urlscan.io logo urlscan.io
SecurityTrails logo

www.forcepoint.com Open in urlscan Pro
2a04:4e42:600::740  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet
Effective URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Submission: On November 16 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 3 countries across 14 domains to perform 71 HTTP transactions. The main IP is 2a04:4e42:600::740, located in United States and belongs to FASTLY, US. The main domain is www.forcepoint.com. The Cisco Umbrella rank of the primary domain is 202597.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on January 24th 2022. Valid for: a year.
This is the only time www.forcepoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 48 2a04:4e42:600... 54113 (FASTLY)
3 2001:4de0:ac1... 20446 (STACKPATH...)
3 95.101.200.249 16625 (AKAMAI-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 68.67.153.60 29990 (ASN-APPNEX)
2 2 37.252.171.53 29990 (ASN-APPNEX)
1 2600:9000:21f... 16509 (AMAZON-02)
6 34.96.102.137 396982 (GOOGLE-CL...)
1 108.156.253.230 16509 (AMAZON-02)
4 2606:4700::68... 13335 (CLOUDFLAR...)
2 159.89.102.253 14061 (DIGITALOC...)
1 54.69.84.146 16509 (AMAZON-02)
1 151.101.130.137 54113 (FASTLY)
1 162.247.241.14 23467 (NEWRELIC-...)
71 13
48    2a04:4e42:600::740 (United States)

ASN54113 (FASTLY, US)
www.forcepoint.com
3    2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
3    95.101.200.249 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-200-249.deploy.static.akamaitechnologies.com
tags.tiqcdn.com
1    2606:4700::6811:ba49 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsforms.net
1    68.67.153.60 (Secaucus, United States)

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net
s.ml-attr.com
2    37.252.171.53 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
1    2600:9000:21f3:e800:12:3734:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)
attr.ml-api.io
6    34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com
dev.visualwebsiteoptimizer.com
1    108.156.253.230 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-253-230.dus51.r.cloudfront.net
d5phz18u4wuww.cloudfront.net
4    2606:4700::6810:5605 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
2    159.89.102.253 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
geolocation-db.com
1    54.69.84.146 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-84-146.us-west-2.compute.amazonaws.com
dx.steelhousemedia.com
1    151.101.130.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    162.247.241.14 (Lake Oswego, United States)

ASN23467 (NEWRELIC-AS-1, US)
bam.nr-data.net
Apex Domain
Subdomains		 Transfer
48 forcepoint.com
www.forcepoint.com — Cisco Umbrella Rank: 202597
2 MB
6 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4805
111 KB
4 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 4340
12 KB
3 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 944
131 KB
3 jquery.com
code.jquery.com — Cisco Umbrella Rank: 669
102 KB
2 geolocation-db.com
geolocation-db.com — Cisco Umbrella Rank: 16296
513 B
2 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 426
2 KB
1 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 219
616 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 334
14 KB
1 steelhousemedia.com
dx.steelhousemedia.com — Cisco Umbrella Rank: 10004
4 KB
1 cloudfront.net
d5phz18u4wuww.cloudfront.net
56 KB
1 ml-api.io
attr.ml-api.io — Cisco Umbrella Rank: 19269
231 B
1 ml-attr.com
s.ml-attr.com — Cisco Umbrella Rank: 15765
283 B
1 hsforms.net
js.hsforms.net — Cisco Umbrella Rank: 6410
148 KB
71 14
Domain Requested by
48 www.forcepoint.com 1 redirects www.forcepoint.com
dx.steelhousemedia.com
6 dev.visualwebsiteoptimizer.com tags.tiqcdn.com
dev.visualwebsiteoptimizer.com
www.forcepoint.com
d5phz18u4wuww.cloudfront.net
4 forms.hsforms.com js.hsforms.net
3 tags.tiqcdn.com www.forcepoint.com
tags.tiqcdn.com
3 code.jquery.com www.forcepoint.com
2 geolocation-db.com code.jquery.com
2 secure.adnxs.com 2 redirects
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com www.forcepoint.com
1 dx.steelhousemedia.com tags.tiqcdn.com
1 d5phz18u4wuww.cloudfront.net tags.tiqcdn.com
1 attr.ml-api.io www.forcepoint.com
1 s.ml-attr.com 1 redirects
1 js.hsforms.net www.forcepoint.com
71 14
Subject Issuer Validity Valid
forcepoint.com
Sectigo RSA Organization Validation Secure Server CA		 2022-01-24 -
2023-01-24		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2022-08-03 -
2023-07-14		 a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA		 2022-02-27 -
2023-02-28		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-15 -
2023-06-15		 a year crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2		 2022-07-04 -
2023-08-05		 a year crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
geolocation-db.com
R3		 2022-10-17 -
2023-01-15		 3 months crt.sh
*.steelhousemedia.com
Go Daddy Secure Certificate Authority - G2		 2022-05-17 -
2023-06-18		 a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2		 2022-07-10 -
2023-08-11		 a year crt.sh
*.nr-data.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-10 -
2023-02-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Frame ID: 63A26BE14041F2E7B91A91D3ACC116F5
Requests: 88 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Thanks for Giving, Emotet! | Forcepoint

Page URL History Show full URLs

  1. https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet HTTP 301
    https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <(?:link|style)[^>]+"/sites/(?:default|all)/(?:themes|modules)/
Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Overall confidence: 100%
Detected patterns
  • dev\.visualwebsiteoptimizer\.com/?([\d.]+)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Page Statistics

71
Requests

99 %
HTTPS

36 %
IPv6

14
Domains

14
Subdomains

13
IPs

3
Countries

2166 kB
Transfer

5958 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet HTTP 301
    https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID HTTP 302
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=1958301592581369131

71 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request thanks-giving-emotet
www.forcepoint.com/blog/x-labs/
Redirect Chain
  • https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet
  • https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
81 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
41c6888af6e8f4e365574356ccff7c9dda1f63f25d68424653e1662a7a8538fd
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com tag.aumago.com js.driftqa.com *.scribblecdn.net *.esg-global.com js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.clickagy.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com *.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com *.theadex.com tag.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com rules.quantcount.com tracking.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.jquery.com *.google.com; img-src * data: *; connect-src 'self' *.vwo.com *.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.google.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com *.geolocation-db.com geolocation-db.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
cache-control
public, max-age=3600
content-encoding
gzip
content-language
en
content-length
23475
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com tag.aumago.com js.driftqa.com *.scribblecdn.net *.esg-global.com js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.clickagy.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com *.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com *.theadex.com tag.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com rules.quantcount.com tracking.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.jquery.com *.google.com; img-src * data: *; connect-src 'self' *.vwo.com *.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.google.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com *.geolocation-db.com geolocation-db.com; report-uri /admin/config/system/seckit/csp-report
content-type
text/html; charset=utf-8
date
Wed, 16 Nov 2022 22:12:38 GMT
etag
W/"1668636757-0"
expires
Sun, 19 Nov 1978 05:00:00 GMT
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent
EU
http_x_geo_region
DE-BY
last-modified
Wed, 16 Nov 2022 22:12:37 GMT
link
<https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet>; rel="canonical",<https://www.forcepoint.com/node/27726>; rel="shortlink"
permissions-policy
interest-cohort=()
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=18410000; includeSubDomains; preload
vary
Accept-Encoding, x-geo-country, Cookie, orig-host
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS, MISS
x-cache-hits
0, 0, 0, 0
x-content-type-options
nosniff
x-drupal-cache
MISS
x-frame-options
SAMEORIGIN
x-generator
Drupal 7 (http://drupal.org)
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-g9wbk
x-served-by
cache-chi-klot8100148-CHI, cache-chi-klot8100098-CHI, cache-fra-eddf8230060-FRA, cache-fra-eddf8230110-FRA
x-styx-req-id
c71aeb76-65fb-11ed-84e5-2661c677283b
x-timer
S1668636757.927090,VS0,VE1232
x-ua-compatible
IE=Edge,chrome=1
x-xss-protection
1

