www.forcepoint.com Open in urlscan Pro
151.101.66.228 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Submission: On July 18 via api (July 18th 2024, 8:20:46 am UTC) from DE — Scanned from CA

Summary HTTP 107 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 107 HTTP transactions. The main IP is 151.101.66.228, located in San Francisco, United States and belongs to FASTLY, US. The main domain is www.forcepoint.com. The Cisco Umbrella rank of the primary domain is 535186.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on November 22nd 2023. Valid for: a year.

This is the only time www.forcepoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
98	151.101.66.228 151.101.66.228	54113 (FASTLY) (FASTLY)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
4	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.142.119 104.18.142.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
107	5

98 151.101.66.228 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.forcepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (San Francisco, United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.142.119 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
98	forcepoint.com www.forcepoint.com — Cisco Umbrella Rank: 535186	682 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 336	68 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 14516
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	33 KB
0	adnxs.com Failed secure.adnxs.com Failed
0	tiqcdn.com Failed tags.tiqcdn.com Failed
107	6

	Domain	Requested by
98	www.forcepoint.com	www.forcepoint.com
4	cdnjs.cloudflare.com	www.forcepoint.com
1	js.hsforms.net	www.forcepoint.com
1	code.jquery.com	www.forcepoint.com
0	secure.adnxs.com Failed	www.forcepoint.com
0	tags.tiqcdn.com Failed	www.forcepoint.com
107	6

This site contains links to these domains. Also see Links.

Domain
partners.forcepoint.com
support.forcepoint.com
learn.forcepoint.com
www.linkedin.com
twitter.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
forcepoint.com Sectigo RSA Organization Validation Secure Server CA	`2023-11-22` - `2024-11-21`	a year	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
hsforms.net WE1	`2024-06-13` - `2024-09-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Frame ID: 7B1BF2C7759DC239F791A76FFB6A0F18
Requests: 127 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ShadowRoot Ransomware Targeting Turkish Businesses

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

107
Requests

97 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

784 kB
Transfer

3633 kB
Size

1
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://partners.forcepoint.com/s/login/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://support.forcepoint.com/s/
Title: Support Login

Search URL Search Domain Scan URL

URL: https://learn.forcepoint.com/
Title: Training

Search URL Search Domain Scan URL

URL: https://learn.forcepoint.com/catalog?query=e-learning
Title: Free E-Learning Courses

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/forcepoint?trk=fc_badge
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/forcepointsec
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ForcepointLLC
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC4MbQECdktvwewRlAFwT_-w
Title: YouTube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 98

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID

107 HTTP transactions
20 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request shadowroot-ransomware-targeting-turkish-businesses Show response
www.forcepoint.com/blog/x-labs/ 126 KB
44 KB 90ms
31ms Document
text/html 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

947a399a9eae30ed4894ebb83e38765f7a2b54082ea44668794f1b4780d31f61

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .fonts.net .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com .ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com .nr-data.net .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com .theadex.com .aumago.com .driftqa.com .scribblecdn.net .esg-global.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .clickagy.com .nimblestory.com .usemessages.com .stackadapt.com .googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net .w55c.net .demandbase.com .company-target.com .gstatic.com .tiqcdn.com .marketo.net .newrelic.com .facebook.net .ads-twitter.com .burly.io .bizographics.com .nr-data.net .licdn.com .tt.omtrdc.net .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com .ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com app.vwo.com .ubembed.com .driftt.com .vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com .adobe.com .consensu.org .bizible.com .theadex.com .aumago.com .zoominfo.com .clickagy.com .redditstatic.com .quantcount.com .g2crowd.com .steelhousemedia.com .scribblecdn.net .esg-global.com .6sc.co .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .jquery.com .google.com .hscollectedforms.net .jsdelivr.net .stackadapt.com .googlesyndication.com .simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com .ceros.com; img-src * data: ; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net .w55c.net .demandbase.com .company-target.com .gstatic.com .tiqcdn.com .marketo.net .newrelic.com .facebook.net .ads-twitter.com .burly.io .bizographics.com .nr-data.net .licdn.com .tt.omtrdc.net .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com .ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com app.vwo.com .ubembed.com .driftt.com .vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com .adobe.com .consensu.org .bizible.com .theadex.com .aumago.com .zoominfo.com .clickagy.com .redditstatic.com .quantcount.com .g2crowd.com .steelhousemedia.com .scribblecdn.net .esg-global.com .6sc.co .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .jquery.com .google.com .hscollectedforms.net .jsdelivr.net .stackadapt.com .googlesyndication.com .simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com .ceros.com .hubspot.com .hubspot.net .demdex.net .libsyn.com .youtube.com; font-src 'self' .google.com .googleadservices.com; connect-src 'self' .vwo.com .demdex.net .omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net .theadex.com .aumago.com .google-analytics.com .6sc.co .adnxs.com .vidyard.com .6sense.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com api.hubapi.com .hsforms.net .hsforms.com .s3.amazonaws.com .drift.com .clickagy.com .facebook.com .zoominfo.com geolocation-db.com dn.linkedin.oribi.io .hubspot.com .hscollectedforms.net .stackadapt.com .google.com .googletagmanager.com .googleadservices.com google.com .googlesyndication.com .linkedin.com .redditstatic.com .reddit.com .g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 165
cache-control: public, max-age=3600
content-encoding: gzip
content-language: en
content-length: 38010
content-security-policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com; img-src * data: *; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com *.hubspot.com *.hubspot.net *.demdex.net *.libsyn.com *.youtube.com; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
content-type: text/html; charset=utf-8
date: Thu, 18 Jul 2024 08:20:16 GMT
etag: W/"1721290649-0"
expires: Sun, 19 Nov 1978 05:00:00 GMT
from-origin: same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent: NA
http_x_geo_region: CA-ON
last-modified: Thu, 18 Jul 2024 08:17:29 GMT
link: </sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</misc/throbber-inactive.png>; rel=preload; as=image; type="image/png"; nopush,</misc/throbber-active.gif>; rel=preload; as=image; type="image/gif"; nopush,</misc/grippie.png>; rel=preload; as=image; type="image/png"; nopush,</misc/draggable.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree-bottom.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-ok.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-warning.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-error.png>; rel=preload; as=image; type="image/png"; nopush,</misc/help.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-expanded.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-collapsed.png>; rel=preload; as=image; type="image/png"; nopush,</misc/progress.gif>; rel=preload; as=image; type="image/gif"; nopush,</sites/all/libraries/chosen/chosen-sprite.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/libraries/chosen/chosen-sprite@2x.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png>; rel=preload; as=image; type="image/png"; nopush
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=18410000; includeSubDomains; preload
vary: Accept-Encoding, x-geo-country, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT, MISS
x-cache-hits: 0, 9, 0
x-content-type-options: nosniff
x-drupal-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 7 (http://drupal.org)
x-pantheon-styx-hostname: styx-fe1-a-67db8dc7b8-7qhbq
x-served-by: cache-chi-kigq8000156-CHI, cache-yyz4561-YYZ, cache-yyz4546-YYZ
x-styx-req-id: 2ccd3dcb-44de-11ef-a73a-5adf03037691
x-timer: S1721290816.169804,VS0,VE4
x-ua-compatible: IE=Edge,chrome=1
x-xss-protection: 1

GET
H2 200 Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized// 18 KB
19 KB 32ms
30ms Font
font/woff 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin: https://www.forcepoint.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Thu, 17 Jul 2025 07:29:08 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-67db8dc7b8-zjqjf
content-length: 18868
x-served-by: cache-chi-kigq8000062-CHI, cache-yyz4542-YYZ, cache-yyz4546-YYZ
last-modified: Mon, 15 Jul 2024 20:36:00 GMT
server: nginx
x-timer: S1721290816.213287,VS0,VE4
etag: "66958830-49b4"
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: 16ff3869-4345-11ef-a32f-9265e67163a1
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 50, 106, 0

GET
H2 200 Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
19 KB 30ms
28ms Font
font/woff 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin: https://www.forcepoint.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Thu, 17 Jul 2025 07:29:08 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-67db8dc7b8-zjqjf
content-length: 18868
x-served-by: cache-chi-kigq8000080-CHI, cache-yyz4582-YYZ, cache-yyz4546-YYZ
last-modified: Mon, 15 Jul 2024 20:35:59 GMT
server: nginx
x-timer: S1721290816.213251,VS0,VE4
etag: "6695882f-49b4"
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: 16ff3adc-4345-11ef-a32f-9265e67163a1
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 67, 111, 0

