www.forcepoint.com Open in urlscan Pro
2a04:4e42:400::740 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Submission: On February 27 via api (February 27th 2024, 2:14:58 am UTC) from TR — Scanned from DE

Summary HTTP 141 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 14 domains to perform 141 HTTP transactions. The main IP is 2a04:4e42:400::740, located in United States and belongs to FASTLY, US. The main domain is www.forcepoint.com. The Cisco Umbrella rank of the primary domain is 329205.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on November 22nd 2023. Valid for: a year.

This is the only time www.forcepoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
120	2a04:4e42:400... 2a04:4e42:400::740	54113 (FASTLY) (FASTLY)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
3	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:9000:235... 2600:9000:235a:d000:7:2bfb:7c00:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:8bce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	185.89.210.82 185.89.210.82	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:267... 2600:9000:2670:ee00:12:3734:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2400:52e0:1e0... 2400:52e0:1e00::1081:1	200325 (BUNNYCDN) (BUNNYCDN)
2	190.2.151.160 190.2.151.160	49981 (WORLDSTREAM) (WORLDSTREAM)
4	2606:4700::68... 2606:4700::6811:eff9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	159.89.102.253 159.89.102.253	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2606:4700::68... 2606:4700::6811:cff9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1	162.247.243.29 162.247.243.29	54113 (FASTLY) (FASTLY)
141	15

120 2a04:4e42:400::740 (United States)

ASN54113 (FASTLY, US)

www.forcepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:235a:d000:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8bce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.82 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2670:ee00:12:3734:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::1081:1 (Germany)

ASN200325 (BUNNYCDN, SI)

scripts.simpleanalyticscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 190.2.151.160 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: 190-2-151-160.hosted-by-worldstream.net

queue.simpleanalyticscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:eff9 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.89.102.253 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

geolocation-db.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cff9 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.29 (United States)

ASN54113 (FASTLY, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
120	forcepoint.com www.forcepoint.com — Cisco Umbrella Rank: 329205	2 MB
5	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4280 forms-na1.hsforms.com — Cisco Umbrella Rank: 6920	16 KB
3	simpleanalyticscdn.com scripts.simpleanalyticscdn.com — Cisco Umbrella Rank: 58406 queue.simpleanalyticscdn.com — Cisco Umbrella Rank: 41807	5 KB
3	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 1214	110 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 306	14 KB
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 502	2 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 242	406 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 592	16 KB
1	geolocation-db.com geolocation-db.com — Cisco Umbrella Rank: 16659	257 B
1	ml-api.io attr.ml-api.io — Cisco Umbrella Rank: 18960	233 B
1	ml-attr.com 1 redirects s.ml-attr.com — Cisco Umbrella Rank: 15341	283 B
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6665	154 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 226	56 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 729	31 KB
141	14

	Domain	Requested by
120	www.forcepoint.com	www.forcepoint.com
4	forms.hsforms.com	js.hsforms.net www.forcepoint.com
3	tags.tiqcdn.com	www.forcepoint.com tags.tiqcdn.com
3	cdn.jsdelivr.net	www.forcepoint.com
2	queue.simpleanalyticscdn.com	www.forcepoint.com
2	secure.adnxs.com	2 redirects
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.forcepoint.com
1	forms-na1.hsforms.com	www.forcepoint.com
1	geolocation-db.com	code.jquery.com
1	scripts.simpleanalyticscdn.com	www.forcepoint.com
1	attr.ml-api.io	www.forcepoint.com
1	s.ml-attr.com	1 redirects
1	js.hsforms.net	www.forcepoint.com
1	cdnjs.cloudflare.com	www.forcepoint.com
1	code.jquery.com	www.forcepoint.com
141	16

This site contains links to these domains. Also see Links.

Domain
partners.forcepoint.com
support.forcepoint.com
learn.forcepoint.com
blog.didierstevens.com
www.linkedin.com
twitter.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
forcepoint.com Sectigo RSA Organization Validation Secure Server CA	`2023-11-22` - `2024-11-21`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
tags.tiqcdn.com Amazon RSA 2048 M01	`2023-04-18` - `2024-05-17`	a year	crt.sh
scripts.simpleanalyticscdn.com R3	`2024-02-22` - `2024-05-22`	3 months	crt.sh
queue.simpleanalyticscdn.com R3	`2024-02-05` - `2024-05-05`	3 months	crt.sh
geolocation-db.com R3	`2024-02-10` - `2024-05-10`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-01-15` - `2025-02-15`	a year	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2024-10-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Frame ID: 0A18FF6C7B9D473719D06C9B7C6BB316
Requests: 162 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Agent Tesla Malware Attacks Travel Industry

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

141
Requests

99 %
HTTPS

63 %
IPv6

14
Domains

16
Subdomains

15
IPs

3
Countries

2025 kB
Transfer

5448 kB
Size

9
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://partners.forcepoint.com/s/login/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://support.forcepoint.com/s/
Title: Support Login

Search URL Search Domain Scan URL

URL: https://learn.forcepoint.com/
Title: Training

Search URL Search Domain Scan URL

URL: https://blog.didierstevens.com/programs/pdf-tools/
Title: PDFiD

Search URL Search Domain Scan URL

URL: https://learn.forcepoint.com/catalog?query=e-learning
Title: Free E-Learning Courses

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/forcepoint?trk=fc_badge
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/forcepointsec
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ForcepointLLC
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC4MbQECdktvwewRlAFwT_-w
Title: YouTube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 118

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=4631967474424539940

141 HTTP transactions
21 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request agent-tesla-malware-attacks-travel-industry Show response
www.forcepoint.com/blog/x-labs/ 134 KB
44 KB 196ms
131ms Document
text/html 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f4396a838daa0fb4334b5e8e8321322dfb1507176cf531868e16a1216e86f72a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .fonts.net .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com .ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com .nr-data.net .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com .theadex.com .aumago.com .driftqa.com .scribblecdn.net .esg-global.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .clickagy.com .nimblestory.com .usemessages.com .stackadapt.com .googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net .w55c.net .demandbase.com .company-target.com .gstatic.com .tiqcdn.com .marketo.net .newrelic.com .facebook.net .ads-twitter.com .burly.io .bizographics.com .nr-data.net .licdn.com .tt.omtrdc.net .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com .ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com app.vwo.com .ubembed.com .driftt.com .vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com .adobe.com .consensu.org .bizible.com .theadex.com .aumago.com .zoominfo.com .clickagy.com .redditstatic.com .quantcount.com .g2crowd.com .steelhousemedia.com .scribblecdn.net .esg-global.com .6sc.co .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .jquery.com .google.com .hscollectedforms.net .jsdelivr.net .stackadapt.com .googlesyndication.com .simpleanalyticscdn.com; img-src data: ; font-src 'self' .google.com .googleadservices.com; connect-src 'self' .vwo.com .demdex.net .omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net .theadex.com .aumago.com .google-analytics.com .6sc.co .adnxs.com .vidyard.com .6sense.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com api.hubapi.com .hsforms.net .hsforms.com .s3.amazonaws.com .drift.com .clickagy.com .facebook.com .zoominfo.com geolocation-db.com cdn.linkedin.oribi.io .hubspot.com .hscollectedforms.net .stackadapt.com .google.com .googletagmanager.com .googleadservices.com google.com .googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3279
cache-control: public, max-age=3600
content-encoding: gzip
content-language: en
content-length: 39464
content-security-policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report
content-type: text/html; charset=utf-8
date: Tue, 27 Feb 2024 02:14:53 GMT
etag: W/"1708996813-0"
expires: Sun, 19 Nov 1978 05:00:00 GMT
from-origin: same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent: EU
http_x_geo_region: DE-TH
last-modified: Tue, 27 Feb 2024 01:20:13 GMT
link: </sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</misc/throbber-inactive.png>; rel=preload; as=image; type="image/png"; nopush,</misc/throbber-active.gif>; rel=preload; as=image; type="image/gif"; nopush,</misc/grippie.png>; rel=preload; as=image; type="image/png"; nopush,</misc/draggable.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree-bottom.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-ok.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-warning.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-error.png>; rel=preload; as=image; type="image/png"; nopush,</misc/help.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-expanded.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-collapsed.png>; rel=preload; as=image; type="image/png"; nopush,</misc/progress.gif>; rel=preload; as=image; type="image/gif"; nopush,</sites/all/libraries/chosen/chosen-sprite.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/libraries/chosen/chosen-sprite@2x.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png>; rel=preload; as=image; type="image/png"; nopush,<https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry>; rel="canonical",<https://www.forcepoint.com/node/40499>; rel="shortlink"
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=18410000; includeSubDomains; preload
vary: Accept-Encoding, x-geo-country, Cookie, orig-host
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: HIT, MISS, MISS, MISS
x-cache-hits: 3, 0, 0, 0
x-content-type-options: nosniff
x-drupal-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 7 (http://drupal.org)
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-snd8l
x-served-by: cache-chi-klot8100071-CHI, cache-chi-kigq8000114-CHI, cache-fra-eddf8230080-FRA, cache-fra-eddf8230110-FRA
x-styx-req-id: 5b20f450-d50e-11ee-adc1-ca68953d835f
x-timer: S1709000094.710717,VS0,VE110
x-ua-compatible: IE=Edge,chrome=1
x-xss-protection: 1

GET
H2 200 Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized// 18 KB
19 KB 130ms
129ms Font
font/woff 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1291, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17750
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-blxzr
content-length: 18868
x-served-by: cache-chi-klot8100046-CHI, cache-chi-kigq8000027-CHI, cache-fra-eddf8230139-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 26 Feb 2024 04:18:08 GMT
server: nginx
x-timer: S1709000094.847372,VS0,VE108
etag: "65dc1100-49b4"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: aab9e7c7-d4ec-11ee-ba11-b6eef492f57f
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:03 GMT

GET
H2 200 Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
19 KB 148ms
148ms Font
font/woff 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1426, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17750
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-768586b58-zxh75
content-length: 18868
x-served-by: cache-chi-klot8100050-CHI, cache-chi-klot8100101-CHI, cache-fra-eddf8230101-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 26 Feb 2024 02:03:03 GMT
server: nginx
x-timer: S1709000094.847385,VS0,VE127
etag: "65dbf157-49b4"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: aab9d81e-d4ec-11ee-8c3e-0606ae8e85e6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:03 GMT

GET
H2 200 Hoves_Medium.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
19 KB 133ms
132ms Font
font/woff 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1435, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17750
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-768586b58-zxh75
content-length: 18688
x-served-by: cache-chi-klot8100111-CHI, cache-chi-kigq8000174-CHI, cache-fra-eddf8230137-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 26 Feb 2024 04:18:08 GMT
server: nginx
x-timer: S1709000094.847867,VS0,VE110
etag: "65dc1100-4900"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: aab9f940-d4ec-11ee-8c3e-0606ae8e85e6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:03 GMT

GET
H2 200 Hoves_Regular.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
18 KB 156ms
155ms Font
font/woff 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1431, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17750
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-l75pm
content-length: 18436
x-served-by: cache-chi-kigq8000080-CHI, cache-chi-kigq8000105-CHI, cache-fra-etou8220139-FRA, cache-fra-eddf8230110-FRA
last-modified: Sat, 24 Feb 2024 22:13:10 GMT
server: nginx
x-timer: S1709000094.847839,VS0,VE132
etag: "65da69f6-4804"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: ab16a752-d4ec-11ee-8e24-b2b131c25595
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:04 GMT

GET
H2 200 Hoves_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 19 KB
19 KB 131ms
131ms Font
font/woff 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1429, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-vbc82
content-length: 19656
x-served-by: cache-chi-klot8100066-CHI, cache-chi-klot8100085-CHI, cache-fra-eddf8230055-FRA, cache-fra-eddf8230110-FRA
last-modified: Sun, 25 Feb 2024 18:28:34 GMT
server: nginx
x-timer: S1709000094.847852,VS0,VE109
etag: "65db86d2-4cc8"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: ab33d717-d4ec-11ee-a81b-8e864566e8c9
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:04 GMT

GET
H2 200 Hoves_Light.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
18 KB 131ms
131ms Font
font/woff 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1430, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-768586b58-4rgl6
content-length: 18600
x-served-by: cache-chi-klot8100135-CHI, cache-chi-kigq8000039-CHI, cache-fra-eddf8230065-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 26 Feb 2024 02:03:03 GMT
server: nginx
x-timer: S1709000094.847803,VS0,VE109
etag: "65dbf157-48a8"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: ab33a10b-d4ec-11ee-b0a6-1203f0a6f01e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:04 GMT

GET
H2 200 Hoves_Light_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 19 KB
19 KB 130ms
130ms Font
font/woff 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1434, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-l75pm
content-length: 19360
x-served-by: cache-chi-klot8100021-CHI, cache-chi-klot8100053-CHI, cache-fra-etou8220105-FRA, cache-fra-eddf8230110-FRA
last-modified: Sat, 24 Feb 2024 22:13:10 GMT
server: nginx
x-timer: S1709000094.847788,VS0,VE107
etag: "65da69f6-4ba0"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: ab35606e-d4ec-11ee-8e24-b2b131c25595
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:04 GMT

GET
H2 200 Hoves_ExtraLight.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
18 KB 142ms
142ms Font
font/woff 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-768586b58-zxh75
content-length: 17944
x-served-by: cache-chi-kigq8000074-CHI, cache-chi-kigq8000074-CHI, cache-fra-eddf8230027-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 26 Feb 2024 02:03:03 GMT
server: nginx
x-timer: S1709000094.847776,VS0,VE121
etag: "65dbf157-4618"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: ab4bf62f-d4ec-11ee-8c3e-0606ae8e85e6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:04 GMT

GET
H2 200 throbber-inactive.png
www.forcepoint.com/misc/ 140 B
500 B 40ms
28ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/throbber-inactive.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 21, 37, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-mnz1300703
age: 2366492
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=320 idim=15x13 ifmt=png ofsz=140 odim=15x13 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-d4lxr
content-length: 140
x-served-by: cache-chi-kigq8000042-CHI, cache-chi-kigq8000057-CHI, cache-fra-etou8220113-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.878740,VS0,VE3
etag: "CYYfXWQxa+SPObSsE32Xk7Do+LMPmm8BZYCZJK1ZEUA"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: b39ba5be-61b8-11ee-88ba-6ea38a268b26
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 06:47:21 GMT

GET
H2 200 throbber-active.gif
www.forcepoint.com/misc/ 1 KB
2 KB 37ms
24ms Image
image/gif 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/throbber-active.gif

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a0f75cf1362c1ec32b36d3f7ffa3eac1888ded73367c8e2693e809bac9e5f090

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 61, 37, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 3596041
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=1233 idim=15x13 ifmt=gif ofsz=1222 odim=15x13 ofmt=gif ofrm=12
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-86d66977b5-p8xp9
content-length: 1222
x-served-by: cache-chi-kigq8000173-CHI, cache-chi-klot8100070-CHI, cache-fra-etou8220138-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.878725,VS0,VE2
etag: "cciM0uPCYoc09vCSqOmHV4nMniFUM15FCTn0mYxlwCQ"
vary: Accept, orig-host
content-type: image/gif
x-styx-req-id: ac2f7d13-57c0-11ee-b1e6-eeb9918916c4
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 20 Sep 2024 14:19:12 GMT

GET
H2 200 grippie.png
www.forcepoint.com/misc/ 56 B
495 B 35ms
22ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/grippie.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 437, 37, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010217
age: 373670
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=106 idim=27x5 ifmt=png ofsz=56 odim=27x5 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-5ccf9cfdb-bvpg4
content-length: 56
x-served-by: cache-chi-kigq8000099-CHI, cache-chi-klot8100126-CHI, cache-fra-etou8220070-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.879553,VS0,VE2
etag: "kt9RZLYHWjv58VxK34gY2gtJI3NheIs+DTYX4JV5AGA"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 0f37cccc-ab15-11ee-980c-c65d0c640b9b
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 04 Jan 2025 15:22:23 GMT