Redirect headers

accept-ranges
bytes
age
0
cache-control
public, max-age=3600
content-length
1
content-type
text/html; charset=UTF-8
date
Wed, 16 Nov 2022 22:12:36 GMT
etag
"1668636756-0"
expires
Sun, 19 Nov 1978 05:00:00 GMT
http_x_geo_continent
EU
http_x_geo_region
DE-BY
last-modified
Wed, 16 Nov 2022 22:12:36 GMT
location
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
server
nginx
strict-transport-security
max-age=300
vary
x-geo-country, Cookie, orig-host
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS, MISS
x-cache-hits
0, 0, 0, 0
x-content-type-options
nosniff
x-drupal-cache
MISS
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-2qpvf
x-redirect-id
46211
x-served-by
cache-chi-kigq8000151-CHI, cache-chi-kigq8000068-CHI, cache-fra-eddf8230102-FRA, cache-fra-eddf8230110-FRA
x-styx-req-id
c6f7e8cb-65fb-11ed-9863-866ba5c98d65
x-timer
S1668636757.686888,VS0,VE199
Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
46, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
251
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-2qpvf
content-length
18868
x-served-by
cache-chi-klot8100050-CHI, cache-chi-kigq8000053-CHI, cache-fra-eddf8230101-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:02:17 GMT
server
nginx
x-timer
S1668636758.252440,VS0,VE109
etag
"637525a9-49b4"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
328390ed-65fb-11ed-9863-866ba5c98d65
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 22:08:27 GMT
Hoves_Medium.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
39, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
251
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-fjgbg
content-length
18688
x-served-by
cache-chi-klot8100111-CHI, cache-chi-kigq8000162-CHI, cache-fra-eddf8230137-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:02:15 GMT
server
nginx
x-timer
S1668636758.251907,VS0,VE135
etag
"637525a7-4900"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
3283daa1-65fb-11ed-a1c6-4e06d8705813
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 22:08:27 GMT
Hoves_Regular.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
40, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
251
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-hjqmx
content-length
18436
x-served-by
cache-chi-kigq8000080-CHI, cache-chi-klot8100141-CHI, cache-fra-eddf8230093-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:02:38 GMT
server
nginx
x-timer
S1668636758.251885,VS0,VE126
etag
"637525be-4804"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
3284fd8e-65fb-11ed-990e-622d0039a583
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 22:08:27 GMT
Hoves_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
40, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
251
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-hjqmx
content-length
19656
x-served-by
cache-chi-klot8100066-CHI, cache-chi-kigq8000054-CHI, cache-fra-eddf8230055-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:02:15 GMT
server
nginx
x-timer
S1668636758.251871,VS0,VE111
etag
"637525a7-4cc8"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
47cef56b-65d9-11ed-990e-622d0039a583
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 18:05:40 GMT
Hoves_Light.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
40, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
251
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-rbtcp
content-length
18600
x-served-by
cache-chi-klot8100135-CHI, cache-chi-kigq8000157-CHI, cache-fra-eddf8230065-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:02:18 GMT
server
nginx
x-timer
S1668636758.251857,VS0,VE111
etag
"637525aa-48a8"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
3283ef35-65fb-11ed-b213-ce30a6e4c5ec
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 22:08:27 GMT
Hoves_Light_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
38, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
251
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-j7jbw
content-length
19360
x-served-by
cache-chi-klot8100021-CHI, cache-chi-klot8100086-CHI, cache-fra-eddf8230023-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:02:16 GMT
server
nginx
x-timer
S1668636758.279064,VS0,VE108
etag
"637525a8-4ba0"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
328556e7-65fb-11ed-8e0f-a64d202d2b91
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 22:08:27 GMT
Hoves_ExtraLight.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Origin
https://www.forcepoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
38, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
251
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-shrbm
content-length
17944
x-served-by
cache-chi-kigq8000096-CHI, cache-chi-klot8100099-CHI, cache-fra-eddf8230027-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:02:15 GMT
server
nginx
x-timer
S1668636758.278652,VS0,VE113
etag
"637525a7-4618"
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
3283e222-65fb-11ed-9186-465c761486ee
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 22:08:27 GMT
css_kShW4RPmRstZ3SpIC-ZvVGNFVAi0WEMuCnI0ZkYIaFw.css
www.forcepoint.com/sites/default/files/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/css/css_kShW4RPmRstZ3SpIC-ZvVGNFVAi0WEMuCnI0ZkYIaFw.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
912856e113e646cb59dd2a480be66f5463455408b458432e0a7234664608685c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
21, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
212
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-zch7p
content-length
2135
x-served-by
cache-chi-kigq8000146-CHI, cache-chi-kigq8000102-CHI, cache-fra-eddf8230098-FRA, cache-fra-eddf8230110-FRA
last-modified
Tue, 18 Oct 2022 13:06:31 GMT
server
nginx
x-timer
S1668636758.252388,VS0,VE127
etag
W/"634ea4d7-1820"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
fcf99907-64d7-11ed-a23d-62b72c91fcf9
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 16 Nov 2023 11:23:54 GMT
css_faNxbZlG8sYJ1IiqfFXoOTUUnOTNzg59gAMKpmO43D0.css
www.forcepoint.com/sites/default/files/css/ 		26 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/css/css_faNxbZlG8sYJ1IiqfFXoOTUUnOTNzg59gAMKpmO43D0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7da3716d9946f2c609d488aa7c55e83935149ce4cdce0e7d80030aa663b8dc3d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
21, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
212
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-5c6dd884c-q6v7j
content-length
5773
x-served-by
cache-chi-klot8100082-CHI, cache-chi-kigq8000047-CHI, cache-fra-eddf8230090-FRA, cache-fra-eddf8230110-FRA
last-modified
Tue, 18 Oct 2022 13:06:31 GMT
server
nginx
x-timer
S1668636758.252859,VS0,VE115
etag
W/"634ea4d7-68af"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
93386131-5a8a-11ed-81cf-26f1791fe769
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 03 Nov 2023 08:44:34 GMT
css_7IBSIwqmR8AoevkKAZHxMDnL-xQGobeNNEoGbdD0x38.css
www.forcepoint.com/sites/default/files/css/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/css/css_7IBSIwqmR8AoevkKAZHxMDnL-xQGobeNNEoGbdD0x38.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ec8052230aa647c0287af90a0191f13039cbfb1406a1b78d344a066dd0f4c77f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
21, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
212
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-586884d754-v6z6g
content-length
1336
x-served-by
cache-chi-kigq8000115-CHI, cache-chi-kigq8000154-CHI, cache-fra-eddf8230097-FRA, cache-fra-eddf8230110-FRA
last-modified
Tue, 18 Oct 2022 13:06:32 GMT
server
nginx
x-timer
S1668636758.252388,VS0,VE105
etag
W/"634ea4d8-ef5"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
58b700c5-5501-11ed-9f5a-da9f409b9461
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Oct 2023 07:39:39 GMT
css_Saj8WatMNZKbYYM33PfGrMooaukwaf6ixdlUGMwwuUA.css
www.forcepoint.com/sites/default/files/css/ 		6 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/css/css_Saj8WatMNZKbYYM33PfGrMooaukwaf6ixdlUGMwwuUA.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
49a8fc59ab4c35929b618337dcf7c6acca286ae93069fea2c5d95418cc30b940
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
8, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
183
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-5c7fbb4f7c-qxbj9
content-length
2662
x-served-by
cache-chi-klot8100099-CHI, cache-chi-kigq8000153-CHI, cache-fra-eddf8230056-FRA, cache-fra-eddf8230110-FRA
last-modified
Tue, 18 Oct 2022 13:06:41 GMT
server
nginx
x-timer
S1668636758.251939,VS0,VE112
etag
W/"634ea4e1-17c3"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
1f5db12e-59e8-11ed-9335-dee07d9e6720
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 02 Nov 2023 13:21:41 GMT
css_-hxBR1UgGEKyzpLBj9Fz781PZ-AJ-Q7mjHNUcnbPrRQ.css
www.forcepoint.com/sites/default/files/css/ 		2 MB
393 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/css/css_-hxBR1UgGEKyzpLBj9Fz781PZ-AJ-Q7mjHNUcnbPrRQ.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fa1c414755201842b2ce92c18fd173efcd4f67e009f90ee68c73547276cfad14
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
1, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
212
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-5c7fbb4f7c-6qctz
content-length
401561
x-served-by
cache-chi-kigq8000040-CHI, cache-chi-kigq8000040-CHI, cache-fra-eddf8230031-FRA, cache-fra-eddf8230110-FRA
last-modified
Tue, 18 Oct 2022 13:06:33 GMT
server
nginx
x-timer
S1668636758.251929,VS0,VE113
etag
W/"634ea4d9-244e98"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
66534394-59f2-11ed-ba89-46a0d4e735ff
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 02 Nov 2023 14:35:15 GMT
css_QmHPtZ_u6aMWtYnfps7-55K4yiLf7hAmbaS56DIwQKg.css
www.forcepoint.com/sites/default/files/css/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/css/css_QmHPtZ_u6aMWtYnfps7-55K4yiLf7hAmbaS56DIwQKg.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4261cfb59feee9a316b589dfa6cefee792b8ca22dfee10266da4b9e8323040a8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
12, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
213
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-rxrk6
content-length
1458
x-served-by
cache-chi-klot8100067-CHI, cache-chi-kigq8000031-CHI, cache-fra-eddf8230025-FRA, cache-fra-eddf8230110-FRA
last-modified
Tue, 18 Oct 2022 13:06:34 GMT
server
nginx
x-timer
S1668636759.335941,VS0,VE110
etag
W/"634ea4da-1a50"
vary
Accept-Encoding, orig-host
content-type
text/css
x-styx-req-id
7b34c4ab-64d8-11ed-81d7-ee8df2474d59
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 16 Nov 2023 11:27:26 GMT
modernizr-custom.js
www.forcepoint.com/sites/all/libraries/modernizr/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/libraries/modernizr/modernizr-custom.js?rlgo4x
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c0e0b9f64e6354a2677f8cc7b48c489b4fac6183a86dfedc0f52bb0cc17fce3a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
34, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
257
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-shrbm
content-length
4862
x-served-by
cache-chi-klot8100058-CHI, cache-chi-klot8100072-CHI, cache-fra-eddf8230134-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:02:14 GMT
server
nginx
x-timer
S1668636758.278607,VS0,VE112
etag
W/"637525a6-2a3d"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
2e6a71ff-65fb-11ed-9186-465c761486ee
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 22:08:20 GMT
jquery-3.6.1.min.js
code.jquery.com/ 		88 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.1.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 16 Nov 2022 22:12:38 GMT
content-encoding
gzip
last-modified
Fri, 26 Aug 2022 17:36:05 GMT
server
nginx
etag
W/"63090485-15e40"
vary
Accept-Encoding
x-hw
1668636758.dop214.fr8.t,1668636758.cds264.fr8.hn,1668636758.cds258.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30957
jquery-migrate-3.4.0.min.js
code.jquery.com/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-migrate-3.4.0.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 16 Nov 2022 22:12:38 GMT
content-encoding
gzip
last-modified
Thu, 24 Mar 2022 16:23:16 GMT
server
nginx
etag
W/"623c9af4-3470"
vary
Accept-Encoding
x-hw
1668636758.dop214.fr8.t,1668636758.cds264.fr8.hn,1668636758.cds120.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
4792
js_GOikDsJOX04Aww72M-XK1hkq4qiL_1XgGsRdkL0XlDo.js
www.forcepoint.com/sites/default/files/js/ 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/js/js_GOikDsJOX04Aww72M-XK1hkq4qiL_1XgGsRdkL0XlDo.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
18e8a40ec24e5f4e00c30ef633e5cad6192ae2a88bff55e01ac45d90bd17943a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
24, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
212
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-mpd85
content-length
15095