GET
H2 200 Hoves_Medium.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
18 KB 162ms
160ms Font
font/woff 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin: https://www.forcepoint.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Thu, 17 Jul 2025 07:29:08 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-778cbf697c-nf2vw
content-length: 18688
x-served-by: cache-chi-klot8100097-CHI, cache-yyz4540-YYZ, cache-yyz4546-YYZ
last-modified: Mon, 15 Jul 2024 20:35:59 GMT
server: nginx
x-timer: S1721290816.213556,VS0,VE4
etag: "6695882f-4900"
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: 16fead65-4345-11ef-b54a-f60fc8a2deb7
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 53, 111, 0

GET
H2 200 Hoves_Regular.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
18 KB 162ms
160ms Font
font/woff 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin: https://www.forcepoint.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Thu, 17 Jul 2025 07:29:08 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-778cbf697c-jgk2s
content-length: 18436
x-served-by: cache-chi-klot8100104-CHI, cache-yyz4556-YYZ, cache-yyz4546-YYZ
last-modified: Mon, 15 Jul 2024 20:36:00 GMT
server: nginx
x-timer: S1721290816.213539,VS0,VE4
etag: "66958830-4804"
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: 16ff6e58-4345-11ef-8edb-c281824f74e2
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 66, 110, 0

GET
H2 200 Hoves_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 19 KB
19 KB 163ms
161ms Font
font/woff 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin: https://www.forcepoint.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Thu, 17 Jul 2025 07:29:08 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-67db8dc7b8-7qhbq
content-length: 19656
x-served-by: cache-chi-klot8100074-CHI, cache-yyz4524-YYZ, cache-yyz4546-YYZ
last-modified: Mon, 15 Jul 2024 20:35:59 GMT
server: nginx
x-timer: S1721290816.213876,VS0,VE4
etag: "6695882f-4cc8"
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: 16fecca0-4345-11ef-a73a-5adf03037691
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 52, 110, 0

GET
H2 200 Hoves_Light.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
18 KB 163ms
161ms Font
font/woff 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin: https://www.forcepoint.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Thu, 17 Jul 2025 07:29:08 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-778cbf697c-x5pqn
content-length: 18600
x-served-by: cache-chi-kigq8000086-CHI, cache-yyz4568-YYZ, cache-yyz4546-YYZ
last-modified: Mon, 15 Jul 2024 20:35:59 GMT
server: nginx
x-timer: S1721290816.213848,VS0,VE4
etag: "6695882f-48a8"
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: 16ffed9d-4345-11ef-9849-f21714ecd673
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 69, 110, 0

GET
H2 200 Hoves_Light_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 19 KB
19 KB 165ms
164ms Font
font/woff 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin: https://www.forcepoint.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Thu, 17 Jul 2025 07:29:08 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-67db8dc7b8-ghkb8
content-length: 19360
x-served-by: cache-chi-klot8100179-CHI, cache-yyz4540-YYZ, cache-yyz4546-YYZ
last-modified: Mon, 15 Jul 2024 20:35:59 GMT
server: nginx
x-timer: S1721290816.213829,VS0,VE4
etag: "6695882f-4ba0"
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: 16ff45c9-4345-11ef-a39f-4ace80ec767d
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 78, 110, 0

GET
H2 200 Hoves_ExtraLight.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 18 KB
18 KB 164ms
163ms Font
font/woff 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin: https://www.forcepoint.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Thu, 17 Jul 2025 07:29:08 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-778cbf697c-czhxs
content-length: 17944
x-served-by: cache-chi-kigq8000066-CHI, cache-yyz4569-YYZ, cache-yyz4546-YYZ
last-modified: Mon, 15 Jul 2024 20:35:59 GMT
server: nginx
x-timer: S1721290816.213829,VS0,VE5
etag: "6695882f-4618"
content-type: font/woff
access-control-allow-origin: *
x-styx-req-id: 16ff4e24-4345-11ef-84ac-ba0dcdbb94b4
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 66, 110, 0

GET
H2 200 throbber-inactive.png
www.forcepoint.com/misc/ 140 B
624 B 76ms
51ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/throbber-inactive.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010230
age: 170101
http_x_geo_region: CA-ON
x-cache: MISS, MISS, HIT
fastly-io-info: ifsz=320 idim=15x13 ifmt=png ofsz=140 odim=15x13 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-67db8dc7b8-dbrtw
content-length: 140
x-served-by: cache-chi-kigq8000107-CHI, cache-yyz4559-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.749579,VS0,VE1
etag: "CYYfXWQxa+SPObSsE32Xk7Do+LMPmm8BZYCZJK1ZEUA"
vary: Accept
content-type: image/webp
x-styx-req-id: 84205b98-4352-11ef-b3ae-fa7bcf007e87
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 17 Jul 2025 09:05:15 GMT

GET
H2 200 throbber-active.gif
www.forcepoint.com/misc/ 1 KB
2 KB 79ms
54ms Image
image/gif 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/throbber-active.gif

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4d58ffb4437135b1a4f7b8cbf01321ea85fe244416aed493ea942462f3d58c86

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010229
age: 1252633
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=1233 idim=15x13 ifmt=gif ofsz=1233 odim=15x13 ofmt=gif ofrm=12
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-cxdcg
content-length: 1233
fastly-io-warning: Failed to shrink image
x-served-by: cache-chi-klot8100061-CHI, cache-yyz4574-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.749870,VS0,VE1
etag: "cciM0uPCYoc09vCSqOmHV4nMniFUM15FCTn0mYxlwCQ"
vary: Accept
content-type: image/gif
x-styx-req-id: 0ca4af08-397a-11ef-b71d-6a153845af30
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Jul 2025 20:23:03 GMT

GET
H2 200 grippie.png
www.forcepoint.com/misc/ 56 B
376 B 78ms
54ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/grippie.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010228
age: 120557
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=106 idim=27x5 ifmt=png ofsz=56 odim=27x5 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-778cbf697c-jgk2s
content-length: 56
x-served-by: cache-chi-klot8100115-CHI, cache-yyz4567-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.750605,VS0,VE1
etag: "kt9RZLYHWjv58VxK34gY2gtJI3NheIs+DTYX4JV5AGA"
vary: Accept
content-type: image/webp
x-styx-req-id: def9222a-43c5-11ef-8edb-c281824f74e2
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 17 Jul 2025 22:51:00 GMT

GET
H2 200 draggable.png
www.forcepoint.com/misc/ 268 B
739 B 76ms
51ms Image
image/png 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/draggable.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010216
age: 1408481
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=268 idim=15x60 ifmt=png ofsz=268 odim=15x60 ofmt=png
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-cxdcg
content-length: 268
fastly-io-warning: Failed to shrink image
x-served-by: cache-chi-kigq8000056-CHI, cache-yyz4577-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.750584,VS0,VE1
etag: "KWIpRFdw6XY1xKLUIvevvjFCVB7MVHDdktcCcAkddP0"
vary: Accept
content-type: image/png
x-styx-req-id: 3071afa5-380f-11ef-9085-6a153845af30
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Jul 2025 01:05:36 GMT

GET
H2 200 tree.png
www.forcepoint.com/misc/ 82 B
374 B 76ms
52ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/tree.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010246
age: 1290164
http_x_geo_region: CA-ON
x-cache: MISS, MISS, HIT
fastly-io-info: ifsz=130 idim=80x81 ifmt=png ofsz=82 odim=80x81 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-h68wv
content-length: 82
x-served-by: cache-chi-kigq8000035-CHI, cache-yyz4581-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.750561,VS0,VE1
etag: "Z35FTfoaAVemLhiXshryO4rkEzH1KA6bO8GIRsSVaO0"
vary: Accept
content-type: image/webp
x-styx-req-id: aa8d2818-3922-11ef-bacb-5e8344290807
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Jul 2025 09:57:32 GMT

GET
H2 200 tree-bottom.png
www.forcepoint.com/misc/ 78 B
446 B 76ms
53ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/tree-bottom.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010246
age: 1290164
http_x_geo_region: CA-ON
x-cache: MISS, MISS, HIT
fastly-io-info: ifsz=129 idim=80x81 ifmt=png ofsz=78 odim=80x81 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-rszwb
content-length: 78
x-served-by: cache-chi-klot8100109-CHI, cache-yyz4581-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.750547,VS0,VE1
etag: "JyOt5s8au+dKwuKYWT9ybz2cVW6ZbelcJx3DlTABXvE"
vary: Accept
content-type: image/webp
x-styx-req-id: aa9823db-3922-11ef-ba53-d260c23d87a7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Jul 2025 09:57:32 GMT