GET
H2 200 draggable.png
www.forcepoint.com/misc/ 268 B
751 B 36ms
24ms Image
image/png 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/draggable.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 10, 498, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010216
age: 338067
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=268 idim=15x60 ifmt=png ofsz=268 odim=15x60 ofmt=png
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-7c5cb85795-dk8ww
content-length: 268
fastly-io-warning: Failed to shrink image
x-served-by: cache-chi-kigq8000137-CHI, cache-chi-kigq8000095-CHI, cache-fra-etou8220055-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.879532,VS0,VE2
etag: "KWIpRFdw6XY1xKLUIvevvjFCVB7MVHDdktcCcAkddP0"
vary: Accept, orig-host
content-type: image/png
x-styx-req-id: 46263d7e-be29-11ee-b4b0-265ccaddb1c1
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 28 Jan 2025 22:04:57 GMT

GET
H2 200 tree.png
www.forcepoint.com/misc/ 82 B
540 B 36ms
23ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/tree.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1, 79, 37, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-mnz1300714
age: 2978188
http_x_geo_region: DE-TH
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=130 idim=80x81 ifmt=png ofsz=82 odim=80x81 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-6fcbcb6768-sxfmv
content-length: 82
x-served-by: cache-chi-klot8100136-CHI, cache-chi-klot8100136-CHI, cache-fra-etou8220127-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.879528,VS0,VE2
etag: "Z35FTfoaAVemLhiXshryO4rkEzH1KA6bO8GIRsSVaO0"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: f924f6e0-5bc3-11ee-9b37-de3a52dd242e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 25 Sep 2024 16:52:55 GMT

GET
H2 200 tree-bottom.png
www.forcepoint.com/misc/ 78 B
495 B 36ms
24ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/tree-bottom.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 18, 37, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-mnz1300708
age: 3059899
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=129 idim=80x81 ifmt=png ofsz=78 odim=80x81 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-8466695d9f-7kzsc
content-length: 78
x-served-by: cache-chi-klot8100179-CHI, cache-chi-kigq8000116-CHI, cache-fra-etou8220127-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.879511,VS0,VE2
etag: "JyOt5s8au+dKwuKYWT9ybz2cVW6ZbelcJx3DlTABXvE"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: f98a7cd2-7234-11ee-8ab8-4a5fa7de18a2
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 24 Oct 2024 06:17:14 GMT

GET
H2 200 message-24-ok.png
www.forcepoint.com/misc/ 902 B
1 KB 35ms
23ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/message-24-ok.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 155, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 2288074
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=1058 idim=24x24 ifmt=png ofsz=902 odim=24x24 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-94d5cdf4b-zqw6f
content-length: 902
x-served-by: cache-chi-kigq8000105-CHI, cache-chi-kigq8000105-CHI, cache-fra-eddf8230106-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.879520,VS0,VE2
etag: "60PoYDt+1vFXU4yAkaVKB1clxMNlUR3MuNzEGSZ9U9Y"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: e74042a2-4bf0-11ee-ba7d-7269e63b1094
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 05 Sep 2024 13:34:13 GMT

GET
H2 200 message-24-warning.png
www.forcepoint.com/misc/ 612 B
1 KB 41ms
28ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/message-24-warning.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1, 275, 36, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 4170387
http_x_geo_region: DE-TH
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=753 idim=24x24 ifmt=png ofsz=612 odim=24x24 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-f7jbb
content-length: 612
x-served-by: cache-chi-kigq8000075-CHI, cache-chi-kigq8000075-CHI, cache-fra-eddf8230080-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.883110,VS0,VE1
etag: "etN9kWF1zriHIse4xor9Tv/e40PLoR3lRGg8xe6tRQE"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: e92e9328-5173-11ee-90dd-f67672c2264c
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 12 Sep 2024 13:54:37 GMT

GET
H2 200 message-24-error.png
www.forcepoint.com/misc/ 614 B
1 KB 45ms
33ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/message-24-error.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 164, 37, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 1851915
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=733 idim=24x24 ifmt=png ofsz=614 odim=24x24 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-94d5cdf4b-sv9ss
content-length: 614
x-served-by: cache-chi-klot8100090-CHI, cache-chi-klot8100101-CHI, cache-fra-etou8220109-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.883222,VS0,VE3
etag: "gVoMZ8dd1QgL/2SjIwn0GwzJENiBt143AYaoiF4Ws6M"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: d2736d1f-4bf3-11ee-ab95-7a125f96bbd6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 05 Sep 2024 13:55:07 GMT

GET
H2 200 help.png
www.forcepoint.com/misc/ 192 B
519 B 44ms
32ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/help.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 105, 36, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 3652062
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=294 idim=16x16 ifmt=png ofsz=192 odim=16x16 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-pt5pm
content-length: 192
x-served-by: cache-chi-klot8100025-CHI, cache-chi-klot8100138-CHI, cache-fra-etou8220134-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.883431,VS0,VE2
etag: "v6al66PXjd/2WqSfHyL2pCCxkfKAcJfvgCU3I6pbO+4"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: d6f38802-5641-11ee-a0a0-e2c6c2e254a3
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 18 Sep 2024 16:38:47 GMT

GET
H2 200 menu-expanded.png
www.forcepoint.com/misc/ 46 B
373 B 41ms
29ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/menu-expanded.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 219, 35, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 573156
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=106 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-vhx5s
content-length: 46
x-served-by: cache-chi-kigq8000158-CHI, cache-chi-kigq8000158-CHI, cache-fra-etou8220050-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.883065,VS0,VE2
etag: "lnOeF6KlRRR5aM+MCm3C8DB9Vu1cySrSTIEOJY+eTS4"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: aa5bf352-57b9-11ee-8725-5e511f59cab2
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 20 Sep 2024 13:29:03 GMT

GET
H2 200 menu-collapsed.png
www.forcepoint.com/misc/ 46 B
463 B 46ms
34ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/menu-collapsed.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 110, 36, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-mnz1300716
age: 2678910
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=105 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-8c86c97b-x24qq
content-length: 46
x-served-by: cache-chi-klot8100149-CHI, cache-chi-kigq8000028-CHI, cache-fra-eddf8230090-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.883058,VS0,VE4
etag: "HJgRuOhWhAFgOazVOW2HjRFb16cHmG+HSX+vLor86a0"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 26bd1c51-7f6a-11ee-ae15-06a9b174c22b
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 10 Nov 2024 01:40:38 GMT

GET
H2 200 progress.gif
www.forcepoint.com/misc/ 6 KB
6 KB 43ms
30ms Image
image/gif 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/progress.gif

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

74c0b34fce543ce085851b0d644471c036853519593e2c704615ddca08466999

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 139, 36, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 3489235
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=5872 idim=20x40 ifmt=gif ofsz=5852 odim=20x40 ofmt=gif ofrm=20
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-f64b97cc5-h4trs
content-length: 5852
x-served-by: cache-chi-klot8100027-CHI, cache-chi-klot8100027-CHI, cache-fra-eddf8230084-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.883048,VS0,VE2
etag: "KSQIcjJuPSqTVV6Yjqa330VSb5j46NEcKLjR3ejGL1A"
vary: Accept, orig-host
content-type: image/gif
x-styx-req-id: 05e87f2e-5190-11ee-b5e9-5e81615bdc04
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 12 Sep 2024 17:15:51 GMT

GET
H2 200 chosen-sprite.png
www.forcepoint.com/sites/all/libraries/chosen/ 430 B
827 B 43ms
31ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 411, 606, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 2122388
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=538 idim=52x37 ifmt=png ofsz=430 odim=52x37 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-59d8b4cd4d-tcn4k
content-length: 430
x-served-by: cache-chi-kigq8000072-CHI, cache-chi-kigq8000145-CHI, cache-fra-etou8220041-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.883038,VS0,VE2
etag: "pCuJ3WEDsPQPzkbIkY90U4TfuAo3yBgHEEN2IOPELGY"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 27ba8dbd-49dc-11ee-b8a1-b6a75a728231
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 02 Sep 2024 22:00:40 GMT

GET
H2 200 chosen-sprite@2x.png
www.forcepoint.com/sites/all/libraries/chosen/ 628 B
1 KB 41ms
29ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 511, 603, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 247274
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=738 idim=104x74 ifmt=png ofsz=628 odim=104x74 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-94d5cdf4b-sv9ss
content-length: 628
x-served-by: cache-chi-klot8100035-CHI, cache-chi-kigq8000055-CHI, cache-fra-etou8220070-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.883033,VS0,VE2
etag: "1954vZ3omyWtqZWjx3EPpQPU3ZMgJvFFfwvKeF5rhm0"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 691c25b8-4bc0-11ee-ab95-7a125f96bbd6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 05 Sep 2024 07:47:06 GMT

GET
H2 200 ui-bg_flat_75_ffffff_40x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ 44 B
453 B 57ms
45ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1, 34, 725, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010214
age: 579087
http_x_geo_region: DE-TH
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=178 idim=40x100 ifmt=png ofsz=44 odim=40x100 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-768586b58-wqzn7
content-length: 44
x-served-by: cache-chi-klot8100108-CHI, cache-chi-kigq8000094-CHI, cache-fra-etou8220134-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.892995,VS0,VE1
etag: "O9SdHkbja5Mmzi4DWOWJdZgUQirITGa5uuAK5R/QoyM"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 034e02d3-c499-11ee-8a32-f62ebc9d749a
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 06 Feb 2025 02:39:55 GMT

GET
H2 200 ui-bg_highlight-soft_75_cccccc_1x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ 54 B
496 B 50ms
39ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 98, 726, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-mnz1300713
age: 2078859
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=101 idim=1x100 ifmt=png ofsz=54 odim=1x100 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-8466695d9f-wkcpr
content-length: 54
x-served-by: cache-chi-klot8100051-CHI, cache-chi-kigq8000037-CHI, cache-fra-etou8220033-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.891523,VS0,VE2
etag: "SVL3LfYtpcUTzNEo8mHT+EoBDkNcvK2l7xiLlLE7P6w"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 8091a018-7804-11ee-96c6-b2f9f5dd882e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 31 Oct 2024 15:45:22 GMT

GET
H2 200 ui-bg_glass_75_e6e6e6_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ 78 B
517 B 76ms
64ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 84, 726, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-mnz1300716
age: 2246129
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=110 idim=1x400 ifmt=png ofsz=78 odim=1x400 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-fd4t4
content-length: 78
x-served-by: cache-chi-kigq8000077-CHI, cache-chi-klot8100165-CHI, cache-fra-eddf8230050-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.892327,VS0,VE3
etag: "4s1MwOZKDfGEu/a/SFo57USn639l3MbW8dYbzZPyEag"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 4ea43432-61e4-11ee-89c0-0a8bf9062628
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 11:59:29 GMT

GET
H2 200 ui-bg_glass_75_dadada_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ 84 B
413 B 49ms
38ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 88, 648, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 415715
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=111 idim=1x400 ifmt=png ofsz=84 odim=1x400 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-549fb86767-nsvlj
content-length: 84
x-served-by: cache-chi-kigq8000136-CHI, cache-chi-kigq8000023-CHI, cache-fra-eddf8230071-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.891257,VS0,VE2
etag: "msf+sm6St45S//5aPCnGaIqq4DmKLsS3uxv+ikcGyuY"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: a527ec09-4d90-11ee-91ee-3e79583b6ece
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 07 Sep 2024 15:10:13 GMT

GET
H2 200 css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 6 KB
2 KB 135ms
133ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 733, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-55f9644964-sszb8
content-length: 2109
x-served-by: cache-chi-kigq8000158-CHI, cache-chi-kigq8000093-CHI, cache-fra-etou8220118-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 08 Mar 2023 18:00:58 GMT
server: nginx
x-timer: S1709000094.855523,VS0,VE112
etag: W/"6408cd5a-1797"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 8257d62e-7a11-11ee-b08b-4e82373ded40
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 03 Nov 2024 06:23:31 GMT

GET
H2 200 css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 11 KB
3 KB 133ms
130ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1245, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17750
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-ffczj
content-length: 2662
x-served-by: cache-chi-klot8100126-CHI, cache-chi-klot8100086-CHI, cache-fra-eddf8230118-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:22 GMT
server: nginx
x-timer: S1709000094.855526,VS0,VE110
etag: W/"6406263a-2d9a"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 114b838c-6826-11ee-863d-3ee2b5662298
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 11 Oct 2024 11:05:20 GMT

GET
H2 200 css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 789 B
729 B 150ms
148ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1358, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17750
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-5cc456d87b-p9zk7
content-length: 405
x-served-by: cache-chi-kigq8000072-CHI, cache-chi-klot8100030-CHI, cache-fra-eddf8230139-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 18:37:56 GMT
server: nginx
x-timer: S1709000094.867654,VS0,VE113
etag: W/"64063304-315"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 56724c79-8cd2-11ee-bb05-72fe7b7b95b6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 27 Nov 2024 03:09:11 GMT

GET
H2 200 css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 14 KB
3 KB 173ms
171ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1366, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17750
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-86d66977b5-5ll47
content-length: 2632
x-served-by: cache-chi-kigq8000077-CHI, cache-chi-klot8100044-CHI, cache-fra-etou8220134-FRA, cache-fra-eddf8230110-FRA
last-modified: Thu, 15 Jun 2023 14:49:23 GMT
server: nginx
x-timer: S1709000094.867635,VS0,VE132
etag: W/"648b24f3-3962"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: a9070dd2-57cf-11ee-9bc0-a219bd3f6e17
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 20 Sep 2024 16:06:30 GMT

GET
H2 200 css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 512 B
576 B 145ms
143ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1367, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17750
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-55f9644964-w824f
content-length: 230
x-served-by: cache-chi-kigq8000024-CHI, cache-chi-klot8100092-CHI, cache-fra-eddf8230127-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 18:00:10 GMT
server: nginx
x-timer: S1709000094.867637,VS0,VE111
etag: W/"64062a2a-200"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: ea9469c2-7c50-11ee-9989-e6d8576c5cd3
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 06 Nov 2024 03:02:26 GMT

GET
H2 200 css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 3 KB
1 KB 142ms
140ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 742, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-q48kl
content-length: 1172
x-served-by: cache-chi-klot8100165-CHI, cache-chi-klot8100087-CHI, cache-fra-etou8220056-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 08 Mar 2023 18:00:58 GMT
server: nginx
x-timer: S1709000094.867611,VS0,VE108
etag: W/"6408cd5a-c8c"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 5d99e30d-61ab-11ee-8fcc-e67e16785de6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Oct 2024 05:11:53 GMT

GET
H2 200 css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 506 B
474 B 143ms
141ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 736, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-5ff98d754f-f54vr
content-length: 175
x-served-by: cache-chi-klot8100176-CHI, cache-chi-kigq8000074-CHI, cache-fra-etou8220032-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 08 Mar 2023 18:00:58 GMT
server: nginx
x-timer: S1709000094.867603,VS0,VE109
etag: W/"6408cd5a-1fa"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: c136dbc4-c195-11ee-832e-dea0e841987e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 02 Feb 2025 06:39:03 GMT

GET
H2 200 css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 454 B
544 B 140ms
138ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 739, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-8466695d9f-2qkg2
content-length: 221
x-served-by: cache-chi-kigq8000113-CHI, cache-chi-kigq8000102-CHI, cache-fra-eddf8230055-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:23 GMT
server: nginx
x-timer: S1709000094.867603,VS0,VE106
etag: W/"6406263b-1c6"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 318da244-7210-11ee-bd02-5a9569c1a30c
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 24 Oct 2024 01:53:57 GMT

GET
H2 200 css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 502 B
580 B 146ms
144ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 739, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-pv78z
content-length: 252
x-served-by: cache-chi-klot8100064-CHI, cache-chi-klot8100108-CHI, cache-fra-etou8220093-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:22 GMT
server: nginx
x-timer: S1709000094.868844,VS0,VE110
etag: W/"6406263a-1f6"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 6f9d3bed-6136-11ee-8a29-2eeda6c80640
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 02 Oct 2024 15:14:52 GMT

