I'm running my .net core API on IIS server. When I call any endpoints of my API most of the time it works fine, but sometimes I get 403 forbidden error. From the browser I don't see anything in the response. But when I call using postman I get the following response from server.

I have run malwarebytes, windows full virus scan to look for any malware attack. But that didn't solve the problem. I'm assuming some program or IIS configuration is causing this issue. Any idea of how to fix it or where to look is highly appreciated. I have looked at the installed programs, but didn't find anything suspicious.