GET
H2 200 message-24-ok.png
www.forcepoint.com/misc/ 902 B
1 KB 74ms
51ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/message-24-ok.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010213
age: 685178
http_x_geo_region: CA-ON
x-cache: MISS, MISS, HIT
fastly-io-info: ifsz=1058 idim=24x24 ifmt=png ofsz=902 odim=24x24 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-z4chc
content-length: 902
x-served-by: cache-chi-klot8100043-CHI, cache-yyz4534-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.750492,VS0,VE1
etag: "60PoYDt+1vFXU4yAkaVKB1clxMNlUR3MuNzEGSZ9U9Y"
vary: Accept
content-type: image/webp
x-styx-req-id: 424f9bee-3ea3-11ef-a910-8245d19189a9
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 11 Jul 2025 10:00:38 GMT

GET
H2 200 message-24-warning.png
www.forcepoint.com/misc/ 612 B
938 B 76ms
54ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/message-24-warning.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010215
age: 4863794
http_x_geo_region: CA-ON
x-cache: HIT, HIT, HIT
fastly-io-info: ifsz=753 idim=24x24 ifmt=png ofsz=612 odim=24x24 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-6b7857bbbb-57mwg
content-length: 612
x-served-by: cache-chi-klot8100163-CHI, cache-yyz4556-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.750477,VS0,VE1
etag: "etN9kWF1zriHIse4xor9Tv/e40PLoR3lRGg8xe6tRQE"
vary: Accept
content-type: image/webp
x-styx-req-id: 28d752ac-18a2-11ef-b4f5-4aee40072002
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 24 May 2025 01:17:02 GMT

GET
H2 200 message-24-error.png
www.forcepoint.com/misc/ 614 B
976 B 75ms
52ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/message-24-error.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010210
age: 685178
http_x_geo_region: CA-ON
x-cache: MISS, MISS, HIT
fastly-io-info: ifsz=733 idim=24x24 ifmt=png ofsz=614 odim=24x24 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-ftx9d
content-length: 614
x-served-by: cache-chi-kigq8000043-CHI, cache-yyz4562-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.750455,VS0,VE1
etag: "gVoMZ8dd1QgL/2SjIwn0GwzJENiBt143AYaoiF4Ws6M"
vary: Accept
content-type: image/webp
x-styx-req-id: 424f899d-3ea3-11ef-b412-7a6d96a048fa
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 11 Jul 2025 10:00:38 GMT

GET
H2 200 help.png
www.forcepoint.com/misc/ 192 B
528 B 72ms
50ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/help.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010246
age: 957888
http_x_geo_region: CA-ON
x-cache: HIT, HIT, HIT
fastly-io-info: ifsz=294 idim=16x16 ifmt=png ofsz=192 odim=16x16 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-llvxv
content-length: 192
x-served-by: cache-chi-klot8100132-CHI, cache-yyz4552-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.750449,VS0,VE1
etag: "v6al66PXjd/2WqSfHyL2pCCxkfKAcJfvgCU3I6pbO+4"
vary: Accept
content-type: image/webp
x-styx-req-id: 4e828fbd-3c28-11ef-ab89-ee120c8775da
cache-control: max-age=31622400
accept-ranges: bytes
expires: Tue, 08 Jul 2025 06:15:28 GMT

GET
H2 200 menu-expanded.png
www.forcepoint.com/misc/ 46 B
479 B 74ms
53ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/menu-expanded.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010214
age: 170101
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=106 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-778cbf697c-f5sq9
content-length: 46
x-served-by: cache-chi-klot8100163-CHI, cache-yyz4523-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.750415,VS0,VE1
etag: "lnOeF6KlRRR5aM+MCm3C8DB9Vu1cySrSTIEOJY+eTS4"
vary: Accept
content-type: image/webp
x-styx-req-id: 5c2a8a2a-4311-11ef-8fb5-2aa8544e3a15
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 17 Jul 2025 01:18:51 GMT

GET
H2 200 menu-collapsed.png
www.forcepoint.com/misc/ 46 B
479 B 77ms
55ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/menu-collapsed.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 5, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010216
age: 1320972
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=105 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-lk559
content-length: 46
x-served-by: cache-chi-kigq8000091-CHI, cache-yyz4566-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.750397,VS0,VE1
etag: "HJgRuOhWhAFgOazVOW2HjRFb16cHmG+HSX+vLor86a0"
vary: Accept
content-type: image/webp
x-styx-req-id: efeaaf9a-38da-11ef-8bba-420e4ed0c032
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Jul 2025 01:24:05 GMT

GET
H2 200 progress.gif
www.forcepoint.com/misc/ 6 KB
6 KB 87ms
66ms Image
image/gif 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/misc/progress.gif

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

91997f03543fdd296c85e60feede1e3df0e950aca03698583ff2870869a2dc0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010246
age: 609065
http_x_geo_region: CA-ON
x-cache: MISS, MISS, HIT
fastly-io-info: ifsz=5872 idim=20x40 ifmt=gif ofsz=5872 odim=20x40 ofmt=gif ofrm=20
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-cr9cd
content-length: 5872
fastly-io-warning: Failed to shrink image
x-served-by: cache-chi-klot8100021-CHI, cache-yyz4529-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.774020,VS0,VE1
etag: "KSQIcjJuPSqTVV6Yjqa330VSb5j46NEcKLjR3ejGL1A"
vary: Accept
content-type: image/gif
x-styx-req-id: 79275370-3f54-11ef-b3d9-563f282b1988
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 12 Jul 2025 07:09:11 GMT

GET
H2 200 chosen-sprite.png
www.forcepoint.com/sites/all/libraries/chosen/ 430 B
794 B 85ms
63ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010248
age: 1998700
http_x_geo_region: CA-ON
x-cache: HIT, HIT, HIT
fastly-io-info: ifsz=538 idim=52x37 ifmt=png ofsz=430 odim=52x37 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-m7qcg
content-length: 430
x-served-by: cache-chi-klot8100058-CHI, cache-yyz4536-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.773982,VS0,VE2
etag: "pCuJ3WEDsPQPzkbIkY90U4TfuAo3yBgHEEN2IOPELGY"
vary: Accept
content-type: image/webp
x-styx-req-id: fa74d04d-32b0-11ef-828b-222e41344d78
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 26 Jun 2025 05:08:36 GMT

GET
H2 200 chosen-sprite@2x.png
www.forcepoint.com/sites/all/libraries/chosen/ 628 B
1 KB 85ms
64ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010249
age: 1390051
http_x_geo_region: CA-ON
x-cache: HIT, HIT, HIT
fastly-io-info: ifsz=738 idim=104x74 ifmt=png ofsz=628 odim=104x74 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-llvxv
content-length: 628
x-served-by: cache-chi-klot8100088-CHI, cache-yyz4564-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.773973,VS0,VE1
etag: "1954vZ3omyWtqZWjx3EPpQPU3ZMgJvFFfwvKeF5rhm0"
vary: Accept
content-type: image/webp
x-styx-req-id: 19a8bef6-383a-11ef-9fbf-ee120c8775da
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Jul 2025 06:12:46 GMT

GET
H2 200 ui-bg_flat_75_ffffff_40x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ 44 B
360 B 85ms
64ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010227
age: 177456
http_x_geo_region: CA-ON
x-cache: MISS, MISS, HIT
fastly-io-info: ifsz=178 idim=40x100 ifmt=png ofsz=44 odim=40x100 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-67db8dc7b8-gk745
content-length: 44
x-served-by: cache-chi-kigq8000066-CHI, cache-yyz4527-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.773939,VS0,VE1
etag: "O9SdHkbja5Mmzi4DWOWJdZgUQirITGa5uuAK5R/QoyM"
vary: Accept
content-type: image/webp
x-styx-req-id: 646ea92c-4341-11ef-baca-4e257a6666f1
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 17 Jul 2025 07:02:40 GMT

GET
H2 200 ui-bg_highlight-soft_75_cccccc_1x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ 54 B
368 B 86ms
65ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010216
age: 2288754
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=101 idim=1x100 ifmt=png ofsz=54 odim=1x100 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-prbvz
content-length: 54
x-served-by: cache-chi-klot8100124-CHI, cache-yyz4556-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.773916,VS0,VE1
etag: "SVL3LfYtpcUTzNEo8mHT+EoBDkNcvK2l7xiLlLE7P6w"
vary: Accept
content-type: image/webp
x-styx-req-id: a44e5b78-300d-11ef-97fe-1edbf4b9e77b
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 22 Jun 2025 20:34:22 GMT

GET
H2 200 ui-bg_glass_75_e6e6e6_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ 78 B
418 B 85ms
65ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010214
age: 404033
http_x_geo_region: CA-ON
x-cache: MISS, MISS, HIT
fastly-io-info: ifsz=110 idim=1x400 ifmt=png ofsz=78 odim=1x400 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-778cbf697c-jgk2s
content-length: 78
x-served-by: cache-chi-kigq8000098-CHI, cache-yyz4561-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.773909,VS0,VE1
etag: "4s1MwOZKDfGEu/a/SFo57USn639l3MbW8dYbzZPyEag"
vary: Accept
content-type: image/webp
x-styx-req-id: da137469-4131-11ef-b5d5-c281824f74e2
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 14 Jul 2025 16:06:23 GMT