GET
H2 200 css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 5 KB
2 KB 147ms
146ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 313, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17720
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-78789f5ddb-q4rn6
content-length: 2091
x-served-by: cache-chi-klot8100170-CHI, cache-chi-kigq8000083-CHI, cache-fra-etou8220109-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:47 GMT
server: nginx
x-timer: S1709000094.868526,VS0,VE111
etag: W/"64062653-1218"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: a28765ea-a864-11ee-9850-52c5336c7e54
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 01 Jan 2025 05:14:27 GMT

GET
H2 200 css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 128 B
456 B 161ms
159ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 864, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-768586b58-wrt8p
content-length: 118
x-served-by: cache-chi-kigq8000142-CHI, cache-chi-klot8100077-CHI, cache-fra-etou8220101-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:30 GMT
server: nginx
x-timer: S1709000094.868617,VS0,VE126
etag: W/"64062642-80"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 532f324d-d410-11ee-a301-ca99ffe66afb
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 19:01:47 GMT

GET
H2 200 css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 203 B
468 B 143ms
142ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 741, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-fnp6p
content-length: 137
x-served-by: cache-chi-kigq8000029-CHI, cache-chi-klot8100062-CHI, cache-fra-etou8220109-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:55:40 GMT
server: nginx
x-timer: S1709000094.868441,VS0,VE108
etag: W/"6406291c-cb"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: aa62bf22-cc7e-11ee-8708-4e2188fbaee6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 16 Feb 2025 03:51:29 GMT

GET
H2 200 css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 99 B
436 B 150ms
149ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 735, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-5cbc988cb-ns76b
content-length: 100
x-served-by: cache-chi-klot8100037-CHI, cache-chi-kigq8000131-CHI, cache-fra-eddf8230083-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:55:40 GMT
server: nginx
x-timer: S1709000094.868512,VS0,VE113
etag: W/"6406291c-63"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: e01e1e0c-5c29-11ee-95b6-e2fe7f471e9f
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 26 Sep 2024 05:02:21 GMT

GET
H2 200 css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 493 KB
118 KB 151ms
150ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1376, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17750
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-86d66977b5-p8xp9
content-length: 120174
x-served-by: cache-chi-kigq8000161-CHI, cache-chi-kigq8000144-CHI, cache-fra-eddf8230033-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 31 May 2023 20:05:18 GMT
server: nginx
x-timer: S1709000094.868432,VS0,VE114
etag: W/"6477a87e-7b4f7"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 18d01218-5638-11ee-b317-eeb9918916c4
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 18 Sep 2024 15:29:02 GMT

GET
H2 200 css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__80VGyxVhXWGiyeQZt7nKqWtwL_miYRRtgTnlscUSjWs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 2 MB
299 KB 155ms
154ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__80VGyxVhXWGiyeQZt7nKqWtwL_miYRRtgTnlscUSjWs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

90b41e5c93d136dda77253ebb712fcaf85519080d23325dc52e5950066dcbf8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-768586b58-6h2z9
content-length: 305633
x-served-by: cache-chi-klot8100142-CHI, cache-chi-klot8100045-CHI, cache-fra-eddf8230076-FRA, cache-fra-eddf8230110-FRA
last-modified: Thu, 22 Feb 2024 14:17:36 GMT
server: nginx
x-timer: S1709000094.868440,VS0,VE120
etag: W/"65d75780-1f502d"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: f9468985-d4b8-11ee-a453-4e1dfad0263a
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 15:09:01 GMT

GET
H2 200 forcepoint.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 2 KB
1 KB 153ms
152ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/forcepoint.svg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1908, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-5rvs4
content-length: 783
x-served-by: cache-chi-klot8100133-CHI, cache-chi-klot8100133-CHI, cache-fra-eddf8230071-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 26 Feb 2024 01:22:57 GMT
server: nginx
x-timer: S1709000094.868817,VS0,VE118
etag: W/"65dbe7f1-6ad"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: ab50aa90-d4ec-11ee-a6b7-6a38df13e094
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:04 GMT

GET
H2 200 about_us_0.svg
www.forcepoint.com/sites/default/files/ 2 KB
1 KB 151ms
150ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/about_us_0.svg?itok=3xrS9jXe

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1324, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-8466695d9f-zsm6w
content-length: 866
x-served-by: cache-chi-kigq8000102-CHI, cache-chi-kigq8000102-CHI, cache-fra-eddf8230069-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:53:36 GMT
server: nginx
x-timer: S1709000094.868357,VS0,VE116
etag: W/"652fc740-76e"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 00ae430f-6dad-11ee-98c4-b2833923a796
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 11:53:50 GMT

GET
H2 200 our_approach_0.svg
www.forcepoint.com/sites/default/files/ 3 KB
1 KB 145ms
132ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/our_approach_0.svg?itok=XjvgKmGS

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1326, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-vglvx
content-length: 1012
x-served-by: cache-chi-klot8100030-CHI, cache-chi-klot8100030-CHI, cache-fra-eddf8230098-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:53:58 GMT
server: nginx
x-timer: S1709000094.878757,VS0,VE111
etag: W/"652fc756-a97"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: efbfda87-c3da-11ee-aeca-6e308abf6ab1
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 05 Feb 2025 03:59:18 GMT

GET
H2 200 our_customers_0.svg
www.forcepoint.com/sites/default/files/ 2 KB
1 KB 140ms
127ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/our_customers_0.svg?itok=pljm0BZO

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1321, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-78789f5ddb-d5gfx
content-length: 913
x-served-by: cache-chi-kigq8000025-CHI, cache-chi-kigq8000025-CHI, cache-fra-eddf8230094-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:54:19 GMT
server: nginx
x-timer: S1709000094.878764,VS0,VE109
etag: W/"652fc76b-9af"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: ffe06b0f-a1b4-11ee-8396-d22db1a8beb6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 23 Dec 2024 17:02:05 GMT

GET
H2 200 fp_one_icon_0.svg
www.forcepoint.com/sites/default/files/ 1 KB
1 KB 148ms
137ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/fp_one_icon_0.svg?itok=eKi29PlI

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1322, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-zjm2q
content-length: 725
x-served-by: cache-chi-kigq8000174-CHI, cache-chi-kigq8000174-CHI, cache-fra-eddf8230135-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:35:43 GMT
server: nginx
x-timer: S1709000094.891646,VS0,VE106
etag: W/"652fc30f-5ed"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 95480b8d-6daa-11ee-922a-f6544157d242
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 11:36:31 GMT

GET
H2 200 fp_one_icon-hover_0.svg
www.forcepoint.com/sites/default/files/ 1 KB
1 KB 166ms
154ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/fp_one_icon-hover_0.svg?itok=ecRnPBsZ

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1316, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-8466695d9f-zsm6w
content-length: 737
x-served-by: cache-chi-klot8100104-CHI, cache-chi-klot8100104-CHI, cache-fra-etou8220092-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:35:50 GMT
server: nginx
x-timer: S1709000094.892775,VS0,VE110
etag: W/"652fc316-5fb"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 954458af-6daa-11ee-98c4-b2833923a796
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 11:36:31 GMT

GET
H2 200 casb_0.svg
www.forcepoint.com/sites/default/files/ 1 KB
973 B 167ms
156ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/casb_0.svg?itok=RgNIGydh

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

95466f54e05aa0e66fb31d01cd96eef195e7f2f005ee35f21f41c38b2aac758f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1318, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-zjm2q
content-length: 702
x-served-by: cache-chi-kigq8000163-CHI, cache-chi-kigq8000163-CHI, cache-fra-eddf8230020-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:40:43 GMT
server: nginx
x-timer: S1709000094.891867,VS0,VE111
etag: W/"652fc43b-5bd"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 31989c52-6dab-11ee-922a-f6544157d242
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 11:40:53 GMT

GET
H2 200 ztna_0.svg
www.forcepoint.com/sites/default/files/ 4 KB
1 KB 164ms
154ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/ztna_0.svg?itok=cas6-JTf

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

42139af63a51353a5ebd189672677d738178e64fcf6f4cd66db3c009ada46386

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1326, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-zjm2q
content-length: 973
x-served-by: cache-chi-klot8100035-CHI, cache-chi-klot8100035-CHI, cache-fra-etou8220106-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:41:05 GMT
server: nginx
x-timer: S1709000094.891484,VS0,VE111
etag: W/"652fc451-f51"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 3fc913b2-6dab-11ee-922a-f6544157d242
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 11:41:17 GMT

GET
H2 200 swg_0.svg
www.forcepoint.com/sites/default/files/ 5 KB
2 KB 161ms
151ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/swg_0.svg?itok=WPDw6UKp

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

315a9c305e1926c48ac8da233a318ad97e847efdeda17656e4f3a1ec3baca916

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1320, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-8466695d9f-4ghbh
content-length: 1437
x-served-by: cache-chi-klot8100133-CHI, cache-chi-klot8100133-CHI, cache-fra-etou8220101-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:41:31 GMT
server: nginx
x-timer: S1709000094.891233,VS0,VE111
etag: W/"652fc46b-12ad"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 4d564778-6dab-11ee-9a25-46ec2dabab8a
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 11:41:39 GMT

GET
H2 200 dlp_0.svg
www.forcepoint.com/sites/default/files/ 1 KB
914 B 173ms
162ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/dlp_0.svg?itok=WmmjIIRu

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

db5ca58b27a83629cd3331e6bcf94831488c4f5656b1bc39fa6154b37921ac45

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1319, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-crgks
content-length: 554
x-served-by: cache-chi-klot8100081-CHI, cache-chi-klot8100081-CHI, cache-fra-eddf8230030-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:41:52 GMT
server: nginx
x-timer: S1709000094.892530,VS0,VE115
etag: W/"652fc480-4e3"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 5b9edfc9-6dab-11ee-aa27-eeb965297791
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 11:42:03 GMT

GET
H2 200 sd_wan_1.svg
www.forcepoint.com/sites/default/files/ 2 KB
1 KB 166ms
156ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/sd_wan_1.svg?itok=HvI13Jsz

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c7df1285277e150259e2352c0490924c2cc1f048e2899d8652ec17da6d0e9b50

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1323, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-8466695d9f-7kzsc
content-length: 841
x-served-by: cache-chi-klot8100148-CHI, cache-chi-klot8100148-CHI, cache-fra-etou8220052-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:45:13 GMT
server: nginx
x-timer: S1709000094.891238,VS0,VE112
etag: W/"652fc549-829"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: d200f1bc-6dab-11ee-8810-4a5fa7de18a2
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 11:45:22 GMT

GET
H2 200 enterprise_dlp_icon.svg
www.forcepoint.com/sites/default/files/ 2 KB
1 KB 175ms
164ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/enterprise_dlp_icon.svg?itok=nwHFOSac

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a56f2c1bfb78496d7e0497dd5c79dbf789c1b9ef3833d319e0d143650d041757

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1319, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-6t6pj
content-length: 896
x-served-by: cache-chi-kigq8000127-CHI, cache-chi-kigq8000127-CHI, cache-fra-eddf8230079-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:03:54 GMT
server: nginx
x-timer: S1709000094.891588,VS0,VE118
etag: W/"652fbb9a-8a1"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 12f97e6b-6da6-11ee-b9ce-22cb0e5727e5
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 11:04:14 GMT

GET
H2 200 enterprise_dlp_icon-hover_0.svg
www.forcepoint.com/sites/default/files/ 2 KB
1 KB 159ms
149ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/enterprise_dlp_icon-hover_0.svg?itok=5GckOGCw

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ad2064f58daf0c71dc4f1cd5c97ebe1a5fc1eae8cb6c6f75e5e0e696be1cb07d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1321, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-vglvx
content-length: 827
x-served-by: cache-chi-klot8100131-CHI, cache-chi-klot8100131-CHI, cache-fra-etou8220122-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:03:58 GMT
server: nginx
x-timer: S1709000094.891238,VS0,VE110
etag: W/"652fbb9e-7b0"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 6571da54-c884-11ee-a827-6e308abf6ab1
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 11 Feb 2025 02:22:25 GMT

GET
H2 200 data_visibility.svg
www.forcepoint.com/sites/default/files/ 2 KB
1002 B 153ms
143ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/data_visibility.svg?itok=QEg-acZX

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ceb7f847854cbb5e36829e45e1ed24bbd035cf2f333de9877f2f228253034eb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1323, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-kfk9k
content-length: 656
x-served-by: cache-chi-klot8100072-CHI, cache-chi-klot8100072-CHI, cache-fra-etou8220090-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:05:15 GMT
server: nginx
x-timer: S1709000094.891103,VS0,VE108
etag: W/"652fbbeb-6ba"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 3add6013-6da6-11ee-b778-eae9bcafece4
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 11:05:21 GMT

GET
H2 200 email_dlp.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 2 KB
2 KB 45ms
35ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/email_dlp.png?itok=OeroSzT_

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9c4fa79e01e7cbed31a72effd4fd2f86afbfa25199ab57925d2429fb37a0ae11

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 4, 680, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010216
age: 242693
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=2508 idim=50x50 ifmt=png ofsz=1872 odim=50x50 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-768586b58-wrt8p
content-length: 1872
x-served-by: cache-chi-klot8100120-CHI, cache-chi-kigq8000159-CHI, cache-fra-eddf8230079-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.891052,VS0,VE2
etag: "irPB7sv7wD/BBFtpWMeav75uKWjxeFDwNAWpd2rqKOY"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: ee3d2bea-d2e0-11ee-80f6-ca99ffe66afb
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 24 Feb 2025 06:50:00 GMT

GET
H2 200 data_classification.svg
www.forcepoint.com/sites/default/files/ 1 KB
811 B 160ms
150ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/data_classification.svg?itok=DNis0AQq

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9a5b4817923ddcf72a52cacaace5f31905defc508f06ee2f76a40c6b9f3441c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1323, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-vbc82
content-length: 441
x-served-by: cache-chi-klot8100092-CHI, cache-chi-klot8100092-CHI, cache-fra-eddf8230031-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:06:20 GMT
server: nginx
x-timer: S1709000094.892786,VS0,VE109
etag: W/"652fbc2c-447"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 88d2eef0-d45f-11ee-a81b-8e864566e8c9
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 04:28:47 GMT

GET
H2 200 risk_adaptive.svg
www.forcepoint.com/sites/default/files/ 875 B
680 B 171ms
161ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/risk_adaptive.svg?itok=D2OZgBkD

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

75de14e55fe4b7b7ee193c5f3c8a4447b8928c21354e28e194f0e89506f85e18

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1313, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-768586b58-zw74s
content-length: 410
x-served-by: cache-chi-kigq8000068-CHI, cache-chi-kigq8000068-CHI, cache-fra-eddf8230102-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:07:25 GMT
server: nginx
x-timer: S1709000094.891364,VS0,VE114
etag: W/"652fbc6d-36b"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 67b232ed-c215-11ee-a142-b647b6ce3c63
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 02 Feb 2025 21:52:48 GMT

GET
H2 200 css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
www.forcepoint.com/sites/default/files/advagg_css/ 6 KB
2 KB 149ms
139ms Stylesheet
text/css 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ee27e3cdc69e172aac4b82b3f20d30a2e9b8fc56e7154475292f0ce338b8a5a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 734, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-78789f5ddb-th96l
content-length: 1421
x-served-by: cache-chi-klot8100164-CHI, cache-chi-klot8100143-CHI, cache-fra-etou8220111-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 13 Dec 2023 14:23:28 GMT
server: nginx
x-timer: S1709000094.892031,VS0,VE105
etag: W/"6579be60-19a6"
vary: Accept-Encoding, orig-host
content-type: text/css
x-styx-req-id: 32e86c06-99c3-11ee-be22-a665a8a9a280
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 13 Dec 2024 14:23:34 GMT

GET
H2 200 ngfw_icon.svg
www.forcepoint.com/sites/default/files/ 3 KB
1 KB 169ms
159ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/ngfw_icon.svg?itok=zOEg6GW-