x-served-by
cache-chi-kigq8000146-CHI, cache-chi-kigq8000116-CHI, cache-fra-eddf8230101-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:05:53 GMT
server
nginx
x-timer
S1668636758.278578,VS0,VE132
etag
W/"63752681-9c55"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
52008d70-65d9-11ed-a0de-0a2627869a41
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 18:05:57 GMT
jquery-ui.min.js
code.jquery.com/ui/1.13.2/ 		249 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/ui/1.13.2/jquery-ui.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 16 Nov 2022 22:12:38 GMT
content-encoding
gzip
last-modified
Thu, 14 Jul 2022 18:58:00 GMT
server
nginx
etag
W/"62d06738-3e46c"
vary
Accept-Encoding
x-hw
1668636758.dop214.fr8.t,1668636758.cds264.fr8.hn,1668636758.cds270.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
67628
js_c9_-fllFnndjuGVncFe4qgbz6q9Vpk6NpaSrBM-8f0I.js
www.forcepoint.com/sites/default/files/js/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/js/js_c9_-fllFnndjuGVncFe4qgbz6q9Vpk6NpaSrBM-8f0I.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
73dffe7e59459e7763b865677057b8aa06f3eaaf55a64e8da5a4ab04cfbc7f42
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
12, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
182
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-84d769468b-b5gtb
content-length
33271
x-served-by
cache-chi-kigq8000098-CHI, cache-chi-kigq8000113-CHI, cache-fra-eddf8230123-FRA, cache-fra-eddf8230110-FRA
last-modified
Tue, 18 Oct 2022 13:06:41 GMT
server
nginx
x-timer
S1668636758.278608,VS0,VE106
etag
W/"634ea4e1-17dc4"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
df1b1116-59b7-11ed-bdc1-76a753869e75
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 02 Nov 2023 07:36:17 GMT
js_4Fkkq7OnugTWFKT1LH0sUGyEkW_GCa7lcazRkkB-r5I.js
www.forcepoint.com/sites/default/files/js/ 		920 B
769 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/js/js_4Fkkq7OnugTWFKT1LH0sUGyEkW_GCa7lcazRkkB-r5I.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e05924abb3a7ba04d614a4f52c7d2c506c84916fc609aee571acd192407eaf92
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
23, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
212
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-76bcb8854d-k4lk9
content-length
458
x-served-by
cache-chi-klot8100116-CHI, cache-chi-kigq8000160-CHI, cache-fra-eddf8230115-FRA, cache-fra-eddf8230110-FRA
last-modified
Tue, 18 Oct 2022 13:06:35 GMT
server
nginx
x-timer
S1668636758.278631,VS0,VE107
etag
W/"634ea4db-398"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
28a45023-5eb3-11ed-87c1-0267a9594003
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 08 Nov 2023 15:45:09 GMT
utag.sync.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/ 		2 KB
1019 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.200.249 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-200-249.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
b8babbff47d3bf68af7a3a1dc0f97cd91605e8036f0c1fd24e64c91f35be4a8e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 16 Nov 2022 22:12:38 GMT
content-encoding
gzip
last-modified
Wed, 16 Nov 2022 22:01:18 GMT
server
AkamaiNetStorage
etag
"13083f4ce66e089e8677af8a8d0e86f7:1668636078.582925"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
content-length
792
expires
Wed, 16 Nov 2022 22:17:38 GMT
js_5KBOxdOP1JYGFpszgvVyck9JcHsS2629D5nnPM2sC9o.js
www.forcepoint.com/sites/default/files/js/ 		83 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/js/js_5KBOxdOP1JYGFpszgvVyck9JcHsS2629D5nnPM2sC9o.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e4a04ec5d38fd49606169b3382f572724f49707b12dbadbd0f99e73ccdac0bda
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
1, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
0
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-mpd85
content-length
31345
x-served-by
cache-chi-kigq8000109-CHI, cache-chi-kigq8000141-CHI, cache-fra-eddf8230078-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:06:21 GMT
server
nginx
x-timer
S1668636758.279151,VS0,VE230
etag
W/"6375269d-14a4c"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
602371bf-65d9-11ed-a0de-0a2627869a41
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 18:06:21 GMT
v2.js
js.hsforms.net/forms/ 		586 KB
148 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:ba49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f7515ce453994d009893fdc5d0b43cc5e0b8d63c5aceb2b6112a644c2372cc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 16 Nov 2022 22:12:38 GMT
x-amz-version-id
3xZDc5v6K8STcXbV8CjHvoAHsclk7gYc
via
1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
age
165
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
cache-tag
staticjsapp-FormsNext-web-prod,staticjsapp-prod
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 14 Nov 2022 03:14:41 UTC
server
cloudflare
etag
W/"4daf24ccca5b49f4571b0a95dc9e3af5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GdGnaxx3oVQ4bfNMkD%2BOt3cbwWImIikKAS%2BszpQM6EXLBSaXxG%2BtITzPqhxbM8ClXbWdbp869OHD9SwlvETSNGbww1j4NCva2kuxxrSqBB7wO6ouniWuxnSQ2lIn7Cqt%2BGApExj%2B97kUaHVw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-hs-cache-status
HIT
cache-control
s-maxage=600, max-age=300
cf-ray
76b391bb79529bce-FRA
x-amz-cf-id
7iwbLwmgJFLF-MvHWW3PdnaZMsZAL9IUobXchDPq3iRd7UUr7AL6eg==
x-hs-target-asset
FormsNext/static-5.549/bundles/project_with_deps.js
js_8eZPpXD9-zJrmDuItFsA1VHAvCgYS2xJaaAygxpyIcg.js
www.forcepoint.com/sites/default/files/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/js/js_8eZPpXD9-zJrmDuItFsA1VHAvCgYS2xJaaAygxpyIcg.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f1e64fa570fdfb326b983b88b45b00d551c0bc28184b6c4969a032831a7221c8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
37, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
247
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-j7jbw
content-length
2857
x-served-by
cache-chi-klot8100154-CHI, cache-chi-klot8100149-CHI, cache-fra-eddf8230128-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 22:08:14 GMT
server
nginx
x-timer
S1668636758.278635,VS0,VE106
etag
W/"63755f4e-1f90"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
34680654-65fb-11ed-8e0f-a64d202d2b91
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 22:08:30 GMT
forcepoint.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/forcepoint.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
37, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
251
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-hjqmx
content-length
783
x-served-by
cache-chi-klot8100133-CHI, cache-chi-kigq8000021-CHI, cache-fra-eddf8230071-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:02:15 GMT
server
nginx
x-timer
S1668636759.960879,VS0,VE110
etag
W/"637525a7-6ad"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
32883184-65fb-11ed-990e-622d0039a583
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 22:08:27 GMT
why_fp_menu_image.jpg
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/why_fp_menu_image.jpg?itok=YA7FRQSY
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5a3a0313429b22b8fd7b067a306c2733e73b8a1e038591f722ad524e9f60ab79
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 206, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
3758214
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=15805 idim=396x395 ifmt=jpeg ofsz=13734 odim=396x395 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-7c5bd64c69-kc7nm
content-length
13734
x-served-by
cache-chi-klot8100148-CHI, cache-chi-klot8100148-CHI, cache-fra-eddf8230067-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.113011,VS0,VE6
etag
"6aifxfEJcNK5Dp3qpDZUECfoedZ/8IyHjeDfy+Q/V2c"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
8228ba70-43cd-11ed-a100-dec1e61d478d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 05 Oct 2023 10:15:44 GMT
navigation-graphic-final_1.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/navigation-graphic-final_1.png?itok=9TY6J1QP
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
206b6111b55c356e733676a83e11385a7f40cacdf2344faa0ff7ffc919dbee31
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 9, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
1158455
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=15737 idim=395x395 ifmt=png ofsz=15100 odim=395x395 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-796d4ddd79-w2vrx
content-length
15100
x-served-by
cache-chi-kigq8000094-CHI, cache-chi-kigq8000145-CHI, cache-fra-eddf8230066-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.152831,VS0,VE4
etag
"phHxIWvLTW1EMfzVgAHKlknvuZPFvBT0QALPsTbpoXw"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
8b39c006-5b72-11ed-b05c-66a21d8f4bea
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 04 Nov 2023 12:25:03 GMT
fone_logo_small.jpg
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/fone_logo_small.jpg?itok=ymWzAQwt
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
86cb416b41dbcbab76295d9c399ea1505cbb6497b0a90d1825ce37ff9fb543f4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 222, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
2200494
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=4641 idim=280x148 ifmt=jpeg ofsz=3788 odim=280x148 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-74b8fcf58f-2lbfx
content-length
3788
x-served-by
cache-chi-kigq8000139-CHI, cache-chi-kigq8000178-CHI, cache-fra-eddf8230073-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.198863,VS0,VE17
etag
"kzO9OOJPoyFzY6CoCDihkMhXvDdjk3jAh0R+xIDFn20"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
5bc82648-51f8-11ed-bc02-baa120affb81
cache-control
max-age=31622400
accept-ranges
bytes
expires
Mon, 23 Oct 2023 10:57:45 GMT
webinar_hub_-_hero_small_v2.jpg
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/webinar_hub_-_hero_small_v2.jpg?itok=ouFUnrxI
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
311c3a27de6c5daa55ad7d1a3d16c0333ad53dad8bef15b6485260b4b395d44f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 8, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
1774763
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=11574 idim=280x148 ifmt=jpeg ofsz=11574 odim=280x148 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-586884d754-95k69
content-length
11574
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000031-CHI, cache-chi-klot8100048-CHI, cache-fra-eddf8230088-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.255176,VS0,VE4
etag
"1wzteSx5YGAIW4hI/ACZng364RcDU78REoJcA8yHvsY"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
975e4b57-55d7-11ed-a887-aa606cb83feb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 28 Oct 2023 09:13:16 GMT
zero-trust.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/zero-trust.png?itok=Ri6EkvLT
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c90104dc032e1b6605d49139049970b3c2c294a0fb039b3de33c7d6c05ea9bab
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
1, 138, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
2379358
http_x_geo_region
DE-BY
x-cache
HIT, HIT, HIT, MISS
fastly-io-info
ifsz=24625 idim=280x148 ifmt=png ofsz=19840 odim=280x148 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-97f54d87c-pbv9c
content-length
19840
x-served-by
cache-chi-kigq8000107-CHI, cache-chi-kigq8000107-CHI, cache-fra-eddf8230109-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.295026,VS0,VE5
etag
"txKWR/aYu0LL0P8FAgcdUOgshxdfPkwpL13Ital/Hmw"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
e8abcd92-5057-11ed-8121-2aea012c08c3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 21 Oct 2023 09:16:41 GMT
annie-spratt-143537-unsplash-cropped_0.jpg
www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/annie-spratt-143537-unsplash-cropped_0.jpg?itok=4a7uac8I&timestamp=1552756502
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e42af37f51b835925b68e1b1f89526a671ef1d699a1ee8446bf4123d4645c635
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
1, 7, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
699203
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS, MISS
fastly-io-info
ifsz=29877 idim=1180x346 ifmt=jpeg ofsz=29877 odim=1180x346 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-586884d754-2t5l4
content-length
29877
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000078-CHI, cache-chi-klot8100021-CHI, cache-fra-eddf8230045-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.295933,VS0,VE112
etag
"vqxvFlrCHDmEi7mfeColCV5JbzR+AHkl4tRtonbipzY"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
3b8fb85e-5518-11ed-a305-cedcdbd1c597
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Oct 2023 10:23:28 GMT
201811_emotet_figure1.png
www.forcepoint.com/sites/default/files/inline/security-labs/ 		47 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/inline/security-labs/201811_emotet_figure1.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9ca660a04103afa46a35b9d3f3c038ab2e0fb1b909afd7309307e50ba650e596