GET
H2 200 ui-bg_glass_75_dadada_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ 84 B
403 B 86ms
66ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010227
age: 609092
http_x_geo_region: CA-ON
x-cache: MISS, MISS, HIT
fastly-io-info: ifsz=111 idim=1x400 ifmt=png ofsz=84 odim=1x400 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-cr9cd
content-length: 84
x-served-by: cache-chi-klot8100024-CHI, cache-yyz4529-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.773887,VS0,VE1
etag: "msf+sm6St45S//5aPCnGaIqq4DmKLsS3uxv+ikcGyuY"
vary: Accept
content-type: image/webp
x-styx-req-id: 694291be-3f54-11ef-b3d9-563f282b1988
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 12 Jul 2025 07:08:44 GMT

GET
H2 200 css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 6 KB
2 KB 162ms
151ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 83, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-69554747b9-vp8bw
content-length: 2109
x-served-by: cache-chi-kigq8000159-CHI, cache-yyz4580-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified: Tue, 05 Mar 2024 06:05:49 GMT
server: nginx
x-timer: S1721290816.225053,VS0,VE4
etag: W/"65e6b63d-1797"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: e591bfd4-f1d7-11ee-835d-6255bad32892
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:26 GMT

GET
H2 200 css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 11 KB
3 KB 167ms
157ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Mon, 28 Apr 2025 10:38:01 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-867f44b44b-6zx56
content-length: 2662
x-served-by: cache-chi-kigq8000165-CHI, cache-yyz4542-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:43 GMT
server: nginx
x-timer: S1721290816.225033,VS0,VE4
etag: W/"65e6b637-2d9a"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 387529c2-0482-11ef-be95-3a8be9a6877a
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 64, 104, 0

GET
H2 200 css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 789 B
657 B 163ms
152ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Wed, 25 Jun 2025 19:24:10 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-w9nrv
content-length: 405
x-served-by: cache-chi-kigq8000114-CHI, cache-yyz4525-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:43 GMT
server: nginx
x-timer: S1721290816.225145,VS0,VE4
etag: W/"65e6b637-315"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 552aad89-325f-11ef-b993-de70e4427182
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 47, 109, 0

GET
H2 200 css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 14 KB
3 KB 165ms
155ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 109, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-64b977755d-kk5rj
content-length: 2632
x-served-by: cache-chi-klot8100179-CHI, cache-yyz4544-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified: Tue, 05 Mar 2024 06:05:45 GMT
server: nginx
x-timer: S1721290816.237187,VS0,VE4
etag: W/"65e6b639-3962"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: d721e3ae-f1d7-11ee-b87b-f2654297ce89
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:02 GMT

GET
H2 200 css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 512 B
539 B 166ms
156ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 6, 109, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-69554747b9-m255z
content-length: 230
x-served-by: cache-chi-kigq8000068-CHI, cache-yyz4566-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified: Tue, 05 Mar 2024 06:05:46 GMT
server: nginx
x-timer: S1721290816.237158,VS0,VE4
etag: W/"65e6b63a-200"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: d804a972-f1d7-11ee-976d-4e9dd3d547b2
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:03 GMT

GET
H2 200 css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 3 KB
1 KB 164ms
154ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Fri, 27 Jun 2025 04:07:49 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-l749x
content-length: 1172
x-served-by: cache-chi-kigq8000154-CHI, cache-yyz4570-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:52 GMT
server: nginx
x-timer: S1721290816.237126,VS0,VE4
etag: W/"65e6b640-c8c"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: a6a59393-3371-11ef-8b05-0e97991a7547
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 63, 83, 0

GET
H2 200 css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 506 B
484 B 162ms
153ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Tue, 15 Jul 2025 18:11:51 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-778cbf697c-jgk2s
content-length: 175
x-served-by: cache-chi-kigq8000153-CHI, cache-yyz4552-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:53 GMT
server: nginx
x-timer: S1721290816.237100,VS0,VE4
etag: W/"65e6b641-1fa"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 8b5f5c59-420c-11ef-b5d5-c281824f74e2
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 48, 83, 0

GET
H2 200 css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 454 B
525 B 163ms
154ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Sun, 22 Jun 2025 00:18:26 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175868
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-56d7969b4f-msw7d
content-length: 221
x-served-by: cache-chi-kigq8000054-CHI, cache-yyz4555-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:54 GMT
server: nginx
x-timer: S1721290816.237053,VS0,VE4
etag: W/"65e6b642-1c6"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: c778cb20-2f63-11ef-9f89-ba784693dba0
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 43, 0

GET
H2 200 css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 502 B
560 B 164ms
155ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Tue, 03 Jun 2025 10:17:05 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-766d899d75-fzdtp
content-length: 252
x-served-by: cache-chi-klot8100023-CHI, cache-yyz4558-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:55 GMT
server: nginx
x-timer: S1721290816.237019,VS0,VE4
etag: W/"65e6b643-1f6"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 42eebcb4-20c9-11ef-a8e2-12b292f98399
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 48, 83, 0

GET
H2 200 css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 5 KB
2 KB 164ms
155ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 34, 25, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-pantheon-styx-hostname: styx-fe1-b-69554747b9-vp8bw
age: 175842
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
content-length: 2091
x-served-by: cache-chi-klot8100098-CHI, cache-yyz4546-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified: Tue, 05 Mar 2024 06:05:56 GMT
server: nginx
x-timer: S1721290816.238045,VS0,VE3
etag: W/"65e6b644-1218"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: e5943fb9-f1d7-11ee-835d-6255bad32892
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:26 GMT

GET
H2 200 css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 128 B
427 B 185ms
177ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Thu, 19 Jun 2025 03:37:32 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 161696
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-68b4468bdf-q6nhj
content-length: 118
x-served-by: cache-chi-klot8100059-CHI, cache-yyz4576-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:47 GMT
server: nginx
x-timer: S1721290816.238022,VS0,VE4
etag: W/"65e6b63b-80"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 18a00085-2d24-11ef-a547-7af8b70e95c2
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 89, 0

GET
H2 200 css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 203 B
441 B 180ms
175ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Wed, 11 Jun 2025 01:59:45 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-845bccb87b-s649l
content-length: 137
x-served-by: cache-chi-klot8100122-CHI, cache-yyz4531-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:56 GMT
server: nginx
x-timer: S1721290816.238005,VS0,VE4
etag: W/"65e6b644-cb"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 1c673fac-26cd-11ef-a8ca-6e88d504bb51
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 50, 83, 0

GET
H2 200 css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 99 B
373 B 179ms
174ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Wed, 11 Jun 2025 11:24:22 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-845bccb87b-srflh
content-length: 100
x-served-by: cache-chi-klot8100084-CHI, cache-yyz4575-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:58 GMT
server: nginx
x-timer: S1721290816.237993,VS0,VE4
etag: W/"65e6b646-63"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: fc2a0d8d-271b-11ef-a75e-a2ab8c7907d3
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 50, 85, 0

GET
H2 200 css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 493 KB
118 KB 209ms
205ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Sun, 11 May 2025 14:10:41 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-66d79b4b7-7p2sd
content-length: 120174
x-served-by: cache-chi-kigq8000100-CHI, cache-yyz4580-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:48 GMT
server: nginx
x-timer: S1721290816.237999,VS0,VE4
etag: W/"65e6b63c-7b4f7"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 15c42075-0ed7-11ef-9e44-6609e5b21e96
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 109, 0

GET
H2 200 css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 2 MB
300 KB 160ms
155ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

8117b5d7ba159bfb0cf341d96a566b4b06c466a0038eca2273a8533b1536e019

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Sat, 21 Jun 2025 13:27:13 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 170102
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-56d7969b4f-nzfgb
content-length: 307198
x-served-by: cache-chi-kigq8000037-CHI, cache-yyz4545-YYZ, cache-yyz4546-YYZ
last-modified: Thu, 20 Jun 2024 13:27:07 GMT
server: nginx
x-timer: S1721290816.237941,VS0,VE4
etag: W/"66742e2b-1f7287"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: ce42fc2e-2f08-11ef-b403-3a4931867672
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 2, 9, 0

GET
H2 200 forcepoint.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 2 KB
1 KB 210ms
206ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/forcepoint.svg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 53, 114, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-67db8dc7b8-jjllv
content-length: 783
x-served-by: cache-chi-klot8100172-CHI, cache-yyz4521-YYZ, cache-yyz4546-YYZ
last-modified: Mon, 15 Jul 2024 20:36:00 GMT
server: nginx
x-timer: S1721290816.237923,VS0,VE4
etag: W/"66958830-6ad"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 1708bde2-4345-11ef-bfff-92b70a8cdf9e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 17 Jul 2025 07:29:09 GMT

