4167b09bb746acba0fa85d4ce
39964c58ecfd8f2e123e69ac0cff4fa389b5aa7a26191883e2a4289819e19b53
42139af63a51353a5ebd189672677d738178e64fcf6f4cd66db3c009ada46386
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
47a4b3e0162c12510f8fb3fcb902abafbc5e6c20a83a67b2cf5d5e3a55de9003
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3
4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70
50f6481e8c65a0c9796497b33a24bf50a90a531fc3e1cc0dc019e2af14c8abef
521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886
5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868
69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b7970f123e87891537b8ffc02756230f04ab709f6e86d99628d1d7517b1ce06
7277aa6992f8d84c899d9677fe5624ad79d80bdf298ddd5a2d0dd27b0a28041b
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
74c0b34fce543ce085851b0d644471c036853519593e2c704615ddca08466999
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
75de14e55fe4b7b7ee193c5f3c8a4447b8928c21354e28e194f0e89506f85e18
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
76e0a509323608a889e87905b524cf659ea2d7fcb1a3987869b416961b60a529
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455
77fac33afdd25a55694ba10a159b37ea0c0898180f94a46d5cdb58e7032b4f3b
7c38acd92ae6bde95f3f8108a03252fffb82ccd6abea48e29ea0b7f365297287
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
7f02b711e88c0e385f12ecdeb9a97ba2d72465cd4dc24d3087410536d74f60a3
8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a
809bf772861d5903dcd978e3712a6d2934cc4c74961358159ece9d1442c41eda
83906d4f8a0f8d0364be66f304608d8a10f014e67336265dd89a01269c11ca0d
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8
89a0e1ddaaf6065ecf35dbc63151f273e1249fb0737a14af71bd315848df9a94
8ab97d2d02e110fb83898b0ee9cfbdac8e84b2ae207dd382ec4befceaf19f26e
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
91e4bb6ed20592449430c1edb1d80b903c81c9d63dd48ebb1e0692039a88ee2a
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
95466f54e05aa0e66fb31d01cd96eef195e7f2f005ee35f21f41c38b2aac758f
98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742
9a5b4817923ddcf72a52cacaace5f31905defc508f06ee2f76a40c6b9f3441c0
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
9e364511ec9f9b84758e997b3f4492bb37b58219411647ca206e3e43daa685b1
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
a0f75cf1362c1ec32b36d3f7ffa3eac1888ded73367c8e2693e809bac9e5f090
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d
a56f2c1bfb78496d7e0497dd5c79dbf789c1b9ef3833d319e0d143650d041757
a965bdafdcbdf6a1bc0a04fb81ee6d5fb86e1fde7a2da4e8998ab3bcf467bdb4
a972d16a5ab7491f522dd36ddb7c6d7c5e2759367b0d8d54f8da0393de5222c1
aae32b2bc7f6bc3224ccd8e50e4b9b5e740ef619fa66e7c75b9fb135470f45d9
ad2064f58daf0c71dc4f1cd5c97ebe1a5fc1eae8cb6c6f75e5e0e696be1cb07d
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9
b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b
b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29
b5b1b39cb4bb3f74c125d87f24c7db43e7e65d14c2184e74d77b7857c2785ede
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
b934c733fb9cc7adc0a58a18c1d852e61f045256683b162f746c1e662d40da89
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b
bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6
c0bce3c69009ee89078e9eed1305d9e6df0ff6ca83bd3fdab59ee0ba03e23b31
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c
c0d3e8399d25a454b367e3156a62719226f9d283000f3d0ef30fcd9f9d968763
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf
c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
c7df1285277e150259e2352c0490924c2cc1f048e2899d8652ec17da6d0e9b50
cb1213a2fe62895e9809c70e606a1234c107d4fb5d1d9e9fe3579a0e87305464
ceb7f847854cbb5e36829e45e1ed24bbd035cf2f333de9877f2f228253034eb0
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
db5ca58b27a83629cd3331e6bcf94831488c4f5656b1bc39fa6154b37921ac45
db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f
dd0779c9ae69f9d8cd8728663703ce2cc6ec972dc5350a5f6948a15d67fbeea9
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3
defd01b0db74c62e4efe18ef38e5ec968f2b8c2cf51ab6b14f12e1ad250eec84
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f
e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c
e6e9870f494b1c2287e84247ac3399299d17337087788b2f40d4f7c9fcb42f46
e7e02c8510e5cdcf18b17c36aab04ff6867e018178fe5594aa9c1fb40f252838
e89d6323ee8242c1b8d6e40efefa01ef488dda3593679dfc6220fbb733e9c495
eb06d9c1faf512de924b0840e5ff2cea13ea5154e84b9a2edb23c3ee94602bd7
ecf6f89d6f17bfb945b064ef7af52f42c76c98b4660b2c554191fd1093751f01
ee27e3cdc69e172aac4b82b3f20d30a2e9b8fc56e7154475292f0ce338b8a5a5
ee2eacb783191c9897eb92041b40c6330e37e46624ebd2204a501fbb94b4fb06
f12ed71bda9274dedc7c023f0bc8f1fd4d83ca512b1cce028d05a5e9dd6d71ae
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241
f6111a2b70adc74b366e13097ef3bc968003d16bbebbd72d324cdb73edb32c36
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5
f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1
fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0