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9e364511ec9f9b84758e997b3f4492bb37b58219411647ca206e3e43daa685b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1319, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-5rvs4
content-length: 1025
x-served-by: cache-chi-klot8100073-CHI, cache-chi-klot8100073-CHI, cache-fra-etou8220036-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:18:23 GMT
server: nginx
x-timer: S1709000094.891559,VS0,VE113
etag: W/"652fbeff-ad1"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: f582662f-cde8-11ee-adda-6a38df13e094
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 17 Feb 2025 23:04:53 GMT

GET
H2 200 ngfw_icon-hover.svg
www.forcepoint.com/sites/default/files/ 4 KB
2 KB 161ms
152ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/ngfw_icon-hover.svg?itok=rmtfxbJN

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2e762e8da9e634ed25afc29890f55b60fa70da718945b14f106b402b00b445be

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1315, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-vbc82
content-length: 1776
x-served-by: cache-chi-kigq8000167-CHI, cache-chi-kigq8000167-CHI, cache-fra-etou8220056-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:18:33 GMT
server: nginx
x-timer: S1709000094.891867,VS0,VE110
etag: W/"652fbf09-1088"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 4be48e19-d448-11ee-a81b-8e864566e8c9
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 01:42:27 GMT

GET
H2 200 cross_domain_solution.svg
www.forcepoint.com/sites/default/files/ 2 KB
1 KB 162ms
153ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/cross_domain_solution.svg?itok=lUhjIfwx

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f12ed71bda9274dedc7c023f0bc8f1fd4d83ca512b1cce028d05a5e9dd6d71ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1318, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-m24kb
content-length: 691
x-served-by: cache-chi-klot8100045-CHI, cache-chi-klot8100045-CHI, cache-fra-eddf8230124-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:19:21 GMT
server: nginx
x-timer: S1709000094.891946,VS0,VE110
etag: W/"652fbf39-75f"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 348d4b88-6da8-11ee-8998-8a3fa4259494
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 11:19:29 GMT

GET
H2 200 sd_wan.svg
www.forcepoint.com/sites/default/files/ 2 KB
1 KB 169ms
160ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/sd_wan.svg?itok=pnOwb0ZT

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c7df1285277e150259e2352c0490924c2cc1f048e2899d8652ec17da6d0e9b50

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1315, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-kdpb7
content-length: 841
x-served-by: cache-chi-klot8100074-CHI, cache-chi-klot8100074-CHI, cache-fra-eddf8230111-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:20:46 GMT
server: nginx
x-timer: S1709000094.891247,VS0,VE114
etag: W/"652fbf8e-829"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 532a1463-c837-11ee-bc58-3607ecdbbea4
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 10 Feb 2025 17:10:43 GMT

GET
H2 200 zero_trust_cdr.svg
www.forcepoint.com/sites/default/files/ 1 KB
984 B 166ms
157ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/zero_trust_cdr.svg?itok=R8cwkadm

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

50f6481e8c65a0c9796497b33a24bf50a90a531fc3e1cc0dc019e2af14c8abef

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1314, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-sc865
content-length: 614
x-served-by: cache-chi-klot8100132-CHI, cache-chi-klot8100132-CHI, cache-fra-eddf8230118-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:21:17 GMT
server: nginx
x-timer: S1709000094.893020,VS0,VE110
etag: W/"652fbfad-5ba"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 79a4de02-6da8-11ee-ab8d-228bfac65d7e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 11:21:25 GMT

GET
H2 200 rbi.svg
www.forcepoint.com/sites/default/files/ 2 KB
1 KB 173ms
164ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/rbi.svg?itok=QEu-UiI0

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2775873de34599848dfcd2b6a5772d9ebb2cf56d0ba8df5925fe0b20b3c1cf50

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1316, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-8466695d9f-fm4xg
content-length: 859
x-served-by: cache-chi-klot8100176-CHI, cache-chi-klot8100176-CHI, cache-fra-eddf8230124-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 11:21:42 GMT
server: nginx
x-timer: S1709000094.892434,VS0,VE116
etag: W/"652fbfc6-87c"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 8bc8450c-72e5-11ee-ba9f-169583607588
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 25 Oct 2024 03:21:11 GMT

GET
H2 200 cyber_edu_icon.svg
www.forcepoint.com/sites/default/files/ 2 KB
1 KB 175ms
166ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/cyber_edu_icon.svg?itok=XXkKE01K

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1319, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-pfrnt
content-length: 813
x-served-by: cache-chi-klot8100127-CHI, cache-chi-klot8100127-CHI, cache-fra-etou8220058-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 12:02:27 GMT
server: nginx
x-timer: S1709000094.890924,VS0,VE119
etag: W/"652fc953-9a9"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 773def9d-c209-11ee-ad83-66046ae7d6f6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 02 Feb 2025 20:27:20 GMT

GET
H2 200 cyber_edu_icon-hover.svg
www.forcepoint.com/sites/default/files/ 3 KB
1 KB 150ms
141ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/cyber_edu_icon-hover.svg?itok=ymKcsOZ4

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2528d731c4e61e67f78982f202d1de7e6f7a234117b4d9c98325c27e33c6e1d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1307, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-8466695d9f-4ghbh
content-length: 869
x-served-by: cache-chi-kigq8000084-CHI, cache-chi-kigq8000084-CHI, cache-fra-etou8220083-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 18 Oct 2023 12:02:37 GMT
server: nginx
x-timer: S1709000094.891236,VS0,VE107
etag: W/"652fc95d-b0c"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 4266b026-6dae-11ee-9a25-46ec2dabab8a
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 18 Oct 2024 12:02:50 GMT

GET
H2 200 agent-tesla-header.jpg
www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/ 18 KB
22 KB 144ms
135ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/agent-tesla-header.jpg?itok=VJpFuk9p&timestamp=1708868891

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

465a0cb24dc5db7c3487f58e9ecca008e1f7989fd7cb3c20b37a7affe82a2923

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .fonts.net .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com .ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com .nr-data.net .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com .theadex.com .aumago.com .driftqa.com .scribblecdn.net .esg-global.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .clickagy.com .nimblestory.com .usemessages.com .stackadapt.com .googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net .w55c.net .demandbase.com .company-target.com .gstatic.com .tiqcdn.com .marketo.net .newrelic.com .facebook.net .ads-twitter.com .burly.io .bizographics.com .nr-data.net .licdn.com .tt.omtrdc.net .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com .ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com app.vwo.com .ubembed.com .driftt.com .vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com .adobe.com .consensu.org .bizible.com .theadex.com .aumago.com .zoominfo.com .clickagy.com .redditstatic.com .quantcount.com .g2crowd.com .steelhousemedia.com .scribblecdn.net .esg-global.com .6sc.co .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .jquery.com .google.com .hscollectedforms.net .jsdelivr.net .stackadapt.com .googlesyndication.com .simpleanalyticscdn.com; img-src data: ; font-src 'self' .google.com .googleadservices.com; connect-src 'self' .vwo.com .demdex.net .omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net .theadex.com .aumago.com .google-analytics.com .6sc.co .adnxs.com .vidyard.com .6sense.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com api.hubapi.com .hsforms.net .hsforms.com .s3.amazonaws.com .drift.com .clickagy.com .facebook.com .zoominfo.com geolocation-db.com cdn.linkedin.oribi.io .hubspot.com .hscollectedforms.net .stackadapt.com .google.com .googletagmanager.com .googleadservices.com google.com .googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 232, 0, 0
content-security-policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report
strict-transport-security: max-age=18410000; includeSubDomains; preload
x-content-type-options: nosniff
date: Tue, 27 Feb 2024 02:14:53 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
fastly-io-served-by: vpop-kiad7010228
age: 0
http_x_geo_region: DE-TH
x-cache: MISS, HIT, MISS, MISS
fastly-io-info: ifsz=22280 idim=1180x346 ifmt=jpeg ofsz=18506 odim=1180x346 ofmt=webp
from-origin: same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent: EU
fastly-stats: io=1
expires: Sun, 19 Nov 1978 05:00:00 GMT
content-length: 18506
x-xss-protection: 1
x-served-by: cache-chi-kigq8000097-CHI, cache-chi-klot8100112-CHI, cache-fra-eddf8230033-FRA, cache-fra-eddf8230110-FRA
referrer-policy: strict-origin-when-cross-origin
server: nginx
x-timer: S1709000094.890917,VS0,VE105
etag: "MmXdDc3oNkrRnWzpyyuzaDzQSyXvbq0Hvf7L7rNZxSo"
x-frame-options: SAMEORIGIN
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 8618d40f-d3e4-11ee-a6b7-6a38df13e094
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-drupal-cache: MISS
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-5rvs4

GET
H2 200 1-debit-credit.jpg
www.forcepoint.com/sites/default/files/ 29 KB
29 KB 52ms
44ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/1-debit-credit.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

dee914f6fd3d41a283ca466c8a80256a21039bd7fff4c6d758b2d492b216d44b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 13, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010229
age: 130428
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=70891 idim=1000x556 ifmt=jpeg ofsz=29210 odim=1000x556 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-5rvs4
content-length: 29210
x-served-by: cache-chi-klot8100164-CHI, cache-chi-kigq8000050-CHI, cache-fra-etou8220072-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.890903,VS0,VE3
etag: "V6Gl3Mf0LzmttiDcmTvbDgef8MtFCMlRO+7Ef+gLcio"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 51783d57-d3e6-11ee-a6b7-6a38df13e094
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 14:01:05 GMT

GET
H2 200 2-execution-chain.jpg
www.forcepoint.com/sites/default/files/ 8 KB
8 KB 74ms
65ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/2-execution-chain.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7c68d38dc1052a408c829d05cc96b9e045bd23fd3b6c76a748aef6269ec7940a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 14, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010212
age: 130208
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=35173 idim=1000x197 ifmt=jpeg ofsz=8022 odim=1000x197 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-768586b58-4rgl6
content-length: 8022
x-served-by: cache-chi-klot8100137-CHI, cache-chi-klot8100036-CHI, cache-fra-eddf8230100-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.890920,VS0,VE6
etag: "hY9wwgWxovXchWj/Ymcl8nFLu379U9YDYXaCkoXUmEI"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: d4d4b1e1-d3e6-11ee-8fa0-1203f0a6f01e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 14:04:46 GMT

GET
H2 200 3-pdfid.jpg
www.forcepoint.com/sites/default/files/ 18 KB
18 KB 73ms
65ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/3-pdfid.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ccdfd9e6afc4f259c5ffa50d3b74d7e6e75d3472749feab7b66b6e47001e596a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 14, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010249
age: 130104
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=55214 idim=400x502 ifmt=jpeg ofsz=18182 odim=400x502 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-5rvs4
content-length: 18182
x-served-by: cache-chi-klot8100105-CHI, cache-chi-kigq8000112-CHI, cache-fra-eddf8230135-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.892502,VS0,VE4
etag: "hAPt0E6tX8J5da93XXPdlba1OWHsLtmCiBL5QyCH250"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 1272cb75-d3e7-11ee-a6b7-6a38df13e094
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 14:06:29 GMT

GET
H2 200 4-obj-stm.jpg
www.forcepoint.com/sites/default/files/ 59 KB
60 KB 52ms
44ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/4-obj-stm.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

df8242b103d403abcb126c10014b060b0bf91c3be337a7767f4c3b365cb3b35d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 14, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010250
age: 129959
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=162653 idim=1000x681 ifmt=jpeg ofsz=60734 odim=1000x681 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-768586b58-wrt8p
content-length: 60734
x-served-by: cache-chi-klot8100099-CHI, cache-chi-kigq8000090-CHI, cache-fra-etou8220133-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.890896,VS0,VE3
etag: "3GJrOp/pxxsGYXwnHPq2RumN8a1vNwIqzHbHjchQB2I"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 6924e54b-d3e7-11ee-80f6-ca99ffe66afb
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 14:08:55 GMT

GET
H2 200 5-pdfstream.jpg
www.forcepoint.com/sites/default/files/ 115 KB
115 KB 76ms
68ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/5-pdfstream.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

678282fe511fe174839ebaa6b0443c44c6045fdb7f07ae94b1962d3b4c8cc028

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 14, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010228
age: 129650
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=256040 idim=1000x482 ifmt=jpeg ofsz=117630 odim=1000x482 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-c6tk9
content-length: 117630
x-served-by: cache-chi-klot8100121-CHI, cache-chi-klot8100024-CHI, cache-fra-eddf8230060-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.891563,VS0,VE21
etag: "qOPpdqN44jgQYNqhqOYA2X8MXV0XqqHpEv/zN4KPDyc"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 20db1d2b-d3e8-11ee-b347-f63639400a04
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 14:14:03 GMT

GET
H2 200 6-pdf-payload.jpg
www.forcepoint.com/sites/default/files/ 3 KB
4 KB 73ms
65ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/6-pdf-payload.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7123839f84e1cfb8c2d48c80f74d72746c67f9f6c2b7140f24e78e4671f543cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 14, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010216
age: 110163
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=15467 idim=800x303 ifmt=jpeg ofsz=3496 odim=800x303 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-768586b58-wrt8p
content-length: 3496
x-served-by: cache-chi-kigq8000073-CHI, cache-chi-kigq8000150-CHI, cache-fra-etou8220086-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.891923,VS0,VE4
etag: "FvEBYF56q7q0GVnGItBWCD9xc6uTH4VPZ89vsBmPeM8"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 804f6a03-d415-11ee-a301-ca99ffe66afb
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 19:38:50 GMT

GET
H2 200 6.5-pdf-payload-2.jpg
www.forcepoint.com/sites/default/files/ 3 KB
3 KB 53ms
45ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/6.5-pdf-payload-2.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

88bfa92647e210d30edb16c62740b6472e03715265e5af3b8a5256b104c8d4f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 14, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010227
age: 110084
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=15447 idim=800x605 ifmt=jpeg ofsz=3032 odim=800x605 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-c6tk9
content-length: 3032
x-served-by: cache-chi-kigq8000172-CHI, cache-chi-kigq8000142-CHI, cache-fra-etou8220136-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.890881,VS0,VE4
etag: "IEmCDydyynJ2Z32zOBhhd3VVW+dQTfcCLH27S8D2o8c"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: af160020-d415-11ee-b347-f63639400a04
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 19:40:09 GMT

GET
H2 200 7-javascript.jpg
www.forcepoint.com/sites/default/files/ 98 KB
98 KB 47ms
39ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/7-javascript.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

aefac767f2617c338018cbca3022e5ced47b461d4cea1b93f462012d9be3e25e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 40, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010248
age: 109051
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=182280 idim=1000x413 ifmt=jpeg ofsz=100140 odim=1000x413 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-vbc82
content-length: 100140
x-served-by: cache-chi-kigq8000095-CHI, cache-chi-klot8100150-CHI, cache-fra-eddf8230119-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.890842,VS0,VE3
etag: "Boc3+H+VdYCC/s559P9mCzc9iJJ+CLKc61ymSvNJTBI"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 16d0ab57-d418-11ee-a81b-8e864566e8c9
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 19:57:22 GMT

GET
H2 200 8-javascript-2.jpg
www.forcepoint.com/sites/default/files/ 12 KB
13 KB 72ms
65ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/8-javascript-2.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

bca91955ee23429e0c104b6ceee2945744c3709dddb56962d439b7965fa9fcee

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 14, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010231
age: 108856
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=33508 idim=1000x333 ifmt=jpeg ofsz=12554 odim=1000x333 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-c6tk9
content-length: 12554
x-served-by: cache-chi-kigq8000058-CHI, cache-chi-kigq8000168-CHI, cache-fra-eddf8230086-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.892219,VS0,VE4
etag: "AfK3AozsIf+9wJmTZ/D4H4JNhO4kPfN4WW5FjtYKjXc"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 8b23b65e-d418-11ee-b347-f63639400a04
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 20:00:37 GMT