GET
H2 200 about_us_0.svg
www.forcepoint.com/sites/default/files/ 2 KB
1 KB 208ms
204ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/about_us_0.svg?itok=3xrS9jXe

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 51, 109, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-778cbf697c-nf2vw
content-length: 866
x-served-by: cache-chi-kigq8000108-CHI, cache-yyz4557-YYZ, cache-yyz4546-YYZ
last-modified: Wed, 18 Oct 2023 11:53:36 GMT
server: nginx
x-timer: S1721290816.237903,VS0,VE4
etag: W/"652fc740-76e"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: b5fb8a20-414d-11ef-b54a-f60fc8a2deb7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 14 Jul 2025 19:25:49 GMT

GET
H2 200 our_approach_0.svg
www.forcepoint.com/sites/default/files/ 3 KB
1 KB 121ms
120ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/our_approach_0.svg?itok=XjvgKmGS

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 109, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-6b7857bbbb-dfbjw
content-length: 1012
x-served-by: cache-chi-klot8100045-CHI, cache-yyz4583-YYZ, cache-yyz4546-YYZ
last-modified: Wed, 18 Oct 2023 11:53:58 GMT
server: nginx
x-timer: S1721290816.456846,VS0,VE4
etag: W/"652fc756-a97"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: ed384747-1856-11ef-a9e0-26ad238f469f
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 23 May 2025 16:18:29 GMT

GET
H2 200 our_customers_0.svg
www.forcepoint.com/sites/default/files/ 2 KB
1 KB 118ms
113ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/our_customers_0.svg?itok=pljm0BZO

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 109, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175866
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-684rx
content-length: 913
x-served-by: cache-chi-kigq8000075-CHI, cache-yyz4523-YYZ, cache-yyz4546-YYZ
last-modified: Wed, 18 Oct 2023 11:54:19 GMT
server: nginx
x-timer: S1721290816.459542,VS0,VE4
etag: W/"652fc76b-9af"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 31a8bc86-304e-11ef-aacb-96169af5812a
cache-control: max-age=31622400
accept-ranges: bytes
expires: Mon, 23 Jun 2025 04:16:27 GMT

GET
H2 200 fp_one_icon_12.svg
www.forcepoint.com/sites/default/files/ 1 KB
1019 B 92ms
72ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/fp_one_icon_12.svg?itok=mLSyqP7-

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 51, 109, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-69554747b9-l79x9
content-length: 725
x-served-by: cache-chi-kigq8000075-CHI, cache-yyz4531-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified: Mon, 18 Mar 2024 16:01:42 GMT
server: nginx
x-timer: S1721290817.773872,VS0,VE5
etag: W/"65f86566-5ed"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: db750a4b-f1d7-11ee-a7b0-d6145dabcebb
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:09 GMT

GET
H2 200 fp_one_icon-hover_12.svg
www.forcepoint.com/sites/default/files/ 1 KB
1 KB 87ms
68ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/fp_one_icon-hover_12.svg?itok=lvMOGlA6

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 109, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-64b977755d-kk5rj
content-length: 737
x-served-by: cache-chi-kigq8000131-CHI, cache-yyz4578-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified: Mon, 18 Mar 2024 16:01:47 GMT
server: nginx
x-timer: S1721290817.773854,VS0,VE4
etag: W/"65f8656b-5fb"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: db770500-f1d7-11ee-b87b-f2654297ce89
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:09 GMT

GET
H2 200 fp_one_icon_0.svg
www.forcepoint.com/sites/default/files/ 1 KB
1 KB 86ms
67ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/fp_one_icon_0.svg?itok=eKi29PlI

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 66, 109, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-rszwb
content-length: 725
x-served-by: cache-chi-klot8100050-CHI, cache-yyz4580-YYZ, cache-yyz4546-YYZ
last-modified: Wed, 18 Oct 2023 11:35:43 GMT
server: nginx
x-timer: S1721290817.773830,VS0,VE4
etag: W/"652fc30f-5ed"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: a9989269-3901-11ef-ba53-d260c23d87a7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Jul 2025 06:01:17 GMT

GET
H2 200 fp_one_icon-hover_0.svg
www.forcepoint.com/sites/default/files/ 1 KB
1 KB 90ms
71ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/fp_one_icon-hover_0.svg?itok=ecRnPBsZ

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 7, 109, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175868
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-69554747b9-6v4d5
content-length: 737
x-served-by: cache-chi-kigq8000145-CHI, cache-yyz4569-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified: Wed, 18 Oct 2023 11:35:50 GMT
server: nginx
x-timer: S1721290817.773809,VS0,VE5
etag: W/"652fc316-5fb"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: d8a93da4-f1d7-11ee-b900-62d8d57276c4
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:05 GMT

GET
H2 200 cyber_edu_icon.svg
www.forcepoint.com/sites/default/files/ 2 KB
1 KB 85ms
67ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/cyber_edu_icon.svg?itok=XXkKE01K

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 109, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175868
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-x24lf
content-length: 813
x-served-by: cache-chi-klot8100039-CHI, cache-yyz4552-YYZ, cache-yyz4546-YYZ
last-modified: Wed, 18 Oct 2023 12:02:27 GMT
server: nginx
x-timer: S1721290817.773795,VS0,VE4
etag: W/"652fc953-9a9"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 649a3ed4-3829-11ef-a111-0a5f4b927256
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 03 Jul 2025 04:13:10 GMT

GET
H2 200 cyber_edu_icon-hover.svg
www.forcepoint.com/sites/default/files/ 0
0 20218ms
20200ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/cyber_edu_icon-hover.svg?itok=ymKcsOZ4

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 109, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-64b977755d-5zbrs
content-length: 869
x-served-by: cache-chi-kigq8000147-CHI, cache-yyz4574-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified: Wed, 18 Oct 2023 12:02:37 GMT
server: nginx
x-timer: S1721290817.777638,VS0,VE4
etag: W/"652fc95d-b0c"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: dc5b370e-f1d7-11ee-bbb7-623f168e5bfe
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:11 GMT

GET
H2 200 turkish-ransomware-i-hero.png
www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/ 0
0 20219ms
20202ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/turkish-ransomware-i-hero.png?itok=jJ8gZgn8&timestamp=1720786293

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010251
age: 499879
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=271023 idim=1180x346 ifmt=png ofsz=235250 odim=1180x346 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-p5mqc
content-length: 235250
x-served-by: cache-chi-klot8100058-CHI, cache-yyz4536-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.778024,VS0,VE1
etag: "ARyepglzjQOVSsVALQBrVpjm+jPHwzXO+BUs0BEKM50"
vary: Accept
content-type: image/webp
x-styx-req-id: b11c702a-4052-11ef-9a42-ee9e1dde6fad
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 13 Jul 2025 13:28:57 GMT

GET
H2 200 turkish-ransomware-i-1.png
www.forcepoint.com/sites/default/files/ 17 KB
0 134ms
117ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-1.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010248
age: 503066
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=94838 idim=780x546 ifmt=png ofsz=37140 odim=780x546 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-w9nrv
content-length: 37140
x-served-by: cache-chi-klot8100176-CHI, cache-yyz4550-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.777591,VS0,VE1
etag: "uNJWYqypNdOFqJmH83PVKUgACyMkCigVg7DzHvW+e3w"
vary: Accept
content-type: image/webp
x-styx-req-id: 4544c800-404b-11ef-9aee-de70e4427182
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 13 Jul 2025 12:35:50 GMT

GET
H2 200 turkish-ransomware-i-2.png
www.forcepoint.com/sites/default/files/ 0
0 20218ms
20201ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-2.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010228
age: 503976
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=41997 idim=826x110 ifmt=png ofsz=31446 odim=826x110 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-4fsf9
content-length: 31446
x-served-by: cache-chi-kigq8000172-CHI, cache-yyz4551-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.777930,VS0,VE1
etag: "jzQ8GBMoXnuRL+FfzQxIWPtysQpwUUT2P4Sh4XwoW5E"
vary: Accept
content-type: image/webp
x-styx-req-id: 26ce45c6-4049-11ef-9bc7-0e47c8ff5b51
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 13 Jul 2025 12:20:39 GMT

GET
H2 200 turkish-ransomware-i-3.png
www.forcepoint.com/sites/default/files/ 0
0 20221ms
20204ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-3.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010247
age: 503975
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=117661 idim=678x288 ifmt=png ofsz=92758 odim=678x288 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-w9nrv
content-length: 92758
x-served-by: cache-chi-klot8100129-CHI, cache-yyz4570-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.778175,VS0,VE2
etag: "nozWbhv5GyIfBKBAWhuYwI93wz2hbpGsupWE4bsRPB4"
vary: Accept
content-type: image/webp
x-styx-req-id: 27d07c78-4049-11ef-9aee-de70e4427182
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 13 Jul 2025 12:20:41 GMT