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 5, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
133654
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS, MISS
fastly-io-info
ifsz=69113 idim=793x254 ifmt=png ofsz=48134 odim=793x254 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-6fl2g
content-length
48134
x-served-by
cache-chi-kigq8000121-CHI, cache-chi-klot8100111-CHI, cache-fra-eddf8230064-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.296205,VS0,VE111
etag
"khJA3JtKPs7L1avtQFJuG2ttu7wxHWVtsrk5wz2wzoI"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
989b59eb-64c4-11ed-9fc9-5a704c541d15
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 16 Nov 2023 09:05:05 GMT
201811_emotet_figure2.png
www.forcepoint.com/sites/default/files/inline/security-labs/ 		114 KB
114 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/inline/security-labs/201811_emotet_figure2.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a62eac4c6fbbee1ccd757dbd243f301f808ea79f404e2b2fa0466ea033ee2c73
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 8, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
699207
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS, MISS
fastly-io-info
ifsz=196172 idim=1025x318 ifmt=png ofsz=116740 odim=1025x318 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-54545ff997-9nlpd
content-length
116740
x-served-by
cache-chi-kigq8000096-CHI, cache-chi-kigq8000117-CHI, cache-fra-eddf8230042-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.296228,VS0,VE116
etag
"IYqGaLcdrXjljbmaP8jHMpmg4ujV5SpbiPGoRoo52nA"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
d051712c-5f9f-11ed-b70c-3eab4ec01969
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 09 Nov 2023 19:59:11 GMT
201811_emotet_figure3.png
www.forcepoint.com/sites/default/files/inline/security-labs/ 		245 KB
245 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/inline/security-labs/201811_emotet_figure3.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c8f025f9817a08a16184a34d0106ef3cae1fe6fd55dfbd18cf1473edba83b084
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 9, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
1856950
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS, MISS
fastly-io-info
ifsz=401138 idim=974x247 ifmt=png ofsz=250898 odim=974x247 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-7b599b5964-nmnh8
content-length
250898
x-served-by
cache-chi-klot8100043-CHI, cache-chi-klot8100141-CHI, cache-fra-eddf8230114-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.296206,VS0,VE115
etag
"kp9Y0c6b+Sh5DcxeCoYjEH0z4dl36Z/dMMdJ4jDzyZs"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
3b996ce0-5518-11ed-9a57-7af8e0c6c8c4
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 27 Oct 2023 10:23:28 GMT
201811_emotet_figure4.png
www.forcepoint.com/sites/default/files/inline/security-labs/ 		76 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/inline/security-labs/201811_emotet_figure4.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
88b566a6a7943d6703aa1e96f93bf0730241f743e5d78e582c1898192217df0a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 1, 1, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
2425673
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=115670 idim=972x93 ifmt=png ofsz=77356 odim=972x93 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-5f89dfc8b4-7vm9q
content-length
77356
x-served-by
cache-chi-klot8100100-CHI, cache-chi-klot8100063-CHI, cache-fra-eddf8230103-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.296921,VS0,VE8
etag
"BZ7zFg9A+vlx71odOUMATNvfjdNcs+/YR6eihg4A5Kk"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
12b321a5-4fec-11ed-a05a-262c47588f6f
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 20 Oct 2023 20:24:46 GMT
brooke-campbell-44085-unsplash.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/brooke-campbell-44085-unsplash.jpg?itok=dl1tXlsD&timestamp=1552716901
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
599cb44a0b4bbf001a1419e068274934fd9a9e4a40d97343020c08c3757411b9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 3, 1, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
134195
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=27681 idim=570x270 ifmt=jpeg ofsz=27681 odim=570x270 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-zch7p
content-length
27681
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000101-CHI, cache-chi-kigq8000151-CHI, cache-fra-eddf8230025-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.297029,VS0,VE12
etag
"vd7FmqsylqGu3nLBUhlaKvj8xhEmwHaYXMlo1QkFnJs"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
560c3be6-64c3-11ed-a23d-62b72c91fcf9
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 16 Nov 2023 08:56:04 GMT
placeholder_image.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 		34 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/placeholder_image.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 19, 3, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
1944305
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=1272 idim=20x20 ifmt=png ofsz=34 odim=20x20 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-586884d754-2t5l4
content-length
34
x-served-by
cache-chi-klot8100035-CHI, cache-chi-kigq8000110-CHI, cache-fra-eddf8230065-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.296523,VS0,VE10
etag
"pX3Icf0ypbRosgxRfHc7h36DL9bOrmKw0Z1ncFcHsQg"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
d831b1f7-544c-11ed-a305-cedcdbd1c597
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 26 Oct 2023 10:07:33 GMT
default-article-image.png
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/ 		57 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/default-article-image.png?itok=R-jo0bKk&timestamp=1623796782
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c8701bcd35e283c644b9827be724346eea71e5c10df2ce154f413a2c83dbbb75
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 203, 1, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
2600798
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=69008 idim=570x270 ifmt=png ofsz=58584 odim=570x270 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-f545f84c8-t2bqp
content-length
58584
x-served-by
cache-chi-klot8100089-CHI, cache-chi-klot8100027-CHI, cache-fra-eddf8230073-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.297372,VS0,VE7
etag
"sxuvOoepXVQ2YCZ+pGcsDad5YORUnvSxie+tEamvS/s"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
53d92bbc-4e54-11ed-b2ab-cecb5db13ccd
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 18 Oct 2023 19:46:00 GMT
future_insights_2023_blog_image-prediction_3_01nov2022.jpg
www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/ 		6 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/future_insights_2023_blog_image-prediction_3_01nov2022.jpg?itok=YAg-KqNh
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
845c06636f87e230f3819136dee5f6b3dfd2c5548d173b8b9375b0766275a7b3
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com tag.aumago.com js.driftqa.com *.scribblecdn.net *.esg-global.com js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.clickagy.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com *.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com *.theadex.com tag.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com rules.quantcount.com tracking.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.jquery.com *.google.com; img-src * data: *; connect-src 'self' *.vwo.com *.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.google.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com *.geolocation-db.com geolocation-db.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 6745, 0, 0
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com tag.aumago.com js.driftqa.com *.scribblecdn.net *.esg-global.com js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.clickagy.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com *.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com *.theadex.com tag.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com rules.quantcount.com tracking.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.jquery.com *.google.com; img-src * data: *; connect-src 'self' *.vwo.com *.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.google.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com *.geolocation-db.com geolocation-db.com; report-uri /admin/config/system/seckit/csp-report
strict-transport-security
max-age=18410000; includeSubDomains; preload
x-content-type-options
nosniff
date
Wed, 16 Nov 2022 22:12:39 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
age
0
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS, MISS
fastly-io-info
ifsz=6614 idim=199x111 ifmt=jpeg ofsz=6614 odim=199x111 ofmt=webp
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent
EU
fastly-stats
io=1
expires
Sun, 19 Nov 1978 05:00:00 GMT
content-length
6614
x-xss-protection
1
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000051-CHI, cache-chi-klot8100098-CHI, cache-fra-eddf8230126-FRA, cache-fra-eddf8230110-FRA
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-timer
S1668636759.296551,VS0,VE109
etag
"zYzfCu8YDZRaUj9V5a9NKlOthIuUcGA6/uqnq0C5//k"
x-frame-options
SAMEORIGIN
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
9d6f6038-65ac-11ed-9186-465c761486ee
cache-control
no-cache, must-revalidate
accept-ranges
bytes
x-drupal-cache
MISS
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-shrbm
js_YGsUV3Ce7aXBJBS23_v5HOE_E5QvyXDXhYBu_X7nNNU.js
www.forcepoint.com/sites/default/files/js/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/js/js_YGsUV3Ce7aXBJBS23_v5HOE_E5QvyXDXhYBu_X7nNNU.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
606b1457709eeda5c12414b6dffbf91ce13f13942fc970d785806efd7ee734d5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
23, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
216
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-74b8fcf58f-rzq5h
content-length
7808
x-served-by
cache-chi-kigq8000094-CHI, cache-chi-klot8100108-CHI, cache-fra-eddf8230039-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 19 Oct 2022 13:05:56 GMT
server
nginx
x-timer
S1668636759.556613,VS0,VE114
etag
W/"634ff634-5a28"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
33fcc9f3-542d-11ed-b50b-66abcabe301a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 26 Oct 2023 06:21:04 GMT
js_c_on7wPa33z7dkBwh09fUg31xj5vNX-bVBGSTHSqSps.js
www.forcepoint.com/sites/default/files/js/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/js/js_c_on7wPa33z7dkBwh09fUg31xj5vNX-bVBGSTHSqSps.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
73fa27ef03dadf7cfb764070874f5f520df5c63e6f357f9b5411924c74aa4a9b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
11, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
177
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-rbtcp
content-length
4832
x-served-by
cache-chi-kigq8000145-CHI, cache-chi-kigq8000142-CHI, cache-fra-eddf8230046-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:05:59 GMT
server
nginx
x-timer
S1668636759.640852,VS0,VE119
etag
W/"63752687-2ec6"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
537f8807-65d9-11ed-b213-ce30a6e4c5ec
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 18:06:00 GMT
js_x-pEv9HEpj3o51_dw-OERTWR_ps2tjokxbsHnXZcO8g.js
www.forcepoint.com/sites/default/files/js/ 		44 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/js/js_x-pEv9HEpj3o51_dw-OERTWR_ps2tjokxbsHnXZcO8g.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7ea44bfd1c4a63de8e75fddc3e384453591fe9b36b63a24c5bb079d765c3bc8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
3, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:38 GMT
age
174
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-6fl2g
content-length
13502
x-served-by
cache-chi-klot8100050-CHI, cache-chi-kigq8000110-CHI, cache-fra-eddf8230083-FRA, cache-fra-eddf8230110-FRA
last-modified
Tue, 18 Oct 2022 13:06:51 GMT
server
nginx
x-timer
S1668636759.802921,VS0,VE107
etag
W/"634ea4eb-b15b"
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
x-styx-req-id
05f10151-653a-11ed-9fc9-5a704c541d15
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 16 Nov 2023 23:05:40 GMT
/
attr.ml-api.io/
Redirect Chain
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=1958301592581369131
0
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=1958301592581369131
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Server
2600:9000:21f3:e800:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 16 Nov 2022 22:12:40 GMT
via
1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
content-type
application/json
x-amz-cf-id
T_jxw2i7MwDKbF7v5CK4AcV-L3sThd-T_m-G3Gxc0dx7uqaSRcvl1g==
content-length
0
apigw-requestid
btv9zgs1oAMEaQg=