GET
H2 200 9-dll-payload.jpg
www.forcepoint.com/sites/default/files/ 73 KB
73 KB 52ms
45ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/9-dll-payload.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fbd4b88f230a49ad700e5827908134073effe5f14f95df36861d00590441d74b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 14, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010246
age: 108490
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=143072 idim=1000x433 ifmt=jpeg ofsz=74304 odim=1000x433 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-768586b58-zxh75
content-length: 74304
x-served-by: cache-chi-kigq8000090-CHI, cache-chi-kigq8000020-CHI, cache-fra-etou8220127-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.891247,VS0,VE3
etag: "4LSPYdB2KRdYnEZTODr3n685YCxbqvalzGuAo0J/Bf0"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 656bce38-d419-11ee-8c3e-0606ae8e85e6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 20:06:43 GMT

GET
H2 200 10-dll-payload-2.jpg
www.forcepoint.com/sites/default/files/ 29 KB
30 KB 52ms
44ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/10-dll-payload-2.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

018992119d8ab2421aef851b71a4f09704eb5fea950b795061f25f5a303fe775

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 14, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010215
age: 108453
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=71768 idim=1000x430 ifmt=jpeg ofsz=29954 odim=1000x430 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-vbc82
content-length: 29954
x-served-by: cache-chi-klot8100031-CHI, cache-chi-kigq8000121-CHI, cache-fra-etou8220135-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.890912,VS0,VE3
etag: "7eQkWgtLhKDfZsxWk9jPdUVMhPxBHmspQN06ji5SC68"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 7b93e8f5-d419-11ee-a81b-8e864566e8c9
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 20:07:20 GMT

GET
H2 200 11-dll-payload-3.jpg
www.forcepoint.com/sites/default/files/ 34 KB
34 KB 90ms
83ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/11-dll-payload-3.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f9afd06c5076351f2ab27705cb125c0d0e38985509ea93ec1d58a41f88f09513

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 14, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010250
age: 108401
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=87100 idim=1000x472 ifmt=jpeg ofsz=34658 odim=1000x472 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-768586b58-zhqhj
content-length: 34658
x-served-by: cache-chi-klot8100063-CHI, cache-chi-klot8100032-CHI, cache-fra-etou8220123-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.892049,VS0,VE41
etag: "P9jWB2uIP0QJ/8UQbCQoDiDrhMS6SvGcK2iMCjgoZeI"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 9a553d6e-d419-11ee-b650-723b1627109e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 20:08:12 GMT

GET
H2 200 12-dll-payload-4.jpg
www.forcepoint.com/sites/default/files/ 29 KB
30 KB 51ms
43ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/12-dll-payload-4.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4a73f4a5ac2af872f8d64915dc379db465753f32993d9afc0a42cd14f98c76e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 14, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010251
age: 108073
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=77296 idim=1000x611 ifmt=jpeg ofsz=30078 odim=1000x611 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-768586b58-zxh75
content-length: 30078
x-served-by: cache-chi-kigq8000067-CHI, cache-chi-kigq8000082-CHI, cache-fra-eddf8230045-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.890610,VS0,VE3
etag: "fNe6jMZHyecC591Whn9x9VErpxx4axy5o/MFj/3KXew"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 5dc15a14-d41a-11ee-8c3e-0606ae8e85e6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 20:13:40 GMT

GET
H2 200 placeholder_image.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 34 B
360 B 42ms
34ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/placeholder_image.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 23, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 650807
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=1272 idim=20x20 ifmt=png ofsz=34 odim=20x20 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-65d46855f6-fvs96
content-length: 34
x-served-by: cache-chi-klot8100035-CHI, cache-chi-kigq8000110-CHI, cache-fra-etou8220055-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.890599,VS0,VE2
etag: "1Cw1g26qcqy/qXiETpkqMbr8ayhbr57dIxJ0jC+RrrE"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 55de4888-4027-11ee-acfc-2ea97a8f8c9e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 21 Aug 2024 13:33:38 GMT

GET
H2 200 taiwan-attack-hero.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/ 20 KB
21 KB 43ms
36ms Image
image/jpeg 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/taiwan-attack-hero.jpg?itok=nAlR5_U1&timestamp=1704304864

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3c038194973d40a7f2f1c0d1a000310a468a5325a30c74f0e85238ec0770e15d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 23, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010229
age: 1916363
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=20766 idim=570x270 ifmt=jpeg ofsz=20766 odim=570x270 ofmt=jpeg
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-68b948c8df-zfphv
content-length: 20766
fastly-io-warning: Failed to shrink image
x-served-by: cache-chi-klot8100073-CHI, cache-chi-klot8100163-CHI, cache-fra-etou8220095-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.890585,VS0,VE3
etag: "I6DO4UOrb3PmPkdUSyvf55T7tlrdOAdnPc4+HW/8JnU"
vary: Accept, orig-host
content-type: image/jpeg
x-styx-req-id: 7c1e5d92-bcb3-11ee-8679-6af4876059ab
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 27 Jan 2025 01:29:16 GMT

GET
H2 200 future_insights_2024_blog_image-prediction_5_20nov2023_3.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/ 25 KB
25 KB 74ms
68ms Image
image/jpeg 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/future_insights_2024_blog_image-prediction_5_20nov2023_3.jpg?itok=uBnMDyXs&timestamp=1701049351

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

13b83d15b9225245fe9584f868e9b545def866ac08a3487354a493ce44cce428

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1, 72, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
fastly-io-served-by: vpop-kiad7010210
age: 2524850
http_x_geo_region: DE-TH
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=25438 idim=570x270 ifmt=jpeg ofsz=25438 odim=570x270 ofmt=jpeg
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-78789f5ddb-t4lmm
content-length: 25438
fastly-io-warning: Failed to shrink image
x-served-by: cache-chi-kigq8000083-CHI, cache-chi-klot8100028-CHI, cache-fra-etou8220028-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.890562,VS0,VE21
etag: "L1aXE3L14Q79cSV9bSZkfgLnWoXhWQntg6bozSohluI"
vary: Accept, orig-host
content-type: image/jpeg
x-styx-req-id: 9baa583f-aa0b-11ee-8372-0ee66b03a2a1
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 03 Jan 2025 07:42:12 GMT

GET
H2 200 agent-tesla-header.jpg
www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/ 2 KB
5 KB 168ms
161ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/agent-tesla-header.jpg?itok=RExACoYA

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

59a68a5a40d1eec0caec75da57fd268c088add71617643f0e3f17b2ca9ef0cbc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .fonts.net .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com .ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com .nr-data.net .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com .theadex.com .aumago.com .driftqa.com .scribblecdn.net .esg-global.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .clickagy.com .nimblestory.com .usemessages.com .stackadapt.com .googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net .w55c.net .demandbase.com .company-target.com .gstatic.com .tiqcdn.com .marketo.net .newrelic.com .facebook.net .ads-twitter.com .burly.io .bizographics.com .nr-data.net .licdn.com .tt.omtrdc.net .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com .ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com app.vwo.com .ubembed.com .driftt.com .vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com .adobe.com .consensu.org .bizible.com .theadex.com .aumago.com .zoominfo.com .clickagy.com .redditstatic.com .quantcount.com .g2crowd.com .steelhousemedia.com .scribblecdn.net .esg-global.com .6sc.co .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .jquery.com .google.com .hscollectedforms.net .jsdelivr.net .stackadapt.com .googlesyndication.com .simpleanalyticscdn.com; img-src data: ; font-src 'self' .google.com .googleadservices.com; connect-src 'self' .vwo.com .demdex.net .omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net .theadex.com .aumago.com .google-analytics.com .6sc.co .adnxs.com .vidyard.com .6sense.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com api.hubapi.com .hsforms.net .hsforms.com .s3.amazonaws.com .drift.com .clickagy.com .facebook.com .zoominfo.com geolocation-db.com cdn.linkedin.oribi.io .hubspot.com .hscollectedforms.net .stackadapt.com .google.com .googletagmanager.com .googleadservices.com google.com .googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 7298, 0, 0
content-security-policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report
strict-transport-security: max-age=18410000; includeSubDomains; preload
x-content-type-options: nosniff
date: Tue, 27 Feb 2024 02:14:54 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
fastly-io-served-by: vpop-kiad7010217
age: 0
http_x_geo_region: DE-TH
x-cache: MISS, HIT, MISS, MISS
fastly-io-info: ifsz=2057 idim=199x111 ifmt=jpeg ofsz=1570 odim=199x111 ofmt=webp
from-origin: same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent: EU
fastly-stats: io=1
expires: Sun, 19 Nov 1978 05:00:00 GMT
content-length: 1570
x-xss-protection: 1
x-served-by: cache-chi-kigq8000113-CHI, cache-chi-klot8100046-CHI, cache-fra-etou8220030-FRA, cache-fra-eddf8230110-FRA
referrer-policy: strict-origin-when-cross-origin
server: nginx
x-timer: S1709000094.890552,VS0,VE115
etag: "v8la9idEGd69K5f+DBrGx8lTRM/Mr80UK2dEN+oZKGk"
x-frame-options: SAMEORIGIN
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 93e11051-d4a4-11ee-a453-4e1dfad0263a
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-drupal-cache: MISS
x-pantheon-styx-hostname: styx-fe3-a-768586b58-6h2z9

GET
H2 200 jquery-3.6.4.min.js Show response
code.jquery.com/ 88 KB
31 KB 90ms
22ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.4.min.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 02:14:53 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 14197894
x-cache: HIT, HIT
content-length: 31011
x-served-by: cache-lga21953-LGA, cache-fra-etou8220115-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1709000094.942337,VS0,VE0
etag: W/"28feccc0-15ec3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 133, 7545

GET
H2 200 jquery-migrate.min.js Show response
cdn.jsdelivr.net/npm/jquery-migrate@3.4.1/dist/ 13 KB
5 KB 84ms
31ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery-migrate@3.4.1/dist/jquery-migrate.min.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 02:14:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7864042
x-jsd-version: 3.4.1
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230084-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"3534-NFnzHKz0zt9oGLUq83IVXde7nEQ"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AZc8IO8VxAKuYZCclGU30WMaWUobI7BAaAdP9aJ5S6oHh0qmHza6zHQsoK5pipElCS2apnmWq8fwnyFhbYmVE%2BsQK%2Bas1nR958IWabP%2B0qOUPuUFnvYeErucWTumEckbQzOjBHZiOMnhe9wFdoo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 85bceabb0fe12bd2-FRA

GET
H2 200 jquery-ui.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/ 249 KB
56 KB 86ms
33ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 02:14:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 868990
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 56990
last-modified: Fri, 29 Jul 2022 20:40:53 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "62e445d5-de9e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uh3r5lzDzgIOemRfePd9dKnv%2BgfNQtc28ZWLReMzgmQi4k3Cglmo4uaem53faM4EMAH98ljBthJxB9HIrhl%2F%2BGAub2lWjQdV%2FpZdkIbsZknP8GpyI%2BSPBhaSV0QvXfNDPSlB5oIgyQwWZ%2Fs3ryGmVCO2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 85bceabb09802ba2-FRA
expires: Sun, 16 Feb 2025 02:14:53 GMT

GET
H2 200 jquery.cookie.js Show response
cdn.jsdelivr.net/gh/carhartl/jquery-cookie@1.4.1/ 3 KB
2 KB 82ms
29ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/carhartl/jquery-cookie@1.4.1/jquery.cookie.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 02:14:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7669032
x-jsd-version: 1.4.1
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230094-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RBH6evjmkyIAn4ois%2FkQcpuAL6Z1wDOIsW2sCrK8%2BgLP1nbibV7iQosaopY%2B4iRJJrnDz9vMr%2FBdNUzydcwQjAtEuTAcuiKufVtr2QY8zxQLuJrOtOIOILfa60PRT2iVig7e5nkFffMwb6107mU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 85bceabb0fe22bd2-FRA

GET
H2 200 jquery.form.min.js Show response
cdn.jsdelivr.net/gh/jquery-form/form@4.3.0/dist/ 17 KB
7 KB 83ms
30ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/jquery-form/form@4.3.0/dist/jquery.form.min.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 02:14:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7864008
x-jsd-version: 4.3.0
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230123-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"42c6-Un0kth16nDganBgYV2qMDm0qpvQ"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1BXG4%2B47Dk7%2FAVDtV77bnvf520NlGD8AGPX8bv47NGtCSymvfTQVvIAYH3YVumQNXWzO9uQRtEvcwSsbDzu9b9pggmrc9fhsGrC%2Bg5XO8HuM9nsYKCDWSXsKPws6GRCzpoGJfx3wkQTAZPR5wjY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 85bceabb0fe32bd2-FRA

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/ 2 KB
1 KB 219ms
127ms Script
application/javascript 2600:9000:235a:d000:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:d000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 19cdc4ed4878e039b0232e6e08162b9561193153606be4ce02c68afbd08ed60c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id: HH1Nl9wA85cdc6CDXAnS6ZjwHVuk1DP6
content-encoding: br
via: 1.1 ccd3e547bd5d86bbfbaca15b4307ce70.cloudfront.net (CloudFront)
date: Tue, 27 Feb 2024 02:14:55 GMT
last-modified: Mon, 19 Feb 2024 15:27:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
etag: W/"c3a03af48ce479213db38e359f3db9a0"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=300
x-amz-cf-id: 9zWJulENdz33j-nqPWkMrTP6__yzXXxc5Rypg7unSbQ_cUq8MARbIA==

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 481 KB
154 KB 367ms
301ms Script
application/javascript 2606:4700::6810:8bce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9fffc4e58b892d9569c242e62f2e7c032e94f92e1b812837a1773d7cbb06e02a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4769/bundles/project-v2.js&cfRay=85bceabb2c038ff8-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"a39aaae2e297abfe7761916b638e014f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4769/bundles/project-v2.js
date: Tue, 27 Feb 2024 02:14:54 GMT
x-amz-version-id: EFcGwi45gPEUwCGwtGM_57ejYhjqm.aE
via: 1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 9ae8377d-cbdc-4bde-a85f-a0702a2dcabb
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9ae8377d-cbdc-4bde-a85f-a0702a2dcabb
last-modified: Fri, 23 Feb 2024 09:24:09 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XnUJMgVZ8fxnyNbXvTNssaRIGA9kg0kEZDNTQZ75BRaoXX89k5OHyHAKHCNa6KUul8Fm3czoxaJo70n23hzJFROPr3S9mUcMJO0KqTIPgQ%2BOYxgpATugbv8v%2BKqqBwfDhTW5dmMFPwVjzjQf"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-576f9d768-hflwq
cf-ray: 85bceabb2c038ff8-FRA
x-amz-cf-id: 8ZWfW3HVFXiBZYL5g32rjsHp0zeOFplxa8SQqNFTTWPEHQrBndnWvg==

GET
H2 200 js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 11 KB
5 KB 163ms
158ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e7e02c8510e5cdcf18b17c36aab04ff6867e018178fe5594aa9c1fb40f252838

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 791, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68b948c8df-lrphv
content-length: 4874
x-served-by: cache-chi-kigq8000131-CHI, cache-chi-klot8100040-CHI, cache-fra-eddf8230063-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:24 GMT
server: nginx
x-timer: S1709000094.890598,VS0,VE114
etag: W/"6406263c-2a52"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: ffc2d41b-b239-11ee-b3d9-8ac6f643d138
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 13 Jan 2025 17:34:26 GMT

GET
H2 200 js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 13 KB
5 KB 149ms
144ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2d6c54b4b4a8eaee36561dea258e5b8de817e8001f049b785dec91199a1d41db

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1393, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-65d7dffcdb-4gzm7
content-length: 4853
x-served-by: cache-chi-klot8100147-CHI, cache-chi-klot8100157-CHI, cache-fra-etou8220083-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 06 Dec 2023 14:48:25 GMT
server: nginx
x-timer: S1709000094.890518,VS0,VE109
etag: W/"657089b9-343a"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 843ad66c-9446-11ee-81ef-ee6151816431
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 06 Dec 2024 14:48:28 GMT

GET
H2 200 js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 548 B
640 B 146ms
140ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0afb763c1de6f6fbc5f775e18225ab96ced3818b62a597b7bac98d3fa29f3f23