GET
H2 200 turkish-ransomware-i-4.png
www.forcepoint.com/sites/default/files/ 59 KB
0 91ms
75ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-4.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010251
age: 503970
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=257987 idim=651x492 ifmt=png ofsz=205972 odim=651x492 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-m7qcg
content-length: 205972
x-served-by: cache-chi-kigq8000147-CHI, cache-yyz4555-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.777542,VS0,VE1
etag: "oHWJWJttw0bnLGZnFhZPzYI2EwL+ygi+OHB7hhgxPhY"
vary: Accept
content-type: image/webp
x-styx-req-id: 2a687027-4049-11ef-8cd9-222e41344d78
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 13 Jul 2025 12:20:46 GMT

GET
H2 200 turkish-ransomware-i-5.png
www.forcepoint.com/sites/default/files/ 17 KB
0 133ms
116ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-5.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010229
age: 503975
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=455605 idim=654x375 ifmt=png ofsz=246462 odim=654x375 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-p5mqc
content-length: 246462
x-served-by: cache-chi-kigq8000149-CHI, cache-yyz4578-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.777548,VS0,VE1
etag: "4Ae9OqXfzWlFdFxrwoYhxmMkd/MRxTKqY1mAK5GZXX4"
vary: Accept
content-type: image/webp
x-styx-req-id: 27b7d23b-4049-11ef-9a42-ee9e1dde6fad
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 13 Jul 2025 12:20:41 GMT

GET
H2 200 turkish-ransomware-i-6.png
www.forcepoint.com/sites/default/files/ 0
0 20222ms
20206ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-6.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010247
age: 503962
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=88301 idim=666x151 ifmt=png ofsz=70858 odim=666x151 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-z4chc
content-length: 70858
x-served-by: cache-chi-klot8100125-CHI, cache-yyz4558-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.777585,VS0,VE2
etag: "KbwlYUTXJtoVwKP//Ky7Llr4VG9+FuJ6ur+S0DozwBo"
vary: Accept
content-type: image/webp
x-styx-req-id: 2f326baa-4049-11ef-8ee1-8245d19189a9
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 13 Jul 2025 12:20:54 GMT

GET
H2 200 turkish-ransomware-i-7.png
www.forcepoint.com/sites/default/files/ 0
0 20215ms
20199ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-7.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010249
age: 503976
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=111582 idim=689x271 ifmt=png ofsz=80122 odim=689x271 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-prbvz
content-length: 80122
x-served-by: cache-chi-klot8100088-CHI, cache-yyz4537-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.777640,VS0,VE1
etag: "6FlEOaafHr98UWObrJdySNdIam4RI/JaNSHS02D7LOY"
vary: Accept
content-type: image/webp
x-styx-req-id: 271af048-4049-11ef-ad50-1edbf4b9e77b
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 13 Jul 2025 12:20:40 GMT

GET
H2 200 turkish-ransomware-i-8.png
www.forcepoint.com/sites/default/files/ 98 KB
0 90ms
74ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-8.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010229
age: 159590
http_x_geo_region: CA-ON
x-cache: HIT, HIT, HIT
fastly-io-info: ifsz=185201 idim=840x347 ifmt=png ofsz=131744 odim=840x347 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-cr9cd
content-length: 131744
x-served-by: cache-chi-klot8100100-CHI, cache-yyz4563-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.777455,VS0,VE1
etag: "oXJiF6h7vLunwwxk9Gix0+31TLHd4+ly8lkwGhHkkqY"
vary: Accept
content-type: image/webp
x-styx-req-id: e4f74395-404a-11ef-b3d9-563f282b1988
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 13 Jul 2025 12:33:08 GMT

GET
H2 200 css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 0
0 20211ms
20204ms Stylesheet
text/css 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_css/css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Sat, 05 Jul 2025 06:37:08 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175866
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-llvxv
content-length: 1421
x-served-by: cache-chi-kigq8000092-CHI, cache-yyz4553-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:59 GMT
server: nginx
x-timer: S1721290817.776689,VS0,VE4
etag: W/"65e6b647-19a6"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: d63b43a8-39cf-11ef-ab89-ee120c8775da
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 69, 82, 0

GET
H2 200 placeholder_image.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 34 B
456 B 91ms
76ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/placeholder_image.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010247
age: 540343
http_x_geo_region: CA-ON
x-cache: MISS, MISS, HIT
fastly-io-info: ifsz=1272 idim=20x20 ifmt=png ofsz=34 odim=20x20 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-l749x
content-length: 34
x-served-by: cache-chi-kigq8000157-CHI, cache-yyz4541-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.777528,VS0,VE1
etag: "1Cw1g26qcqy/qXiETpkqMbr8ayhbr57dIxJ0jC+RrrE"
vary: Accept
content-type: image/webp
x-styx-req-id: 7a974494-3ff4-11ef-93e7-0e97991a7547
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 13 Jul 2025 02:14:33 GMT

GET
H2 200 snycu-purple.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/ 15 KB
0 90ms
75ms Image
image/jpeg 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/snycu-purple.jpg?itok=9YaXm6cf&timestamp=1720181106

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010249
age: 519648
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=19160 idim=570x270 ifmt=jpeg ofsz=19160 odim=570x270 ofmt=jpeg
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-w9nrv
content-length: 19160
fastly-io-warning: Failed to shrink image
x-served-by: cache-chi-kigq8000067-CHI, cache-yyz4555-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.777473,VS0,VE1
etag: "FQjOeNVYvcbgpj64kR+6Z0Un7v/CzGkmrYHkIMHOUQ0"
vary: Accept
content-type: image/jpeg
x-styx-req-id: bc727162-3ad1-11ef-b993-de70e4427182
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 06 Jul 2025 13:23:15 GMT

GET
H2 200 remcos.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/ 26 KB
27 KB 89ms
74ms Image
image/jpeg 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/remcos.jpg?itok=GOEjP2Jd&timestamp=1719232019

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

712e59da51ddbfc83c263cc8c2b6a404d9f3ec89e830f11220db390c5a410456

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010213
age: 159590
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=26884 idim=570x270 ifmt=jpeg ofsz=26884 odim=570x270 ofmt=jpeg
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-z4chc
content-length: 26884
fastly-io-warning: Failed to shrink image
x-served-by: cache-chi-kigq8000149-CHI, cache-yyz4554-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.777343,VS0,VE1
etag: "Bj6V4XDrta5qWNJIi+Jp/8es/hc89Whhyy6eiztHJ1g"
vary: Accept
content-type: image/jpeg
x-styx-req-id: a9d41264-3235-11ef-8eb8-8245d19189a9
cache-control: max-age=31622400
accept-ranges: bytes
expires: Wed, 25 Jun 2025 14:25:53 GMT

GET
H2 200 turkish-ransomware-i-hero.png
www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/ 17 KB
0 90ms
76ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/turkish-ransomware-i-hero.png?itok=aF-78Yax

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 4, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010249
age: 504239
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=19611 idim=199x111 ifmt=png ofsz=18888 odim=199x111 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-6m95f
content-length: 18888
x-served-by: cache-chi-klot8100101-CHI, cache-yyz4540-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.777456,VS0,VE1
etag: "Fgm3d4a68L15hjo7Gl4iPYFNKA/KUbKsa3gsOoPFXtA"
vary: Accept
content-type: image/webp
x-styx-req-id: 8a69eb0e-4048-11ef-a95a-7a520cdabf04
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 13 Jul 2025 12:16:17 GMT

GET
H2 200 jquery-1.12.4.min.js Show response
code.jquery.com/ 95 KB
33 KB 132ms
27ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.12.4.min.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 1895626
x-cache: HIT, HIT
content-length: 33738
x-served-by: cache-lga21956-LGA, cache-yyz4571-YYZ
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1721290817.688898,VS0,VE0
etag: W/"28feccc0-17b8b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 26700, 9251

GET
H3 200 jquery-migrate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.4.1/ 13 KB
5 KB 117ms
39ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.4.1/jquery-migrate.min.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 502124
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4374
last-modified: Fri, 24 Feb 2023 02:37:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63f822fd-1116"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pHoZbeA1zGMmuBzvYcSEZcdmUjKoIZqnmC9b%2FdBhc84KMgdsc%2B1iL2EbtlS7uuDROIcyB9qtYIIGggRYJ2hlKnzhpq7dbGVshPpf6%2Bt1PsPqfJSryQKdENn7iV69%2FGHvfzn0fogU"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a510d3429b77117-YYZ
expires: Tue, 08 Jul 2025 08:20:16 GMT