Redirect headers

Pragma
no-cache
Date
Wed, 16 Nov 2022 22:12:39 GMT
AN-X-Request-Uuid
75de4a72-f0b7-4012-87b3-3aa651e20abe
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=1958301592581369131
Connection
keep-alive
X-Proxy-Origin
80.255.7.105; 80.255.7.105; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
js_visitor_settings.php
dev.visualwebsiteoptimizer.com/deploy/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fthanks-giving-emotet&random=0.3496173785539498
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
da82d0fecc0241b371ce349d0a080aef5dcf806dc864adcddfde20e6c1e2c240

Request headers

Referer
https://www.forcepoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Wed, 16 Nov 2022 22:12:38 GMT
content-encoding
gzip
via
1.1 google
server
gfra1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type
application/javascript; charset=UTF-8
track-3a8c03cc83fd9c554b5af6e1cc1ffa80.js
dev.visualwebsiteoptimizer.com/7.0/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/7.0/track-3a8c03cc83fd9c554b5af6e1cc1ffa80.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fthanks-giving-emotet&random=0.3496173785539498
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
9e6cb73e40f4e41f0d6ae1ea93e1806e4badac736f77d01a2dfd4741615746f5

Request headers

Referer
https://www.forcepoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Wed, 16 Nov 2022 22:12:38 GMT
content-encoding
br
via
1.1 google
last-modified
Wed, 16 Nov 2022 14:18:19 GMT
server
gfra1
etag
"6374f12b-e80"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3712
opa-3d1a80cbbc4fdc4472eae80c14d918ad.js
dev.visualwebsiteoptimizer.com/analysis/4.0/ 		109 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-3d1a80cbbc4fdc4472eae80c14d918ad.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fthanks-giving-emotet&random=0.3496173785539498
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
bc33f47d443fb6019844ba8e1457e9d9eebdb564be1c902884f94350af96dc0d

Request headers

Referer
https://www.forcepoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Wed, 16 Nov 2022 22:12:38 GMT
content-encoding
br
via
1.1 google
last-modified
Wed, 16 Nov 2022 14:18:13 GMT
server
gfra1
etag
"6374f125-6f25"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28453
v.gif
dev.visualwebsiteoptimizer.com/ 		35 B
52 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=371490&d=forcepoint.com&u=D275BC1A1363FBD4606FB17CEB6DC5CF1&h=4bf7bf7d3d89c5370e5426a83a00a0ab&r=0.8338337253254304
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv1c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Nov 2022 22:12:39 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv1c
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
vis_opt.js
d5phz18u4wuww.cloudfront.net/ 		168 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d5phz18u4wuww.cloudfront.net/vis_opt.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.156.253.230 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-253-230.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e96ee4202dd697f4757a0c1502f5b3ae79c0d59d0823d80a80ac3ed97132d861

Request headers

Referer
https://www.forcepoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Wed, 16 Nov 2022 21:15:45 GMT
Content-Encoding
gzip
Via
1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
Last-Modified
Thu, 02 May 2019 08:14:16 GMT
Server
AmazonS3
X-Amz-Cf-Pop
DUS51-P2
Age
3504
ETag
"85932b0cd7c8dce121fa1923529a3189"
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
57240
X-Amz-Cf-Id
KnUA-f0YbXl7q7Gyjgzqyjyri1bbNgTFVh3J5VsAlr5P4w-pTEn9Dg==
vis_opt-3a8c03cc83fd9c554b5af6e1cc1ffa80.js
dev.visualwebsiteoptimizer.com/7.0/ 		226 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/7.0/vis_opt-3a8c03cc83fd9c554b5af6e1cc1ffa80.js
Requested by
Host: d5phz18u4wuww.cloudfront.net
URL: https://d5phz18u4wuww.cloudfront.net/vis_opt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
965b330104a5e1d8e955964b332301e68f052713bd4d9fbe37d7c02ebd5ec596