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 792, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-xxqnh
content-length: 294
x-served-by: cache-chi-klot8100141-CHI, cache-chi-kigq8000062-CHI, cache-fra-eddf8230092-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:23 GMT
server: nginx
x-timer: S1709000094.890506,VS0,VE107
etag: W/"6406263b-224"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 0c221523-673b-11ee-8d93-6a328032ef0d
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 10 Oct 2024 07:02:59 GMT

GET
H2 200 js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 27 KB
8 KB 170ms
165ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7c38acd92ae6bde95f3f8108a03252fffb82ccd6abea48e29ea0b7f365297287

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1195, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-9m4g9
content-length: 7980
x-served-by: cache-chi-kigq8000022-CHI, cache-chi-klot8100073-CHI, cache-fra-etou8220121-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:26 GMT
server: nginx
x-timer: S1709000094.890514,VS0,VE119
etag: W/"6406263e-6d76"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 39d6f213-628a-11ee-83a0-ba44389d6db1
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Oct 2024 07:47:11 GMT

GET
H2 200 js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 22 KB
8 KB 148ms
142ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

26be2c4cd498798df8895f91aacf2b8ffc5bd02686c4f695b081987fbe12c8c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 714, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-5ff98d754f-5cf4b
content-length: 7765
x-served-by: cache-chi-klot8100140-CHI, cache-chi-kigq8000094-CHI, cache-fra-etou8220052-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:53 GMT
server: nginx
x-timer: S1709000094.892264,VS0,VE106
etag: W/"64062659-59a4"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 402f91a9-c196-11ee-a3ef-76f41b23cf7e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 02 Feb 2025 06:42:36 GMT

GET
H2 200 js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 3 KB
2 KB 164ms
159ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

aae32b2bc7f6bc3224ccd8e50e4b9b5e740ef619fa66e7c75b9fb135470f45d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1238, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-768586b58-zt5rm
content-length: 1275
x-served-by: cache-chi-kigq8000138-CHI, cache-chi-klot8100049-CHI, cache-fra-etou8220133-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 31 Jan 2024 14:35:14 GMT
server: nginx
x-timer: S1709000094.892255,VS0,VE113
etag: W/"65ba5aa2-a4e"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 64e4b06d-c7ce-11ee-ac71-daaca32af5c3
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 10 Feb 2025 04:39:36 GMT

GET
H2 200 js__NNwpmEpC8JVN9o5mIVcqmVFWE2Wlvz8PDDqjOgHQW7E__Fmhc_sYxYs7J1zC8fFtGDqTwoHpMVrdrys64INBGbz8__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 24 KB
9 KB 151ms
146ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__NNwpmEpC8JVN9o5mIVcqmVFWE2Wlvz8PDDqjOgHQW7E__Fmhc_sYxYs7J1zC8fFtGDqTwoHpMVrdrys64INBGbz8__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

33b128756a04391f0db5eb0002fc1d19d63bb5739cfa4a81004d995bf0624550

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 591, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68b948c8df-rw4ql
content-length: 8875
x-served-by: cache-chi-kigq8000092-CHI, cache-chi-kigq8000088-CHI, cache-fra-eddf8230133-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 22 Nov 2023 14:48:29 GMT
server: nginx
x-timer: S1709000094.893299,VS0,VE107
etag: W/"655e14bd-618f"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 08205b05-b1ac-11ee-8822-0a05e7c31cf5
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 13 Jan 2025 00:38:12 GMT

GET
H2 200 js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 711 B
701 B 168ms
163ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0370218a5b3b2dd0fafe99389e5c792eba8f07d4ef1959ccbaf023692e9ce25a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1090, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-f9d8bf5c4-mxq9f
content-length: 306
x-served-by: cache-chi-kigq8000155-CHI, cache-chi-kigq8000158-CHI, cache-fra-eddf8230078-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:37 GMT
server: nginx
x-timer: S1709000094.893551,VS0,VE114
etag: W/"64062649-2c7"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 79b8ce59-627d-11ee-af0c-7ae92eee0f34
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Oct 2024 06:15:54 GMT

GET
H2 200 js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 799 B
815 B 153ms
148ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

809bf772861d5903dcd978e3712a6d2934cc4c74961358159ece9d1442c41eda

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 743, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-rbnkp
content-length: 428
x-served-by: cache-chi-klot8100133-CHI, cache-chi-kigq8000026-CHI, cache-fra-etou8220126-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 15 Nov 2023 13:09:20 GMT
server: nginx
x-timer: S1709000094.893798,VS0,VE108
etag: W/"6554c300-31f"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: b29009cf-c6fe-11ee-b831-72b297b8f700
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 09 Feb 2025 03:52:51 GMT

GET
H2 200 js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 981 B
739 B 159ms
154ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7277aa6992f8d84c899d9677fe5624ad79d80bdf298ddd5a2d0dd27b0a28041b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1374, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-5rvs4
content-length: 451
x-served-by: cache-chi-klot8100054-CHI, cache-chi-kigq8000098-CHI, cache-fra-eddf8230031-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 23 Oct 2023 16:45:57 GMT
server: nginx
x-timer: S1709000094.893576,VS0,VE109
etag: W/"6536a345-3d5"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 2f321c63-d18d-11ee-a6b7-6a38df13e094
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 22 Feb 2025 14:18:00 GMT

GET
H2 200 js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__rRK7VaPHDuU2nK9lSh5JWYQ1DIepSoERX2lnMd-nDtE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 3 KB
2 KB 150ms
146ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__rRK7VaPHDuU2nK9lSh5JWYQ1DIepSoERX2lnMd-nDtE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

98045ab7e2e6704bd550c8d95bda096ec31398b1cefb1c222adf8c2715694c50

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1361, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-5rvs4
content-length: 1515
x-served-by: cache-chi-klot8100129-CHI, cache-chi-kigq8000130-CHI, cache-fra-eddf8230120-FRA, cache-fra-eddf8230110-FRA
last-modified: Thu, 22 Feb 2024 14:15:44 GMT
server: nginx
x-timer: S1709000094.892735,VS0,VE107
etag: W/"65d75710-d5a"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 22055537-d18d-11ee-a6b7-6a38df13e094
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 22 Feb 2025 14:17:38 GMT

GET
H2 200 js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 32 KB
14 KB 142ms
138ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2609e47af9b5fd41bcc697b9545be93106f378abde6263e1ca3394420121770f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 737, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:53 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-5cbc988cb-rwfbz
content-length: 14179
x-served-by: cache-chi-klot8100060-CHI, cache-chi-kigq8000071-CHI, cache-fra-etou8220075-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:30 GMT
server: nginx
x-timer: S1709000094.892087,VS0,VE105
etag: W/"64062642-81ba"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 0779039f-5c48-11ee-9618-76465eb2d399
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 26 Sep 2024 08:38:12 GMT

GET
H2 200 js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__5t1bwuf_6UapbfBl8BVgxkNe2IwCFG2FnD40d8mFKKc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 5 KB
2 KB 152ms
147ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__5t1bwuf_6UapbfBl8BVgxkNe2IwCFG2FnD40d8mFKKc__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0b7943307c6a7d7f4d6008a4746a25fd1bb56da6280123ede2e5ba8013d95527

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1337, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6cbc4fb79d-f6hj2
content-length: 1551
x-served-by: cache-chi-klot8100084-CHI, cache-chi-kigq8000091-CHI, cache-fra-etou8220123-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:30 GMT
server: nginx
x-timer: S1709000094.893269,VS0,VE108
etag: W/"64062642-14af"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 0cf533ca-9df5-11ee-9fe4-6ae021cc8ab5
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 18 Dec 2024 22:30:30 GMT

GET
H2 200 js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 4 KB
1 KB 154ms
150ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

91e4bb6ed20592449430c1edb1d80b903c81c9d63dd48ebb1e0692039a88ee2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 102, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17720
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-8c86c97b-k4xj7
content-length: 1195
x-served-by: cache-chi-klot8100028-CHI, cache-chi-klot8100162-CHI, cache-fra-etou8220061-FRA, cache-fra-eddf8230110-FRA
last-modified: Tue, 07 Nov 2023 15:35:01 GMT
server: nginx
x-timer: S1709000094.892046,VS0,VE110
etag: W/"654a5925-f35"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 3dc07e65-7d83-11ee-af68-9efa8a798b68
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 07 Nov 2024 15:35:12 GMT

GET
H2 200 js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 4 KB
2 KB 178ms
134ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

83906d4f8a0f8d0364be66f304608d8a10f014e67336265dd89a01269c11ca0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 524, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-nxr8f
content-length: 1540
x-served-by: cache-chi-kigq8000167-CHI, cache-chi-klot8100051-CHI, cache-fra-etou8220042-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:30 GMT
server: nginx
x-timer: S1709000094.921780,VS0,VE113
etag: W/"64062642-f26"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: da088606-6287-11ee-a10b-ae25379fe8c0
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Oct 2024 07:30:11 GMT

GET
H2 200 js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 4 KB
1 KB 188ms
144ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3646dc608888e2d7ad7a83a79d6ad6ffe7c3012fbbe2c944314840436e9f5716

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 244, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17720
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-qf4fr
content-length: 1260
x-served-by: cache-chi-klot8100098-CHI, cache-chi-klot8100020-CHI, cache-fra-etou8220102-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 15 Nov 2023 13:09:50 GMT
server: nginx
x-timer: S1709000094.921771,VS0,VE124
etag: W/"6554c31e-ebf"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 5d007633-c85f-11ee-953a-3e94db4ce57e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 10 Feb 2025 21:57:20 GMT

GET
H2 200 js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 7 KB
3 KB 177ms
133ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7f02b711e88c0e385f12ecdeb9a97ba2d72465cd4dc24d3087410536d74f60a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1319, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-78789f5ddb-lwczr
content-length: 2200
x-served-by: cache-chi-kigq8000156-CHI, cache-chi-kigq8000157-CHI, cache-fra-eddf8230080-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 13 Dec 2023 14:22:05 GMT
server: nginx
x-timer: S1709000094.922457,VS0,VE112
etag: W/"6579be0d-1a28"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: ff16bce1-99c2-11ee-a4d4-0681f956c5f0
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 13 Dec 2024 14:22:07 GMT

GET
H2 200 js__RKHlmU6t0RLUncGnTujiufoFCC5MbSOoksjftmO9T3k__PHePze22Uzz7HaF6V_B3Zp-lKOIceEBNxv2aCEmB4PU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 6 KB
3 KB 175ms
132ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__RKHlmU6t0RLUncGnTujiufoFCC5MbSOoksjftmO9T3k__PHePze22Uzz7HaF6V_B3Zp-lKOIceEBNxv2aCEmB4PU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

76e0a509323608a889e87905b524cf659ea2d7fcb1a3987869b416961b60a529

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 525, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17748
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-5cc456d87b-ctxkg
content-length: 2354
x-served-by: cache-chi-kigq8000111-CHI, cache-chi-klot8100053-CHI, cache-fra-eddf8230033-FRA, cache-fra-eddf8230110-FRA
last-modified: Wed, 22 Nov 2023 14:50:46 GMT
server: nginx
x-timer: S1709000094.922724,VS0,VE110
etag: W/"655e1546-1963"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 857c765b-8946-11ee-9b2c-da844195c16f
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 22 Nov 2024 14:50:47 GMT

GET
H2 200 js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 2 KB
1 KB 173ms
129ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

39964c58ecfd8f2e123e69ac0cff4fa389b5aa7a26191883e2a4289819e19b53

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1126, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17747
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-6fcbcb6768-87vz4
content-length: 762
x-served-by: cache-chi-kigq8000027-CHI, cache-chi-kigq8000082-CHI, cache-fra-etou8220062-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:40 GMT
server: nginx
x-timer: S1709000094.922725,VS0,VE108
etag: W/"6406264c-76e"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: f9551466-5c61-11ee-81ac-f6d5c4abf348
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 26 Sep 2024 11:43:55 GMT

GET
H2 200 js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__4jW-CTXC7WRzLIe4AvHnBl9dyUG5uLWnaNbUL-jgrYw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 7 KB
3 KB 178ms
135ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__4jW-CTXC7WRzLIe4AvHnBl9dyUG5uLWnaNbUL-jgrYw__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

38bf60e9e3b26f4bbbd3cb6594d3954a3e36d2a4167b09bb746acba0fa85d4ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 411, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17727
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-8466695d9f-n4zsl
content-length: 2517
x-served-by: cache-chi-kigq8000070-CHI, cache-chi-kigq8000037-CHI, cache-fra-eddf8230110-FRA, cache-fra-eddf8230110-FRA
last-modified: Thu, 02 Nov 2023 15:51:44 GMT
server: nginx
x-timer: S1709000094.922714,VS0,VE112
etag: W/"6543c590-1b67"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: b9e94a88-7997-11ee-a730-0a7f0eacbbcc
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 02 Nov 2024 15:51:46 GMT

GET
H2 200 js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 1018 B
835 B 173ms
130ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2e235a7be093a4acc3aada042f4f7c934e26bcaadacf6c3bb0e525e28ba21000

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1314, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6cbc4fb79d-vst7h
content-length: 566
x-served-by: cache-chi-klot8100065-CHI, cache-chi-klot8100081-CHI, cache-fra-etou8220078-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:25 GMT
server: nginx
x-timer: S1709000094.922393,VS0,VE108
etag: W/"6406263d-3fa"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 0dfb9335-a675-11ee-a18b-bec8f5b2fee0
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 29 Dec 2024 18:06:57 GMT

GET
H2 200 js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 2 KB
926 B 504ms
461ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2fffee549f20803f72907134dc44b0b44c72684ecf69e92ec7b1f034fa03efa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1223, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-85576d6d5b-q7n7g
content-length: 629
x-served-by: cache-chi-kigq8000113-CHI, cache-chi-klot8100077-CHI, cache-fra-eddf8230061-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 06 Mar 2023 17:43:27 GMT
server: nginx
x-timer: S1709000094.922385,VS0,VE440
etag: W/"6406263f-61f"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 1312e9f6-8a0c-11ee-8c81-7e3af7233cd7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 23 Nov 2024 14:24:55 GMT

GET
H2 200 js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__QWVTkBrgI8Ts0VdMw11j7QuM5gAXyH3Kxpk_PEZLE7w__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 18 KB
6 KB 171ms
128ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__QWVTkBrgI8Ts0VdMw11j7QuM5gAXyH3Kxpk_PEZLE7w__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ee2eacb783191c9897eb92041b40c6330e37e46624ebd2204a501fbb94b4fb06

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1338, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-68b948c8df-rw4ql
content-length: 5859
x-served-by: cache-chi-klot8100074-CHI, cache-chi-klot8100129-CHI, cache-fra-etou8220080-FRA, cache-fra-eddf8230110-FRA
last-modified: Thu, 11 Jan 2024 22:52:25 GMT
server: nginx
x-timer: S1709000094.922379,VS0,VE107
etag: W/"65a07129-48bf"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 178acd64-b0d4-11ee-8822-0a05e7c31cf5
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 11 Jan 2025 22:52:26 GMT

GET
H2 200 js__5JgaXR8D2C00E22GhU2eB1lVAKgbz2L03t9_2mjtbvU__jsf8gUmjQabawiet5xN7FARmhje4S0BRk0UtxOVEzLY__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 1 KB
902 B 188ms
145ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__5JgaXR8D2C00E22GhU2eB1lVAKgbz2L03t9_2mjtbvU__jsf8gUmjQabawiet5xN7FARmhje4S0BRk0UtxOVEzLY__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e6e9870f494b1c2287e84247ac3399299d17337087788b2f40d4f7c9fcb42f46

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 471, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-55f9644964-pbzhj
content-length: 553
x-served-by: cache-chi-kigq8000095-CHI, cache-chi-klot8100165-CHI, cache-fra-eddf8230106-FRA, cache-fra-eddf8230110-FRA
last-modified: Tue, 21 Mar 2023 15:18:14 GMT
server: nginx
x-timer: S1709000094.922382,VS0,VE123
etag: W/"6419cab6-481"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 9dd672bc-7bb6-11ee-a3e4-56191d0501b8
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 05 Nov 2024 08:37:55 GMT