GET
H3 200 jquery-ui.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/ 249 KB
56 KB 101ms
95ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 494459
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 56990
last-modified: Fri, 29 Jul 2022 20:40:53 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "62e445d5-de9e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49HRyyNOPPUkXwbD4EzM53s7CoWhEziO%2BGeWwkreQwMOBolLqSYuX2%2Bi3CX5yZfUR6FgWfyAlrJgFFuyjcirHw8pilaO9jZQqhc%2FG88L2GW0ZlZwq3KEYwNL8wBxLG%2BnO7zzdHbN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a510d3489d37117-YYZ
expires: Tue, 08 Jul 2025 08:20:16 GMT

GET
H3 200 jquery.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/ 1 KB
1 KB 131ms
124ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 490948
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 591
last-modified: Mon, 04 May 2020 16:11:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec1-514"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ekAdJi1p2GGebNdT7k2BXlYLLrqpZEZN4l%2FL%2BWfaradvdyaGQx17e0NbqclFVowBKLDLDIiVV7PMAGjHQo%2BuJoouX8N8hjS%2FDevjUtlKZuBNKYTe2irpEFFOLwwvgsr%2BDJHX%2B7O"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a510d3499d47117-YYZ
expires: Tue, 08 Jul 2025 08:20:16 GMT

GET
H3 200 jquery.form.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.form/4.3.0/ 17 KB
6 KB 135ms
126ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.form/4.3.0/jquery.form.min.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3013556
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5719
last-modified: Sun, 07 Jun 2020 05:05:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5edc7595-42c6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=st9TtWPSnXv2%2BEHPVTmcwJFT2DaQXy3oXbXiw7eNT7bTSLDcknMFRImIm8XurteWBkUeTiapXRoIJvmyCsY2vDU51vJfykfY0x3JjyB%2BzxY4S8cNZIF2EKgYga2RYMpkNhTCr9ah"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a510d3499d57117-YYZ
expires: Tue, 08 Jul 2025 08:20:16 GMT

GET utag.sync.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/ 0
0

GET
H3 200 v2.js
js.hsforms.net/forms/ 150 KB
0 141ms
37ms Script
application/javascript 104.18.142.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.142.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forcepoint.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
age: 17
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=8a510cc80dfcab94-YYZ
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5387/bundles/project-v2.js
date: Thu, 18 Jul 2024 08:20:16 GMT
x-amz-version-id: mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: cae11f95-8ae3-410d-878b-4e4b9b11593a
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: cae11f95-8ae3-410d-878b-4e4b9b11593a
last-modified: Thu, 06 Jun 2024 13:36:59 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O46xEMZ0ONIAm%2F2lTRB1xxxEscOB0m5ox14KMfa3jZ7eI3MLXCfX7f0K0%2Bmimulr4Lwaqp7TtCSEcHxNlP2P8ruMMkuteQLujhoFPTfxtx1Q%2Fh4Y3dmVYpChoMJBb5lE"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-5s6qd
cf-ray: 8a510d352fb439de-YYZ
x-amz-cf-id: jDh7PNvc4XcjQmgmLlOZ3QUvyewh5Jn_JK6fM5odLyTXJ3LIIYR8_w==

GET
H2 200 js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20221ms
20207ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Sat, 17 May 2025 05:22:12 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-8688d6cf87-vrdl9
content-length: 4874
x-served-by: cache-chi-kigq8000024-CHI, cache-yyz4530-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:59 GMT
server: nginx
x-timer: S1721290817.777341,VS0,VE4
etag: W/"65e6b647-2a50"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 402786fd-1344-11ef-8bd4-c263bcbaff8d
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 72, 80, 0

GET
H2 200 js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20206ms
20192ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 61, 105, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-69554747b9-fddpv
content-length: 4854
x-served-by: cache-chi-kigq8000072-CHI, cache-yyz4530-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified: Tue, 05 Mar 2024 06:05:49 GMT
server: nginx
x-timer: S1721290817.777366,VS0,VE4
etag: W/"65e6b63d-343a"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: d721c50f-f1d7-11ee-a6cf-faab7e7aaaa3
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:02 GMT

GET
H2 200 js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20212ms
20198ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Tue, 08 Jul 2025 18:20:17 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-cr9cd
content-length: 294
x-served-by: cache-chi-klot8100132-CHI, cache-yyz4578-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:06:00 GMT
server: nginx
x-timer: S1721290817.777487,VS0,VE4
etag: W/"65e6b648-223"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 8fe47ab2-3c8d-11ef-a4c5-563f282b1988
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 80, 0

GET
H2 200 js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20209ms
20196ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Sat, 05 Jul 2025 23:44:02 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175858
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-p5mqc
content-length: 7981
x-served-by: cache-chi-kigq8000113-CHI, cache-yyz4582-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:55 GMT
server: nginx
x-timer: S1721290817.777278,VS0,VE4
etag: W/"65e6b643-6d75"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 4af7c218-3a5f-11ef-94c8-ee9e1dde6fad
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 69, 69, 0

GET
H2 200 js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20216ms
20203ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Mon, 14 Jul 2025 09:05:55 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-67db8dc7b8-dbrtw
content-length: 7765
x-served-by: cache-chi-kigq8000098-CHI, cache-yyz4540-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:06:01 GMT
server: nginx
x-timer: S1721290817.777254,VS0,VE4
etag: W/"65e6b649-59a3"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 1cfe1108-40f7-11ef-b3ae-fa7bcf007e87
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 48, 79, 0

GET
H2 200 js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20211ms
20199ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 100, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-64b977755d-ph6zp
content-length: 381
x-served-by: cache-chi-klot8100120-CHI, cache-yyz4571-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified: Tue, 05 Mar 2024 06:05:56 GMT
server: nginx
x-timer: S1721290817.777716,VS0,VE4
etag: W/"65e6b644-2da"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: dd343a59-f1d7-11ee-89af-8edf77054182
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:12 GMT

GET
H2 200 js__udVKtMVyYcbvVHDJ0nPML4nntXexNWL2oMqAdYSCgWM__DGF7DhDt4X72RMZfC0gLtM1DzR4cKNX-xUUTDHAODaQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20201ms
20189ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__udVKtMVyYcbvVHDJ0nPML4nntXexNWL2oMqAdYSCgWM__DGF7DhDt4X72RMZfC0gLtM1DzR4cKNX-xUUTDHAODaQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Fri, 20 Jun 2025 16:17:46 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-6d4d877cc6-pgkh8
content-length: 10066
x-served-by: cache-chi-klot8100144-CHI, cache-yyz4545-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 16 Apr 2024 13:54:18 GMT
server: nginx
x-timer: S1721290817.777425,VS0,VE4
etag: W/"661e830a-6bc3"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 76e391db-2e57-11ef-adce-563e7797e590
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 79, 0

GET
H2 200 js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20199ms
20187ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 99, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-64b977755d-ph6zp
content-length: 306
x-served-by: cache-chi-klot8100117-CHI, cache-yyz4577-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified: Tue, 05 Mar 2024 06:05:57 GMT
server: nginx
x-timer: S1721290817.777122,VS0,VE4
etag: W/"65e6b645-2c6"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: dd2ddb29-f1d7-11ee-89af-8edf77054182
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:12 GMT

GET
H2 200 js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20214ms
20203ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Tue, 15 Jul 2025 05:16:16 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-778cbf697c-jgk2s
content-length: 428
x-served-by: cache-chi-klot8100128-CHI, cache-yyz4582-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:06:02 GMT
server: nginx
x-timer: S1721290817.777142,VS0,VE4
etag: W/"65e6b64a-31e"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 32226950-41a0-11ef-b5d5-c281824f74e2
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 48, 80, 0

GET
H2 200 js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20209ms
20198ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Mon, 12 May 2025 21:23:44 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-548957645b-ggnrv
content-length: 452
x-served-by: cache-chi-klot8100097-CHI, cache-yyz4523-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:06:03 GMT
server: nginx
x-timer: S1721290817.777200,VS0,VE5
etag: W/"65e6b64b-3d5"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: becdc4fc-0fdc-11ef-94bd-42e5d22ea1b9
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 80, 0

GET
H2 200 js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20199ms
20189ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Sun, 25 May 2025 07:15:48 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-6b7857bbbb-dfbjw
content-length: 1539
x-served-by: cache-chi-klot8100066-CHI, cache-yyz4538-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 19 Mar 2024 19:19:24 GMT
server: nginx
x-timer: S1721290817.777043,VS0,VE4
etag: W/"65f9e53c-d5a"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 721db0cf-199d-11ef-a9e0-26ad238f469f
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 75, 105, 0

GET
H2 200 js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20214ms
20204ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 9, 80, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-69554747b9-h68w5
content-length: 14177
x-served-by: cache-chi-klot8100139-CHI, cache-yyz4578-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified: Tue, 05 Mar 2024 06:06:03 GMT
server: nginx
x-timer: S1721290817.777025,VS0,VE4
etag: W/"65e6b64b-81b7"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: e592268a-f1d7-11ee-9fa0-220fea7644ee
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:26 GMT