Request headers

Referer
https://www.forcepoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Wed, 16 Nov 2022 22:12:38 GMT
content-encoding
br
via
1.1 google
last-modified
Wed, 16 Nov 2022 14:18:19 GMT
server
gfra1
etag
"6374f12b-ff07"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
65287
utag.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/ 		511 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.200.249 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-200-249.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
97fbcb8423f02900892171eafca0218733ccbfa16dbba1f67b29bea0b9d9e3c9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 16 Nov 2022 22:12:40 GMT
content-encoding
gzip
last-modified
Wed, 16 Nov 2022 22:11:33 GMT
server
AkamaiNetStorage
etag
"cc8e611c4a349d677c9c5da08604decc:1668636693.070261"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
expires
Wed, 16 Nov 2022 22:17:40 GMT
truncated
/ 		166 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		450 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		141 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
worker-70faafffa0475802f5ee03ca5ff74179.js
dev.visualwebsiteoptimizer.com/analysis/ 		47 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/analysis/worker-70faafffa0475802f5ee03ca5ff74179.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-3d1a80cbbc4fdc4472eae80c14d918ad.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 16 Nov 2022 22:12:39 GMT
content-encoding
br
via
1.1 google
last-modified
Wed, 16 Nov 2022 14:18:13 GMT
server
gfra1
etag
"6374f125-351f"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13599
truncated
/ 		187 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		660 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		372 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		372 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		248 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
angle-right-black.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/ 		121 B
526 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/angle-right-black.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_-hxBR1UgGEKyzpLBj9Fz781PZ-AJ-Q7mjHNUcnbPrRQ.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6d9a7fd96a3f724833b9b68c20877b5701f64df5446138733baec495138cfb3b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/sites/default/files/css/css_-hxBR1UgGEKyzpLBj9Fz781PZ-AJ-Q7mjHNUcnbPrRQ.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
22, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
251
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-j7jbw
content-length
127
x-served-by
cache-chi-klot8100176-CHI, cache-chi-kigq8000117-CHI, cache-fra-eddf8230116-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:02:45 GMT
server
nginx
x-timer
S1668636759.335460,VS0,VE111
etag
W/"637525c5-79"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
32c6eb33-65fb-11ed-8e0f-a64d202d2b91
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 22:08:28 GMT
icon-anchor-arrow-teal.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/ 		655 B
794 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/icon-anchor-arrow-teal.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_-hxBR1UgGEKyzpLBj9Fz781PZ-AJ-Q7mjHNUcnbPrRQ.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/sites/default/files/css/css_-hxBR1UgGEKyzpLBj9Fz781PZ-AJ-Q7mjHNUcnbPrRQ.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
26, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
251
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-fjgbg
content-length
400
x-served-by
cache-chi-kigq8000056-CHI, cache-chi-kigq8000052-CHI, cache-fra-eddf8230053-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:02:15 GMT
server
nginx
x-timer
S1668636759.335426,VS0,VE110
etag
W/"637525a7-28f"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
48f07df1-65d9-11ed-a1c6-4e06d8705813
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 18:05:42 GMT
truncated
/ 		636 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
banner-woman.jpg
www.forcepoint.com/sites/default/files/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banner-woman.jpg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 14, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
120557
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=139269 idim=591x426 ifmt=jpeg ofsz=12712 odim=591x426 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-sgvlk
content-length
12712
x-served-by
cache-chi-kigq8000031-CHI, cache-chi-kigq8000031-CHI, cache-fra-eddf8230087-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.335422,VS0,VE9
etag
"N0lQYBtHe5ciagpRVpui8m2mvIrccgSXz/6JZdtfgoA"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
1642233c-64e3-11ed-b62a-62e27c1c8989
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 16 Nov 2023 12:43:21 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		750 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
ajax-loader.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 		363 B
727 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ajax-loader.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_-hxBR1UgGEKyzpLBj9Fz781PZ-AJ-Q7mjHNUcnbPrRQ.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f6111a2b70adc74b366e13097ef3bc968003d16bbebbd72d324cdb73edb32c36
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/sites/default/files/css/css_-hxBR1UgGEKyzpLBj9Fz781PZ-AJ-Q7mjHNUcnbPrRQ.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 144, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
1230242
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=404 idim=43x11 ifmt=gif ofsz=363 odim=43x11 ofmt=gif ofrm=4
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-5c6dd884c-zc2vg
content-length
363
x-served-by
cache-chi-kigq8000100-CHI, cache-chi-kigq8000100-CHI, cache-fra-eddf8230069-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.335395,VS0,VE9
etag
"HAmc5s3PZ5krP4s/1V9EhzNK8B6za5Pgr3DBUnhq6C8"
vary
Accept, orig-host
content-type
image/gif
x-styx-req-id
66d2bba5-5acb-11ed-bb07-6e92df5da601
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 03 Nov 2023 16:28:36 GMT
bg-blog-podcast-final-plea.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/ 		136 KB
137 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/bg-blog-podcast-final-plea.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_-hxBR1UgGEKyzpLBj9Fz781PZ-AJ-Q7mjHNUcnbPrRQ.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bed855d9eb766292b67f4821eb934eee96b385b8520659165f57bbae90c362c5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/sites/default/files/css/css_-hxBR1UgGEKyzpLBj9Fz781PZ-AJ-Q7mjHNUcnbPrRQ.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
1, 316, 1, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
3676100
http_x_geo_region
DE-BY
x-cache
HIT, HIT, HIT, MISS
fastly-io-info
ifsz=236236 idim=580x458 ifmt=png ofsz=139702 odim=580x458 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-7c5bd64c69-kc7nm
content-length
139702
x-served-by
cache-chi-kigq8000040-CHI, cache-chi-kigq8000040-CHI, cache-fra-eddf8230133-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.335385,VS0,VE6
etag
"SkHVULuxv7KgwB/1Rm2lZsMfqggISxCfvCPoYHYB664"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
b1b5d54a-448c-11ed-a100-dec1e61d478d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 06 Oct 2023 09:04:18 GMT
f-white.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 		257 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/f-white.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_-hxBR1UgGEKyzpLBj9Fz781PZ-AJ-Q7mjHNUcnbPrRQ.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/sites/default/files/css/css_-hxBR1UgGEKyzpLBj9Fz781PZ-AJ-Q7mjHNUcnbPrRQ.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
10, 0, 0, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
178
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-a-66bbb46c56-2qpvf
content-length
187
x-served-by
cache-chi-klot8100116-CHI, cache-chi-klot8100074-CHI, cache-fra-eddf8230072-FRA, cache-fra-eddf8230110-FRA
last-modified
Wed, 16 Nov 2022 18:02:15 GMT
server
nginx
x-timer
S1668636759.335426,VS0,VE111
etag
W/"637525a7-101"
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
5ea40e64-65fb-11ed-9863-866ba5c98d65
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 Nov 2023 22:09:41 GMT
truncated
/ 		442 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		383 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		558 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		356 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		431 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		688 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/ 		45 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hutk=
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
165d54fa7de755bb2c80c93de6bead8a82eb83ce7e87c59ee1b99928eb93097a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/javascript
Referer
https://www.forcepoint.com/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-origin-hublet
na1
date
Wed, 16 Nov 2022 22:12:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
x-hubspot-correlation-id
27e814f4-69aa-40cd-9d0f-1f5574a5d4fc
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
x-trace
2B211DC5FDE55BFAD7193AD4C35BF8205890B99529000000000000000000
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.forcepoint.com
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
76b391c43f309142-FRA
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/ 		45 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hutk=
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c471082e89a6f37efdf18a4fe18aac31324c6b4e17c493092864839cd0724ea4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/javascript
Referer
https://www.forcepoint.com/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-origin-hublet
na1
date
Wed, 16 Nov 2022 22:12:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
x-hubspot-correlation-id
3f68250c-12a4-4ad2-948f-eb45b213074f
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
x-trace
2B457A0F4E568209F4ECFD7E318DF2E571549943A4000000000000000000
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.forcepoint.com
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
76b391c43f329142-FRA
chosen-sprite.png
www.forcepoint.com/sites/all/libraries/chosen/ 		430 B
840 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_faNxbZlG8sYJ1IiqfFXoOTUUnOTNzg59gAMKpmO43D0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/sites/default/files/css/css_faNxbZlG8sYJ1IiqfFXoOTUUnOTNzg59gAMKpmO43D0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 273, 3, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
3683546
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=538 idim=52x37 ifmt=png ofsz=430 odim=52x37 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-a-7c5bd64c69-zzqtl
content-length
430
x-served-by
cache-chi-kigq8000144-CHI, cache-chi-kigq8000144-CHI, cache-fra-eddf8230138-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.398654,VS0,VE9
etag
"a0JFQ2AIn+6j2a6OsMt+G25q2GFfSbw1OUlA1lGT2Pk"
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
5c669f76-447b-11ed-9333-22f76bbd4fd6
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 06 Oct 2023 07:00:14 GMT
loading.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 		76 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/loading.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
dd0779c9ae69f9d8cd8728663703ce2cc6ec972dc5350a5f6948a15d67fbeea9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-cache-hits
0, 301, 3, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:39 GMT
age
3675580
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=80522 idim=200x200 ifmt=gif ofsz=78220 odim=200x200 ofmt=gif ofrm=30
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe3-b-5d4c7559cf-n8zvc
content-length
78220
x-served-by
cache-chi-kigq8000104-CHI, cache-chi-kigq8000104-CHI, cache-fra-eddf8230064-FRA, cache-fra-eddf8230110-FRA
server
nginx
x-timer
S1668636759.409249,VS0,VE5
etag
"FJMT6VtjhOtyx3VynMw5wWg/HgvW6cdf1Jum91K+BRU"
vary
Accept, orig-host
content-type
image/gif
x-styx-req-id
e79c0d3e-448d-11ed-9490-fed6098c64fc
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 06 Oct 2023 09:12:58 GMT
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hutk=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
x-requested-with
Access-Control-Request-Method
GET
Origin
https://www.forcepoint.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-credentials
false
access-control-allow-headers
x-requested-with
access-control-allow-methods
OPTIONS, GET
access-control-allow-origin
https://www.forcepoint.com
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
allow
HEAD,GET,OPTIONS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=0, no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
76b391c2ec319142-FRA
content-length
18
content-type
text/plain; charset=utf-8
date
Wed, 16 Nov 2022 22:12:39 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
origin
x-hubspot-correlation-id
a05eb546-a273-41eb-968c-84b96d1a2ac6
x-robots-tag
none
x-trace
2B79D4B547B298CF34373A335B10A861E8885B0F8F000000000000000000
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hutk=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
x-requested-with
Access-Control-Request-Method
GET
Origin
https://www.forcepoint.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-credentials
false
access-control-allow-headers
x-requested-with
access-control-allow-methods
OPTIONS, GET
access-control-allow-origin
https://www.forcepoint.com
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
allow
HEAD,GET,OPTIONS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=0, no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
76b391c2ec339142-FRA
content-length
18
content-type
text/plain; charset=utf-8
date
Wed, 16 Nov 2022 22:12:39 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
origin
x-hubspot-correlation-id
f6740d04-bef7-407a-8bf6-37679585cdd0
x-robots-tag
none
x-trace
2BED329CFAAE963E2DE65EA1563515456C578B3F76000000000000000000
truncated
/ 		133 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
geolocation-db.com/json/ 		144 B
256 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation-db.com/json/
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
a4bc883f92fd21944513be81f20003f35c470bafbf66256bcd6921c979da6079