GET
H2 200 js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__w8FZSOsZK0f9yTHMZcCfpVlEHPPTaUK-KbHnmWrj31o__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js Show response
www.forcepoint.com/sites/default/files/advagg_js/ 82 KB
28 KB 178ms
136ms Script
application/x-javascript 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__w8FZSOsZK0f9yTHMZcCfpVlEHPPTaUK-KbHnmWrj31o__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

060d034a1fdbdb5132ca7909b70f118b741fcf85c42f3d9012a0dfab1bebf0fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 105, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17720
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-768586b58-6h2z9
content-length: 27774
x-served-by: cache-chi-kigq8000112-CHI, cache-chi-kigq8000039-CHI, cache-fra-eddf8230087-FRA, cache-fra-eddf8230110-FRA
last-modified: Thu, 22 Feb 2024 14:18:37 GMT
server: nginx
x-timer: S1709000094.922347,VS0,VE113
etag: W/"65d757bd-147f5"
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
x-styx-req-id: 08252b63-d41d-11ee-a453-4e1dfad0263a
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 25 Feb 2025 20:32:45 GMT

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=4631967474424539940

0
233 B

447ms
367ms

Image
application/json

2600:9000:2670:ee00:12:3734:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=www.forcepoint.com&pId=4631967474424539940
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Protocol: H2
Server: 2600:9000:2670:ee00:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 02:14:54 GMT
via: 1.1 ae80ccab7109b5d2f1c1ee784af203a6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P9
x-cache: Miss from cloudfront
content-type: application/json
x-amz-cf-id: 1DTW8QB1Zz8kR95B1o_CRmisPRVIAepgjr2RdlMyRcYV7svKZ_zNuQ==
content-length: 0
apigw-requestid: TxfQ1iRMoAMEJEw=

Redirect headers

pragma: no-cache
date: Tue, 27 Feb 2024 02:14:54 GMT
an-x-request-uuid: 9b231496-7570-4266-91f0-75dda993ed8f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://attr.ml-api.io/?domain=www.forcepoint.com&pId=4631967474424539940
x-proxy-origin: 217.114.218.27; 217.114.218.27; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/ 446 KB
108 KB 27ms
26ms Script
application/javascript 2600:9000:235a:d000:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:d000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d16d7e14198e58f5ce2e0abc1456785a2055dc988d790eef6fa64f4ca4025c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id: BJ3.3F_Ell07QaAYMjf8_.V.lod27DLj
content-encoding: br
via: 1.1 ccd3e547bd5d86bbfbaca15b4307ce70.cloudfront.net (CloudFront)
date: Tue, 27 Feb 2024 02:13:54 GMT
last-modified: Mon, 19 Feb 2024 15:27:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
age: 61
x-amz-server-side-encryption: AES256
etag: W/"9f93a36d64238db42bca8516d21d2742"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=300
x-amz-cf-id: fUPg6VMuLrpmb7UWSVXt3YIF5JiecI-cf3h5Qzhd4UpIiAhBbI28_g==

GET
DATA 200
OK truncated
/ 166 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 450 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 141 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 187 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 660 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 372 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 372 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 248 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 chevron-right-xxs.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/ 213 B
621 B 133ms
133ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/chevron-right-xxs.svg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__80VGyxVhXWGiyeQZt7nKqWtwL_miYRRtgTnlscUSjWs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

eb06d9c1faf512de924b0840e5ff2cea13ea5154e84b9a2edb23c3ee94602bd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__80VGyxVhXWGiyeQZt7nKqWtwL_miYRRtgTnlscUSjWs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 752, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-c6tk9
content-length: 174
x-served-by: cache-chi-klot8100148-CHI, cache-chi-klot8100148-CHI, cache-fra-eddf8230075-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 26 Feb 2024 04:18:08 GMT
server: nginx
x-timer: S1709000094.141825,VS0,VE112
etag: W/"65dc1100-d5"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: abd885b3-d4ec-11ee-b347-f63639400a04
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:05 GMT

GET
DATA 200
OK truncated
/ 636 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 636 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 636 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 banner-woman.jpg
www.forcepoint.com/sites/default/files/ 12 KB
13 KB 23ms
23ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/banner-woman.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 363, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 409075
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=139269 idim=591x426 ifmt=jpeg ofsz=12712 odim=591x426 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-7766b97b54-bj622
content-length: 12712
x-served-by: cache-chi-kigq8000020-CHI, cache-chi-kigq8000031-CHI, cache-fra-eddf8230087-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.147014,VS0,VE3
etag: "N0lQYBtHe5ciagpRVpui8m2mvIrccgSXz/6JZdtfgoA"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: cda0e6ce-4fe4-11ee-ad17-1680089671b6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 10 Sep 2024 14:17:41 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 750 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H2 200 ajax-loader.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 363 B
733 B 24ms
22ms Image
image/gif 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ajax-loader.gif

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f6111a2b70adc74b366e13097ef3bc968003d16bbebbd72d324cdb73edb32c36

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__80VGyxVhXWGiyeQZt7nKqWtwL_miYRRtgTnlscUSjWs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1, 914, 34, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 2953880
http_x_geo_region: DE-TH
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=404 idim=43x11 ifmt=gif ofsz=363 odim=43x11 ofmt=gif ofrm=4
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-65d46855f6-q6ct7
content-length: 363
x-served-by: cache-chi-kigq8000078-CHI, cache-chi-kigq8000100-CHI, cache-fra-eddf8230069-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.150307,VS0,VE2
etag: "c9vdSz1SobFgJvEEIebuVOe3obQGnXd87HeEFJfv0io"
vary: Accept, orig-host
content-type: image/gif
x-styx-req-id: 358aeb06-480b-11ee-9505-2a73621cb626
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 31 Aug 2024 14:32:27 GMT

GET
H2 200 bg-blog-podcast-final-plea.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/ 136 KB
137 KB 25ms
23ms Image
image/webp 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/bg-blog-podcast-final-plea.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

defd01b0db74c62e4efe18ef38e5ec968f2b8c2cf51ab6b14f12e1ad250eec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__80VGyxVhXWGiyeQZt7nKqWtwL_miYRRtgTnlscUSjWs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1, 743, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
fastly-io-served-by: vpop-mnz1300715
age: 2301150
http_x_geo_region: DE-TH
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=236236 idim=580x458 ifmt=png ofsz=139710 odim=580x458 ofmt=webp
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-b-68df48cffd-d7rjn
content-length: 139710
x-served-by: cache-chi-kigq8000089-CHI, cache-chi-kigq8000089-CHI, cache-fra-eddf8230133-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.150305,VS0,VE3
etag: "J4HM7COV6lmZQG/n7TaO0MtxZmafgyzKI2fNbOojs8E"
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 66fdc4a2-6286-11ee-94c4-0e8b8ab6185f
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Oct 2024 07:19:48 GMT

GET
H2 200 f-white.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 257 B
447 B 136ms
135ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/f-white.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__80VGyxVhXWGiyeQZt7nKqWtwL_miYRRtgTnlscUSjWs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1021, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-l75pm
content-length: 187
x-served-by: cache-chi-klot8100116-CHI, cache-chi-klot8100116-CHI, cache-fra-etou8220042-FRA, cache-fra-eddf8230110-FRA
last-modified: Sat, 24 Feb 2024 22:13:10 GMT
server: nginx
x-timer: S1709000094.150302,VS0,VE114
etag: W/"65da69f6-101"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: abd9fb5a-d4ec-11ee-8e24-b2b131c25595
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:05 GMT

GET
DATA 200
OK truncated
/ 442 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 icon-anchor-arrow-teal.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/ 655 B
847 B 133ms
133ms Image
image/svg+xml 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/icon-anchor-arrow-teal.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__80VGyxVhXWGiyeQZt7nKqWtwL_miYRRtgTnlscUSjWs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1015, 0, 0, 0
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17749
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-b-6bcf4d4f8-vbc82
content-length: 400
x-served-by: cache-chi-klot8100063-CHI, cache-chi-klot8100063-CHI, cache-fra-etou8220138-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 26 Feb 2024 06:30:52 GMT
server: nginx
x-timer: S1709000094.150433,VS0,VE111
etag: W/"65dc301c-28f"
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: abdc6b18-d4ec-11ee-a81b-8e864566e8c9
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:05 GMT

GET
DATA 200
OK truncated
/ 383 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 558 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 356 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 431 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 688 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
19 KB 132ms
132ms Font
font/woff 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__80VGyxVhXWGiyeQZt7nKqWtwL_miYRRtgTnlscUSjWs__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.css
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 1427, 0, 0, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 17751
http_x_geo_region: DE-TH
x-cache: HIT, MISS, MISS, MISS
http_x_geo_continent: EU
x-pantheon-styx-hostname: styx-fe3-a-768586b58-zxh75
content-length: 18868
x-served-by: cache-chi-klot8100050-CHI, cache-chi-kigq8000070-CHI, cache-fra-eddf8230110-FRA, cache-fra-eddf8230110-FRA
last-modified: Mon, 26 Feb 2024 02:03:03 GMT
server: nginx
x-timer: S1709000094.150881,VS0,VE111
etag: "65dbf157-49b4"
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: aab9d81e-d4ec-11ee-8c3e-0606ae8e85e6
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 26 Feb 2025 21:19:03 GMT

GET
H2 200 latest.js Show response
scripts.simpleanalyticscdn.com/ 7 KB
5 KB 97ms
23ms Script
application/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.simpleanalyticscdn.com/latest.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_js/js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__rRK7VaPHDuU2nK9lSh5JWYQ1DIepSoERX2lnMd-nDtE__oaPyHWVyQ8rNFyT6lwGAMnF3TRxCgxa-yRvSjCdUbZc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: a965bdafdcbdf6a1bc0a04fb81ee6d5fb86e1fde7a2da4e8998ab3bcf467bdb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 02:14:54 GMT
content-encoding: br
cdn-edgestorageid: 1080
cdn-storageserver: DE-676
cdn-cachedat: 10/31/2023 19:00:09
cdn-pullzone: 103822
last-modified: Mon, 10 Jul 2023 03:50:47 GMT
server: BunnyCDN-DE1-1081
cdn-fileserver: 635
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64ab8017-1d5b"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 621ef7c8-45de-46e4-8237-2eca0c3a2d75
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=604800
simple-analytics: true
cdn-requestid: c54a129eacbda649621fc050427f79b7
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H/1.1 202
Accepted noscript.gif
queue.simpleanalyticscdn.com/ 43 B
410 B 170ms
77ms Image
image/gif 190.2.151.160
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://queue.simpleanalyticscdn.com/noscript.gif
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 190.2.151.160 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-160.hosted-by-worldstream.net
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 27 Feb 2024 02:14:54 GMT
Simple-Analytics-Feedback: Thanks for sending this page view!
Simple-Analytics-Location: not_set
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 43
Expires: 0

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
432 B 22ms
22ms Script
application/javascript 2600:9000:235a:d000:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=websense/forcepoint-2018/202402191526&cb=1709000094379
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:d000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date: Tue, 27 Feb 2024 02:07:35 GMT
via: 1.1 ccd3e547bd5d86bbfbaca15b4307ce70.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 440
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
server: AmazonS3
etag: "7bc0ee636b3b83484fc3b9348863bd22"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: 43Y1FooFXcyIhoJil1hmpWvuBXz9pj5WgJkPWtqdEhOmRFDtWIRIQA==

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/ 47 KB
7 KB 379ms
333ms XHR
application/json 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.4769&X-HubSpot-Static-App-Info=forms-embed-1.4769

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16ff57743f479ea988b90e1f160f8a3f739513aca40a1d55eab368424bafa7d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.forcepoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

X-Origin-Hublet: na1
Date: Tue, 27 Feb 2024 02:14:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: cf31d33c-9a30-44be-adf1-0d0a91b10292
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 11
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: cf31d33c-9a30-44be-adf1-0d0a91b10292
Server: cloudflare
X-Trace: 2BD87EF713D392F578853BC9A361C625334DDDA5A2000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.forcepoint.com
x-evy-trace-virtual-host: all
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 85bceabe4a71360f-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-xtpfl

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/ 47 KB
7 KB 201ms
155ms XHR
application/json 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.4769&X-HubSpot-Static-App-Info=forms-embed-1.4769

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27a0968cb85ea6ef7fb6a04a3c144450fd9e24202c06e03dca4d551d5c580018

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.forcepoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

X-Origin-Hublet: na1
Date: Tue, 27 Feb 2024 02:14:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 5d24baa6-11ec-4fb9-bc61-651e0c2eed4c
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 14
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5d24baa6-11ec-4fb9-bc61-651e0c2eed4c
Server: cloudflare
X-Trace: 2B50761FEFA6CACE433C2F96A267D17AA04BBEE53D000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.forcepoint.com
x-evy-trace-virtual-host: all
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 85bceabe5a6c4d85-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-bbxhh

GET
H2 200 loading.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 76 KB
77 KB 24ms
24ms Image
image/gif 2a04:4e42:400::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/loading.gif

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::740 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

dd0779c9ae69f9d8cd8728663703ce2cc6ec972dc5350a5f6948a15d67fbeea9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0, 90, 1, 0
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
age: 3010880
http_x_geo_region: DE-TH
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=80522 idim=200x200 ifmt=gif ofsz=78220 odim=200x200 ofmt=gif ofrm=30
http_x_geo_continent: EU
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe3-a-65d46855f6-xk7dc
content-length: 78220
x-served-by: cache-chi-kigq8000111-CHI, cache-chi-kigq8000104-CHI, cache-fra-etou8220099-FRA, cache-fra-eddf8230110-FRA
server: nginx
x-timer: S1709000094.411605,VS0,VE4
etag: "Nxhc6+NYNokf+oi4tit7qUckgh54LwQ6JJFLiU/ddPg"
vary: Accept, orig-host
content-type: image/gif
x-styx-req-id: 49ab558b-4631-11ee-b790-6a2528cd0596
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 29 Aug 2024 05:59:59 GMT

GET
H/1.1 202
Accepted simple.gif
queue.simpleanalyticscdn.com/ 43 B
410 B 99ms
35ms Image
image/gif 190.2.151.160
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://queue.simpleanalyticscdn.com/simple.gif?version=cdn_latest_11&hostname=www.forcepoint.com&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F122.0.6261.69%20Safari%2F537.36&https=true&timezone=Europe%2FBerlin&page_id=c07770a8-8f94-4714-aa57-3220b215da19&session_id=159b0215-ce4e-40d7-9869-3d8222858f63&sri=false&mobile=false&brands=%5B%5D&os_name=&os_version=&path=%2Fblog%2Fx-labs%2Fagent-tesla-malware-attacks-travel-industry&viewport_width=1600&viewport_height=1200&language=en-US&screen_width=1600&screen_height=1200&unique=true&id=c07770a8-8f94-4714-aa57-3220b215da19&type=pageview&time=1709000094425
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 190.2.151.160 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-160.hosted-by-worldstream.net
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 27 Feb 2024 02:14:54 GMT
Simple-Analytics-Feedback: Thanks for sending this page view!
Simple-Analytics-Location: not_set
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 43
Expires: 0

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
624 B 154ms
129ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 02:14:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 353664d1-6976-4132-8db2-e218101a7778
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 353664d1-6976-4132-8db2-e218101a7778
server: cloudflare
x-trace: 2BE8374F70EA0B92D12FA816A35794C0700E543CC0000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-h9f8j
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 85bceabf8c0a1d86-FRA

GET
DATA 200
OK truncated
/ 133 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
geolocation-db.com/json/ 146 B
257 B 92ms
38ms XHR
text/html 159.89.102.253
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://geolocation-db.com/json/
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.4.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 3b73d75d0a472df6d579f4ab560c870976942d9fccf4ead0fbe44b6f80185f5f

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.forcepoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 27 Feb 2024 02:14:54 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1015 B 195ms
134ms Image
image/gif 2606:4700::6811:cff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Tue, 27 Feb 2024 02:14:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: bd22dccc-f883-451b-ad55-f9b17204fe12
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: bd22dccc-f883-451b-ad55-f9b17204fe12
Server: cloudflare
X-Trace: 2BF22DC4AE2F50A4D1B1A6DA3850BAE29C24E713E3000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-9285z
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 85bceabffdc671c1-FRA