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.forcepoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 16 Nov 2022 22:12:40 GMT
content-encoding
gzip
server
nginx/1.14.0 (Ubuntu)
content-type
text/html; charset=UTF-8
/
geolocation-db.com/json/ 		144 B
257 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation-db.com/json/
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
a4bc883f92fd21944513be81f20003f35c470bafbf66256bcd6921c979da6079

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.forcepoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 16 Nov 2022 22:12:40 GMT
content-encoding
gzip
server
nginx/1.14.0 (Ubuntu)
content-type
text/html; charset=UTF-8
spx
dx.steelhousemedia.com/ 		15 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dx.steelhousemedia.com/spx?dxver=4.0.0&shaid=31915&tdr=&plh=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fthanks-giving-emotet&cb=77806462165323360term=value
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.69.84.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-84-146.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
04ef9d6412dc81974eed286aa80790d04f8675850ca91625fdc38ecfd1c317e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-type
application/javascript;charset=utf-8
date
Wed, 16 Nov 2022 22:12:41 GMT
content-encoding
gzip
connection
close
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
expires
Thu, 01 Jan 1970 00:00:00 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
202 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=websense/forcepoint-2018/202211162211&cb=1668636761110
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.200.249 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-200-249.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 16 Nov 2022 22:12:41 GMT
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
AkamaiNetStorage
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type
application/x-javascript
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Wed, 16 Nov 2022 22:22:41 GMT
csp-report
www.forcepoint.com/admin/config/system/seckit/ 		0
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/admin/config/system/seckit/csp-report
Requested by
Host: dx.steelhousemedia.com
URL: https://dx.steelhousemedia.com/spx?dxver=4.0.0&shaid=31915&tdr=&plh=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fthanks-giving-emotet&cb=77806462165323360term=value
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com tag.aumago.com js.driftqa.com *.scribblecdn.net *.esg-global.com js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.clickagy.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com *.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com *.theadex.com tag.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com rules.quantcount.com tracking.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.jquery.com *.google.com; img-src * data: *; connect-src 'self' *.vwo.com *.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.google.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com *.geolocation-db.com geolocation-db.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
application/csp-report

Response headers

x-cache-hits
0, 0, 0, 0
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com tag.aumago.com js.driftqa.com *.scribblecdn.net *.esg-global.com js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.clickagy.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com *.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com *.theadex.com tag.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com rules.quantcount.com tracking.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.jquery.com *.google.com; img-src * data: *; connect-src 'self' *.vwo.com *.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.google.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com *.geolocation-db.com geolocation-db.com; report-uri /admin/config/system/seckit/csp-report
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=18410000; includeSubDomains; preload
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 16 Nov 2022 22:12:42 GMT
age
0
http_x_geo_region
DE-BY
x-cache
MISS, MISS, MISS, MISS
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe3-b-77b587f5fd-shrbm
content-length
20
x-xss-protection
1
x-served-by
cache-chi-klot8100132-CHI, cache-chi-klot8100132-CHI, cache-fra-eddf8230110-FRA, cache-fra-eddf8230110-FRA
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-timer
S1668636762.941565,VS0,VE191
x-frame-options
SAMEORIGIN
vary
Accept-Encoding, x-geo-country, Cookie, orig-host
content-type
text/html; charset=UTF-8
content-language
en
x-styx-req-id
ca183f98-65fb-11ed-9186-465c761486ee
cache-control
no-cache, must-revalidate
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-drupal-cache
MISS
expires
Sun, 19 Nov 1978 05:00:00 GMT
nr-1216.min.js
js-agent.newrelic.com/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1216.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-amz-version-id
mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-encoding
gzip
via
1.1 varnish
date
Wed, 16 Nov 2022 22:12:42 GMT
x-amz-request-id
7VYMQW0H266DXGMJ
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
14391
x-amz-id-2
a8aYgjnlUMMPPaL3+6iiAlVtz0GGmquemCbfs0qk7nI73Oi4LhrX4+SMTukKTJ2/axmRU7gc62o=
x-served-by
cache-hhn4049-HHN
last-modified
Thu, 14 Apr 2022 16:45:57 GMT
server
AmazonS3
x-timer
S1668636762.024703,VS0,VE0
etag
"9f533d8cd24b2c5e3b4dc886ecbd43e8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
8902
NRJS-922263b7f65c352c48b
bam.nr-data.net/1/ 		49 B
616 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/NRJS-922263b7f65c352c48b?a=477262540&v=1216.487a282&to=YFEDbUMFXBBXB0RbXlkbIFpFDV0NGRRRVVRoWQBXUANXEWkKX1ZUaEIIXEY7QgJRAQ%3D%3D&rst=5483&ck=1&ref=https://www.forcepoint.com/blog/x-labs/thanks-giving-emotet&ap=1077&be=1635&fe=5352&dc=2763&perf=%7B%22timing%22:%7B%22of%22:1668636756572,%22n%22:0,%22r%22:0,%22re%22:336,%22f%22:336,%22dn%22:336,%22dne%22:336,%22c%22:336,%22ce%22:336,%22rq%22:337,%22rp%22:1610,%22rpe%22:1623,%22dl%22:1615,%22di%22:2763,%22ds%22:2763,%22de%22:2767,%22dc%22:5352,%22l%22:5352,%22le%22:5353%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=2713&fcp=2713&at=TBYAGwsfTx4%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1216.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 Lake Oswego, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Wed, 16 Nov 2022 22:12:42 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Transfer-Encoding
chunked
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Vary
Accept-Encoding
access-control-allow-credentials
true
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
CF-Ray
76b391d38829694c-FRA

Verdicts & Comments Add Verdict or Comment

126 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| NREUM object| newrelic function| __nr_require object| html5 object| Modernizr function| $ function| jQuery object| Drupal number| _vis_opt_account_id string| _vis_opt_protocol string| _vis_opt_script1src string| _vis_opt_script2src function| _vis_opt_loadScript function| vwoSyncCode function| consentCookie function| vwoConsentGiven number| _vwo_acc_id object| _vwo_exp_ids object| _vwo_exp boolean| _vis_opt_settings_loaded string| _vwo_cookieDomain string| _vwo_uuid string| _vwo_lib_cb string| _vwo_mt string| _vwo_tm object| vwo_iehack_queue object| VWO object| _vwo_pa string| _vwo_opa_cb string| _vwo_worker_cb string| _vis_opt_file_name function| vwo_$ string| _vwo_server_url object| _vis_opt_queue object| _vis_opt_check_segment object| _vwo_evq function| _vwo_ev object| _vwo_t object| _vwo_api_section_callback object| _vis_opt_comb_name function| _vwo_s object| _vwo_campaignData function| _vis_opt_top_initialize function| _vis_opt_bottom_initialize function| _vis_opt_goal_conversion function| _vis_opt_revenue_conversion function| _vis_opt_pause function| _vis_opt_readCookie function| _vis_opt_createCookie function| _vis_opt_element_loaded function| _vis_opt_GA_track function| _vis_opt_register_conversion function| _vis_opt_get_campaign_xPath boolean| DISABLE_NATIVE_CONSTANTS object| _vwo_editorOperationTracker function| _vwo_handleMutations number| _vis_opt_experiment_id function| lazyloaderDebounceOrThrottle function| DOMPurify object| echo function| bindToWindowOnError object| globalRoot function| hns object| hubspot object| hbspt object| __hsRoot object| hspreserve undefined| React undefined| reqwestPatched function| OutpostErrorReporter undefined| Pikaday function| hns2 function| hmerge undefined| I18n undefined| ReactDOM undefined| require undefined| requirejs undefined| define undefined| exports undefined| module undefined| bootstrap object| utag_data object| __nls function| Waypoint object| AOS function| picturefill number| ___vwo object| options object| HSFR object| _hsq object| utag_err boolean| utag_condload object| utag function| e object| s function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap object| _linkedin string| _linkedin_data_partner_id object| _qevents function| _tealium_old_error boolean| __tealium_twc_switch object| adobe function| Visitor string| gtagRename object| dataLayer function| gtag function| rdt object| s_c_il number| s_c_in number| s_objectID number| s_giq object| _adexc function| fbq function| _fbq function| tealiumGetResourceSearchData function| tealiumTrackResourceSearch object| tealFuncs undefined| dcm_cid undefined| dcm_tid undefined| dcm_gid