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
589 B 129ms
129ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 02:14:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ef03f7e9-8ffd-4f94-8045-f47719776aa0
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ef03f7e9-8ffd-4f94-8045-f47719776aa0
server: cloudflare
x-trace: 2B2BB4D21ED65EB9BA7840C5D497949E25D4621665000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-r4fkb
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 85bceac06c831d86-FRA

GET
H2 200 nr-rum-1.252.0.min.js Show response
js-agent.newrelic.com/ 45 KB
16 KB 77ms
20ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-rum-1.252.0.min.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6b7970f123e87891537b8ffc02756230f04ab709f6e86d99628d1d7517b1ce06

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/
Origin: https://www.forcepoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id: MnZvesGWBG.EVnzUmRfpgushluAYDfro
content-encoding: br
via: 1.1 varnish
date: Tue, 27 Feb 2024 02:14:54 GMT
strict-transport-security: max-age=300
x-amz-request-id: 3AZFGQ65YT7G8WVS
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 15806
x-amz-id-2: A6Mfgavx6/jBn6/p5RqADam52Skp+cv0q72fzqwsbGIfcM/uJRKZ23E6bG9Gx8TO10Lh/t7V67A=
x-served-by: cache-fra-eddf8230102-FRA
last-modified: Tue, 13 Feb 2024 00:41:07 GMT
server: AmazonS3
x-timer: S1709000095.976594,VS0,VE0
etag: "2c25d4506676f166485b739ec4e56a2e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 103606

POST
H/1.1 200 NRJS-922263b7f65c352c48b Show response
bam.nr-data.net/1/ 40 B
406 B 627ms
564ms XHR
text/plain 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-922263b7f65c352c48b?a=477262540&v=1.252.0&to=YFEDbUMFXBBXB0RbXlkbIFpFDV0NGRRRVVRoWQBXUANXEWkKX1ZUaEIIXEY7QgJRAQ%3D%3D&rst=1364&ck=0&s=d3ee21b20de9b55d&ref=https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry&hr=0&ap=1387&be=195&fe=1080&dc=550&at=TBYAGwsfTx4%3D&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1709000093635,%22n%22:0,%22f%22:0,%22dn%22:21,%22dne%22:21,%22c%22:21,%22s%22:42,%22ce%22:65,%22rq%22:65,%22rp%22:195,%22rpe%22:217,%22di%22:680,%22ds%22:741,%22de%22:745,%22dc%22:1273,%22l%22:1273,%22le%22:1275%7D,%22navigation%22:%7B%7D%7D&fp=436&fcp=539
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.252.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b5b1b39cb4bb3f74c125d87f24c7db43e7e65d14c2184e74d77b7857c2785ede

Request headers

Referer: https://www.forcepoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 27 Feb 2024 02:14:55 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.forcepoint.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 40
x-served-by: cache-fra-eddf8230121-FRA

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.forcepoint.com/	1970-01-21 03:28:56	Name: utag_main__sn Value: 1
.forcepoint.com/	1970-01-20 18:43:21	Name: utag_main__se Value: 1%3Bexp-session
.forcepoint.com/	1970-01-20 18:43:21	Name: utag_main__ss Value: 1%3Bexp-session
.forcepoint.com/	1970-01-20 18:43:21	Name: utag_main__st Value: 1709001894185%3Bexp-session
.forcepoint.com/	1970-01-20 18:43:21	Name: utag_main_ses_id Value: 1709000094185%3Bexp-session
.forcepoint.com/	1970-01-20 18:43:21	Name: utag_main__pn Value: 1%3Bexp-session
.adnxs.com/	1970-01-20 20:52:56	Name: XANDR_PANID Value: fI2o171T9SehHXAv6qz1MJ--idD8wKMPoOH1hlCIG5HbmPx-LkubBp9v54d7NJDbsVpHqZ8H3hpY862vrWOcEVCzBdECb6Q14-Ju2NUWSX0.
.adnxs.com/	1970-01-21 04:19:20	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:52:56	Name: uuid2 Value: 4631967474424539940

21 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/help.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/message-24-warning.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/message-24-error.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/menu-expanded.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/tree-bottom.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/menu-collapsed.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/message-24-ok.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/throbber-inactive.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/draggable.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/grippie.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/tree.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/throbber-active.gif was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry Message: The resource https://www.forcepoint.com/misc/progress.gif was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .fonts.net .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com .ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com .nr-data.net .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com .theadex.com .aumago.com .driftqa.com .scribblecdn.net .esg-global.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .clickagy.com .nimblestory.com .usemessages.com .stackadapt.com .googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net .w55c.net .demandbase.com .company-target.com .gstatic.com .tiqcdn.com .marketo.net .newrelic.com .facebook.net .ads-twitter.com .burly.io .bizographics.com .nr-data.net .licdn.com .tt.omtrdc.net .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com .ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com app.vwo.com .ubembed.com .driftt.com .vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com .adobe.com .consensu.org .bizible.com .theadex.com .aumago.com .zoominfo.com .clickagy.com .redditstatic.com .quantcount.com .g2crowd.com .steelhousemedia.com .scribblecdn.net .esg-global.com .6sc.co .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .jquery.com .google.com .hscollectedforms.net .jsdelivr.net .stackadapt.com .googlesyndication.com .simpleanalyticscdn.com; img-src data: ; font-src 'self' .google.com .googleadservices.com; connect-src 'self' .vwo.com .demdex.net .omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net .theadex.com .aumago.com .google-analytics.com .6sc.co .adnxs.com .vidyard.com .6sense.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com api.hubapi.com .hsforms.net .hsforms.com .s3.amazonaws.com .drift.com .clickagy.com .facebook.com .zoominfo.com geolocation-db.com cdn.linkedin.oribi.io .hubspot.com .hscollectedforms.net .stackadapt.com .google.com .googletagmanager.com .googleadservices.com google.com .googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

attr.ml-api.io
bam.nr-data.net
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
forms-na1.hsforms.com
forms.hsforms.com
geolocation-db.com
js-agent.newrelic.com
js.hsforms.net
queue.simpleanalyticscdn.com
s.ml-attr.com
scripts.simpleanalyticscdn.com
secure.adnxs.com
tags.tiqcdn.com
www.forcepoint.com
151.101.130.137
159.89.102.253
162.247.243.29
185.89.210.82
190.2.151.160
2400:52e0:1e00::1081:1
2600:9000:235a:d000:7:2bfb:7c00:93a1
2600:9000:2670:ee00:12:3734:2a40:93a1
2606:4700::6810:5614
2606:4700::6810:8bce
2606:4700::6811:190e
2606:4700::6811:cff9
2606:4700::6811:eff9
2a04:4e42:200::649
2a04:4e42:400::740
68.67.153.60
018992119d8ab2421aef851b71a4f09704eb5fea950b795061f25f5a303fe775
0370218a5b3b2dd0fafe99389e5c792eba8f07d4ef1959ccbaf023692e9ce25a
060d034a1fdbdb5132ca7909b70f118b741fcf85c42f3d9012a0dfab1bebf0fa
0afb763c1de6f6fbc5f775e18225ab96ced3818b62a597b7bac98d3fa29f3f23
0b7943307c6a7d7f4d6008a4746a25fd1bb56da6280123ede2e5ba8013d95527
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae
10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3
13b83d15b9225245fe9584f868e9b545def866ac08a3487354a493ce44cce428
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
16ff57743f479ea988b90e1f160f8a3f739513aca40a1d55eab368424bafa7d7
19cdc4ed4878e039b0232e6e08162b9561193153606be4ce02c68afbd08ed60c
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
2528d731c4e61e67f78982f202d1de7e6f7a234117b4d9c98325c27e33c6e1d3
2609e47af9b5fd41bcc697b9545be93106f378abde6263e1ca3394420121770f
26be2c4cd498798df8895f91aacf2b8ffc5bd02686c4f695b081987fbe12c8c5
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4
2775873de34599848dfcd2b6a5772d9ebb2cf56d0ba8df5925fe0b20b3c1cf50
27a0968cb85ea6ef7fb6a04a3c144450fd9e24202c06e03dca4d551d5c580018
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
2d6c54b4b4a8eaee36561dea258e5b8de817e8001f049b785dec91199a1d41db
2e235a7be093a4acc3aada042f4f7c934e26bcaadacf6c3bb0e525e28ba21000
2e762e8da9e634ed25afc29890f55b60fa70da718945b14f106b402b00b445be
2fffee549f20803f72907134dc44b0b44c72684ecf69e92ec7b1f034fa03efa7
3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d
315a9c305e1926c48ac8da233a318ad97e847efdeda17656e4f3a1ec3baca916
33b128756a04391f0db5eb0002fc1d19d63bb5739cfa4a81004d995bf0624550
3646dc608888e2d7ad7a83a79d6ad6ffe7c3012fbbe2c944314840436e9f5716
38bf60e9e3b26f4bbbd3cb6594d3954a3e36d2a4167b09bb746acba0fa85d4ce
39964c58ecfd8f2e123e69ac0cff4fa389b5aa7a26191883e2a4289819e19b53
3b73d75d0a472df6d579f4ab560c870976942d9fccf4ead0fbe44b6f80185f5f
3c038194973d40a7f2f1c0d1a000310a468a5325a30c74f0e85238ec0770e15d
42139af63a51353a5ebd189672677d738178e64fcf6f4cd66db3c009ada46386
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
465a0cb24dc5db7c3487f58e9ecca008e1f7989fd7cb3c20b37a7affe82a2923
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3
4a73f4a5ac2af872f8d64915dc379db465753f32993d9afc0a42cd14f98c76e7
4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70
50f6481e8c65a0c9796497b33a24bf50a90a531fc3e1cc0dc019e2af14c8abef
521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
59a68a5a40d1eec0caec75da57fd268c088add71617643f0e3f17b2ca9ef0cbc
5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886
5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53
678282fe511fe174839ebaa6b0443c44c6045fdb7f07ae94b1962d3b4c8cc028
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868
69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b7970f123e87891537b8ffc02756230f04ab709f6e86d99628d1d7517b1ce06
7123839f84e1cfb8c2d48c80f74d72746c67f9f6c2b7140f24e78e4671f543cc
7277aa6992f8d84c899d9677fe5624ad79d80bdf298ddd5a2d0dd27b0a28041b
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
74c0b34fce543ce085851b0d644471c036853519593e2c704615ddca08466999
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
75de14e55fe4b7b7ee193c5f3c8a4447b8928c21354e28e194f0e89506f85e18
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
76e0a509323608a889e87905b524cf659ea2d7fcb1a3987869b416961b60a529
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455
7c38acd92ae6bde95f3f8108a03252fffb82ccd6abea48e29ea0b7f365297287
7c68d38dc1052a408c829d05cc96b9e045bd23fd3b6c76a748aef6269ec7940a
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
7f02b711e88c0e385f12ecdeb9a97ba2d72465cd4dc24d3087410536d74f60a3
8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a
809bf772861d5903dcd978e3712a6d2934cc4c74961358159ece9d1442c41eda
83906d4f8a0f8d0364be66f304608d8a10f014e67336265dd89a01269c11ca0d
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8
88bfa92647e210d30edb16c62740b6472e03715265e5af3b8a5256b104c8d4f1
8d16d7e14198e58f5ce2e0abc1456785a2055dc988d790eef6fa64f4ca4025c2
90b41e5c93d136dda77253ebb712fcaf85519080d23325dc52e5950066dcbf8f
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
91e4bb6ed20592449430c1edb1d80b903c81c9d63dd48ebb1e0692039a88ee2a
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
95466f54e05aa0e66fb31d01cd96eef195e7f2f005ee35f21f41c38b2aac758f
98045ab7e2e6704bd550c8d95bda096ec31398b1cefb1c222adf8c2715694c50
98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742
9a5b4817923ddcf72a52cacaace5f31905defc508f06ee2f76a40c6b9f3441c0
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
9c4fa79e01e7cbed31a72effd4fd2f86afbfa25199ab57925d2429fb37a0ae11
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
9e364511ec9f9b84758e997b3f4492bb37b58219411647ca206e3e43daa685b1
9fffc4e58b892d9569c242e62f2e7c032e94f92e1b812837a1773d7cbb06e02a
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
a0f75cf1362c1ec32b36d3f7ffa3eac1888ded73367c8e2693e809bac9e5f090
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d
a56f2c1bfb78496d7e0497dd5c79dbf789c1b9ef3833d319e0d143650d041757
a965bdafdcbdf6a1bc0a04fb81ee6d5fb86e1fde7a2da4e8998ab3bcf467bdb4
aae32b2bc7f6bc3224ccd8e50e4b9b5e740ef619fa66e7c75b9fb135470f45d9
ad2064f58daf0c71dc4f1cd5c97ebe1a5fc1eae8cb6c6f75e5e0e696be1cb07d
aefac767f2617c338018cbca3022e5ced47b461d4cea1b93f462012d9be3e25e
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9
b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b
b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29
b5b1b39cb4bb3f74c125d87f24c7db43e7e65d14c2184e74d77b7857c2785ede
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
bca91955ee23429e0c104b6ceee2945744c3709dddb56962d439b7965fa9fcee
bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b
bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf
c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
c7df1285277e150259e2352c0490924c2cc1f048e2899d8652ec17da6d0e9b50
ccdfd9e6afc4f259c5ffa50d3b74d7e6e75d3472749feab7b66b6e47001e596a
ceb7f847854cbb5e36829e45e1ed24bbd035cf2f333de9877f2f228253034eb0
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
db5ca58b27a83629cd3331e6bcf94831488c4f5656b1bc39fa6154b37921ac45
db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f
dd0779c9ae69f9d8cd8728663703ce2cc6ec972dc5350a5f6948a15d67fbeea9
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3
dee914f6fd3d41a283ca466c8a80256a21039bd7fff4c6d758b2d492b216d44b
defd01b0db74c62e4efe18ef38e5ec968f2b8c2cf51ab6b14f12e1ad250eec84
df8242b103d403abcb126c10014b060b0bf91c3be337a7767f4c3b365cb3b35d
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f
e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c
e6e9870f494b1c2287e84247ac3399299d17337087788b2f40d4f7c9fcb42f46
e7e02c8510e5cdcf18b17c36aab04ff6867e018178fe5594aa9c1fb40f252838
eb06d9c1faf512de924b0840e5ff2cea13ea5154e84b9a2edb23c3ee94602bd7
ee27e3cdc69e172aac4b82b3f20d30a2e9b8fc56e7154475292f0ce338b8a5a5
ee2eacb783191c9897eb92041b40c6330e37e46624ebd2204a501fbb94b4fb06
f12ed71bda9274dedc7c023f0bc8f1fd4d83ca512b1cce028d05a5e9dd6d71ae
f4396a838daa0fb4334b5e8e8321322dfb1507176cf531868e16a1216e86f72a
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241
f6111a2b70adc74b366e13097ef3bc968003d16bbebbd72d324cdb73edb32c36
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5
f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1
f9afd06c5076351f2ab27705cb125c0d0e38985509ea93ec1d58a41f88f09513
fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5
fbd4b88f230a49ad700e5827908134073effe5f14f95df36861d00590441d74b
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0

www.forcepoint.com Open in urlscan Pro 2a04:4e42:400::740 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

141 Requests

99 %HTTPS

63 %IPv6

14 Domains

16 Subdomains

15 IPs

3 Countries

2025 kBTransfer

5448 kBSize

9 Cookies

9 Outgoing links

Redirected requests

141 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 21 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.forcepoint.com Open in urlscan Pro
2a04:4e42:400::740 Public Scan

Screenshot
Live screenshot

Full Image

141
Requests

99 %
HTTPS

63 %
IPv6

14
Domains

16
Subdomains

15
IPs

3
Countries

2025 kB
Transfer

5448 kB
Size

9
Cookies

141 HTTP transactions
21 data transactions