9 Cookies

Domain/Path Name / Value
.forcepoint.com/ Name: _vwo_uuid_v2
Value: D275BC1A1363FBD4606FB17CEB6DC5CF1|4bf7bf7d3d89c5370e5426a83a00a0ab
.forcepoint.com/ Name: _vis_opt_s
Value: 1%7C
.forcepoint.com/ Name: _vis_opt_test_cookie
Value: 1
.forcepoint.com/ Name: _vwo_uuid
Value: D275BC1A1363FBD4606FB17CEB6DC5CF1
.forcepoint.com/ Name: _vwo_sn
Value: 0%3A1
.forcepoint.com/ Name: _vwo_ds
Value: 3%3At_0%2Ca_0%3A0%241668636758%3A85.43336793%3A%3A%3A167_0%2C4_0%2C3_0%3A0
.adnxs.com/ Name: uuid2
Value: 1958301592581369131
.forcepoint.com/ Name: utag_main
Value: v_id:018482805c0100027bba21bf3b0b03074003b06c00b08$_sn:1$_ss:1$_st:1668638561090$ses_id:1668636761090%3Bexp-session$_pn:1%3Bexp-session
.nr-data.net/ Name: JSESSIONID
Value: edd94e67ccdf0de1

12 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
javascript warning URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fthanks-giving-emotet&random=0.3496173785539498, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fthanks-giving-emotet&random=0.3496173785539498, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fthanks-giving-emotet&random=0.3496173785539498(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://dev.visualwebsiteoptimizer.com/7.0/track-3a8c03cc83fd9c554b5af6e1cc1ffa80.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fthanks-giving-emotet&random=0.3496173785539498(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://dev.visualwebsiteoptimizer.com/7.0/track-3a8c03cc83fd9c554b5af6e1cc1ffa80.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fthanks-giving-emotet&random=0.3496173785539498(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-3d1a80cbbc4fdc4472eae80c14d918ad.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://d5phz18u4wuww.cloudfront.net/vis_opt.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://d5phz18u4wuww.cloudfront.net/vis_opt.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://d5phz18u4wuww.cloudfront.net/vis_opt.js(Line 218)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://dev.visualwebsiteoptimizer.com/7.0/vis_opt-3a8c03cc83fd9c554b5af6e1cc1ffa80.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://d5phz18u4wuww.cloudfront.net/vis_opt.js(Line 218)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://dev.visualwebsiteoptimizer.com/7.0/vis_opt-3a8c03cc83fd9c554b5af6e1cc1ffa80.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security error URL: https://dx.steelhousemedia.com/spx?dxver=4.0.0&shaid=31915&tdr=&plh=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fthanks-giving-emotet&cb=77806462165323360term=value(Line 6)
Message:
Refused to connect to 'https://35.85.84.151/is' because it violates the following Content Security Policy directive: "connect-src 'self' *.vwo.com *.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.google.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com *.geolocation-db.com geolocation-db.com".
javascript error URL: https://dx.steelhousemedia.com/spx?dxver=4.0.0&shaid=31915&tdr=&plh=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fthanks-giving-emotet&cb=77806462165323360term=value(Line 6)
Message:
Refused to connect to 'https://35.85.84.151/is' because it violates the document's Content Security Policy.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com tag.aumago.com js.driftqa.com *.scribblecdn.net *.esg-global.com js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.clickagy.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com *.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com *.theadex.com tag.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com rules.quantcount.com tracking.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com *.jquery.com *.google.com; img-src * data: *; connect-src 'self' *.vwo.com *.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.google.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com *.geolocation-db.com geolocation-db.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

attr.ml-api.io
bam.nr-data.net
code.jquery.com
d5phz18u4wuww.cloudfront.net
dev.visualwebsiteoptimizer.com
dx.steelhousemedia.com
forms.hsforms.com
geolocation-db.com
js-agent.newrelic.com
js.hsforms.net
s.ml-attr.com
secure.adnxs.com
tags.tiqcdn.com
www.forcepoint.com
108.156.253.230
151.101.130.137
159.89.102.253
162.247.241.14
2001:4de0:ac18::1:a:3a
2600:9000:21f3:e800:12:3734:2a40:93a1
2606:4700::6810:5605
2606:4700::6811:ba49
2a04:4e42:600::740
34.96.102.137
37.252.171.53
54.69.84.146
68.67.153.60
95.101.200.249
04ef9d6412dc81974eed286aa80790d04f8675850ca91625fdc38ecfd1c317e3
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae
165d54fa7de755bb2c80c93de6bead8a82eb83ce7e87c59ee1b99928eb93097a
18e8a40ec24e5f4e00c30ef633e5cad6192ae2a88bff55e01ac45d90bd17943a
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d
1f7515ce453994d009893fdc5d0b43cc5e0b8d63c5aceb2b6112a644c2372cc8
206b6111b55c356e733676a83e11385a7f40cacdf2344faa0ff7ffc919dbee31
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
311c3a27de6c5daa55ad7d1a3d16c0333ad53dad8bef15b6485260b4b395d44f
41c6888af6e8f4e365574356ccff7c9dda1f63f25d68424653e1662a7a8538fd
4261cfb59feee9a316b589dfa6cefee792b8ca22dfee10266da4b9e8323040a8
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
49a8fc59ab4c35929b618337dcf7c6acca286ae93069fea2c5d95418cc30b940
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
599cb44a0b4bbf001a1419e068274934fd9a9e4a40d97343020c08c3757411b9
5a3a0313429b22b8fd7b067a306c2733e73b8a1e038591f722ad524e9f60ab79
606b1457709eeda5c12414b6dffbf91ce13f13942fc970d785806efd7ee734d5
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868
6d9a7fd96a3f724833b9b68c20877b5701f64df5446138733baec495138cfb3b
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
73dffe7e59459e7763b865677057b8aa06f3eaaf55a64e8da5a4ab04cfbc7f42
73fa27ef03dadf7cfb764070874f5f520df5c63e6f357f9b5411924c74aa4a9b
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455
7da3716d9946f2c609d488aa7c55e83935149ce4cdce0e7d80030aa663b8dc3d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
845c06636f87e230f3819136dee5f6b3dfd2c5548d173b8b9375b0766275a7b3
86cb416b41dbcbab76295d9c399ea1505cbb6497b0a90d1825ce37ff9fb543f4
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8
88b566a6a7943d6703aa1e96f93bf0730241f743e5d78e582c1898192217df0a
912856e113e646cb59dd2a480be66f5463455408b458432e0a7234664608685c
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
965b330104a5e1d8e955964b332301e68f052713bd4d9fbe37d7c02ebd5ec596
97fbcb8423f02900892171eafca0218733ccbfa16dbba1f67b29bea0b9d9e3c9
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
9ca660a04103afa46a35b9d3f3c038ab2e0fb1b909afd7309307e50ba650e596
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
9e6cb73e40f4e41f0d6ae1ea93e1806e4badac736f77d01a2dfd4741615746f5
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
a4bc883f92fd21944513be81f20003f35c470bafbf66256bcd6921c979da6079
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d
a62eac4c6fbbee1ccd757dbd243f301f808ea79f404e2b2fa0466ea033ee2c73
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef
b8babbff47d3bf68af7a3a1dc0f97cd91605e8036f0c1fd24e64c91f35be4a8e
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
bc33f47d443fb6019844ba8e1457e9d9eebdb564be1c902884f94350af96dc0d
bed855d9eb766292b67f4821eb934eee96b385b8520659165f57bbae90c362c5
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c
c0e0b9f64e6354a2677f8cc7b48c489b4fac6183a86dfedc0f52bb0cc17fce3a
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf
c471082e89a6f37efdf18a4fe18aac31324c6b4e17c493092864839cd0724ea4
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
c7ea44bfd1c4a63de8e75fddc3e384453591fe9b36b63a24c5bb079d765c3bc8
c8701bcd35e283c644b9827be724346eea71e5c10df2ce154f413a2c83dbbb75
c8f025f9817a08a16184a34d0106ef3cae1fe6fd55dfbd18cf1473edba83b084
c90104dc032e1b6605d49139049970b3c2c294a0fb039b3de33c7d6c05ea9bab
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
da82d0fecc0241b371ce349d0a080aef5dcf806dc864adcddfde20e6c1e2c240
dd0779c9ae69f9d8cd8728663703ce2cc6ec972dc5350a5f6948a15d67fbeea9
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3
e05924abb3a7ba04d614a4f52c7d2c506c84916fc609aee571acd192407eaf92
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42af37f51b835925b68e1b1f89526a671ef1d699a1ee8446bf4123d4645c635
e4a04ec5d38fd49606169b3382f572724f49707b12dbadbd0f99e73ccdac0bda
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4
e96ee4202dd697f4757a0c1502f5b3ae79c0d59d0823d80a80ac3ed97132d861
ec8052230aa647c0287af90a0191f13039cbfb1406a1b78d344a066dd0f4c77f
f1e64fa570fdfb326b983b88b45b00d551c0bc28184b6c4969a032831a7221c8
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241
f6111a2b70adc74b366e13097ef3bc968003d16bbebbd72d324cdb73edb32c36
fa1c414755201842b2ce92c18fd173efcd4f67e009f90ee68c73547276cfad14
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0