GET
H2 200 js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__awDE3dco34o6B5V5PT-wcPX9t75VGt6sjYxNLg-Ibew__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20199ms
20189ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__awDE3dco34o6B5V5PT-wcPX9t75VGt6sjYxNLg-Ibew__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Sun, 15 Jun 2025 02:01:15 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-6784b9fdcf-2rm2q
content-length: 2104
x-served-by: cache-chi-klot8100167-CHI, cache-yyz4529-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 16 Apr 2024 13:54:19 GMT
server: nginx
x-timer: S1721290817.776994,VS0,VE4
etag: W/"661e830b-183e"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: fb6795cf-29f1-11ef-95dc-aec8cd48c366
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 105, 0

GET
H2 200 js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20212ms
20202ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Wed, 21 May 2025 14:41:43 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175840
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-7d5d4db597-t449s
content-length: 1194
x-served-by: cache-chi-kigq8000035-CHI, cache-yyz4536-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:06:26 GMT
server: nginx
x-timer: S1721290817.776972,VS0,VE4
etag: W/"65e6b662-f33"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 13b2b807-16b7-11ef-ab5f-328758f3d7f2
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 9, 0

GET
H2 200 js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20212ms
20202ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.forcepoint.com/sites/default/files/advagg_js/js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 37, 25, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-pantheon-styx-hostname: styx-fe1-b-69554747b9-srsz5
age: 175841
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
content-length: 1541
x-served-by: cache-chi-klot8100156-CHI, cache-yyz4546-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified: Tue, 05 Mar 2024 06:06:04 GMT
server: nginx
x-timer: S1721290817.776936,VS0,VE4
etag: W/"65e6b64c-f24"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: e594d3d7-f1d7-11ee-83a9-32c190c1efda
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:26 GMT

GET
H2 200 js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20207ms
20197ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 33, 24, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175841
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-64b977755d-p72wq
content-length: 1260
x-served-by: cache-chi-kigq8000118-CHI, cache-yyz4530-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified: Tue, 05 Mar 2024 06:06:05 GMT
server: nginx
x-timer: S1721290817.776915,VS0,VE4
etag: W/"65e6b64d-ebd"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: ea32fd72-f1d7-11ee-b1db-162c3c5c54d7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:34 GMT

GET
H2 200 js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20212ms
20202ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Sat, 21 Jun 2025 22:59:42 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175868
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-56d7969b4f-kpvrp
content-length: 1853
x-served-by: cache-chi-klot8100113-CHI, cache-yyz4573-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:50 GMT
server: nginx
x-timer: S1721290817.776901,VS0,VE4
etag: W/"65e6b63e-1377"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: c7e56e84-2f58-11ef-a52a-56441efc25bf
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 103, 0

GET
H2 200 js__Z8_z4Ixa-D0iNdI4Vha8piNlJPIvuqBB03fpnqgg0ZU__7hSyf_bmxpB7an3khq1utmSHnVzI32jc5ywGqSrYb0g__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20213ms
20204ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__Z8_z4Ixa-D0iNdI4Vha8piNlJPIvuqBB03fpnqgg0ZU__7hSyf_bmxpB7an3khq1utmSHnVzI32jc5ywGqSrYb0g__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 18, 34, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175841
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-69554747b9-fddpv
content-length: 1088
x-served-by: cache-chi-kigq8000061-CHI, cache-yyz4561-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified: Tue, 05 Mar 2024 06:06:18 GMT
server: nginx
x-timer: S1721290817.776883,VS0,VE4
etag: W/"65e6b65a-bee"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: f017d2d1-f1d7-11ee-a6cf-faab7e7aaaa3
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:44 GMT

GET
H2 200 js__3PyHVp_4SRq6pNQOBF08IE7KMR78aq2RPCDHv-23ni8__7F-DhWAuWWcJXOiKyc1JsZkkESiDxwbjA5pvRgf1qdA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20197ms
20188ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__3PyHVp_4SRq6pNQOBF08IE7KMR78aq2RPCDHv-23ni8__7F-DhWAuWWcJXOiKyc1JsZkkESiDxwbjA5pvRgf1qdA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Sat, 21 Jun 2025 02:28:28 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175841
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-6d4d877cc6-bqcts
content-length: 1351
x-served-by: cache-chi-kigq8000056-CHI, cache-yyz4562-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 16 Apr 2024 13:54:19 GMT
server: nginx
x-timer: S1721290817.776858,VS0,VE4
etag: W/"661e830b-d77"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: c76b22be-2eac-11ef-bab3-626bd5dccaba
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 34, 0

GET
H2 200 js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20215ms
20207ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Sun, 29 Jun 2025 22:03:52 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175868
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-ct69k
content-length: 762
x-served-by: cache-chi-kigq8000175-CHI, cache-yyz4580-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:59 GMT
server: nginx
x-timer: S1721290817.776829,VS0,VE4
etag: W/"65e6b647-76d"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 4e5db06a-359a-11ef-a5ff-065f8a95e18c
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 99, 0

GET
H2 200 js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__YDKn5kOzd1mgJhYu7UkUXBFTO-WC5n-FhasqlgTZXKY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20209ms
20201ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__YDKn5kOzd1mgJhYu7UkUXBFTO-WC5n-FhasqlgTZXKY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Tue, 10 Jun 2025 05:52:35 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175840
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-59b5bdfd9-jkpwr
content-length: 3791
x-served-by: cache-chi-kigq8000049-CHI, cache-yyz4537-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 16 Apr 2024 13:54:33 GMT
server: nginx
x-timer: S1721290817.776788,VS0,VE4
etag: W/"661e8319-262c"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 78cf0433-2624-11ef-9069-0ee4d9524d06
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 58, 61, 0

GET
H2 200 js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20205ms
20197ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Wed, 14 May 2025 18:10:45 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-668bdc8fc7-dbxfj
content-length: 566
x-served-by: cache-chi-kigq8000115-CHI, cache-yyz4536-YYZ, cache-yyz4546-YYZ
last-modified: Tue, 05 Mar 2024 06:05:51 GMT
server: nginx
x-timer: S1721290817.776775,VS0,VE4
etag: W/"65e6b63f-3f9"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 1e571dcb-1154-11ef-8cb9-329c1be5de60
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 43, 103, 0

GET
H2 200 js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20209ms
20201ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 24, 100, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-69554747b9-h68w5
content-length: 629
x-served-by: cache-chi-kigq8000137-CHI, cache-yyz4521-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified: Tue, 05 Mar 2024 06:06:01 GMT
server: nginx
x-timer: S1721290817.776752,VS0,VE4
etag: W/"65e6b649-61e"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: ddd9505b-f1d7-11ee-9fa0-220fea7644ee
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:13 GMT

GET
H2 200 js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__AT6c7sCefn259J383Kk5L3xgymjOI5hghQofGOoaazQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20203ms
20196ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__AT6c7sCefn259J383Kk5L3xgymjOI5hghQofGOoaazQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Fri, 27 Jun 2025 13:26:32 GMT
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175868
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-5d587d78fd-ct69k
content-length: 6820
x-served-by: cache-chi-klot8100110-CHI, cache-yyz4555-YYZ, cache-yyz4546-YYZ
last-modified: Wed, 26 Jun 2024 13:26:03 GMT
server: nginx
x-timer: S1721290817.776737,VS0,VE5
etag: W/"667c16eb-55f3"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: b45e7b01-33bf-11ef-a5ff-065f8a95e18c
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 65, 34, 0

GET
H2 200 js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__bunscNd0XY0JtFyEPHN8vrG4QmOdFsldeaRN0v3VA9M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 0
0 20204ms
20197ms Script
application/x-javascript 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/advagg_js/js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__bunscNd0XY0JtFyEPHN8vrG4QmOdFsldeaRN0v3VA9M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 9, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175840
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-64b977755d-p72wq
content-length: 26917
x-served-by: cache-chi-klot8100116-CHI, cache-yyz4520-YYZ, cache-yyz4546-YYZ
backend-ip-port: 6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified: Mon, 18 Mar 2024 14:45:01 GMT
server: nginx
x-timer: S1721290817.776715,VS0,VE4
etag: W/"65f8536d-13c91"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: e5945f6d-f1d7-11ee-b1db-162c3c5c54d7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Fri, 04 Apr 2025 16:33:26 GMT

GET

getuid
secure.adnxs.com/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID

0
0

GET utag.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/ 0
0

GET
DATA 200
OK truncated
/ 166 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 450 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 141 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 187 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 660 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 372 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 372 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 248 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 chevron-right-xxs.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/ 0
0 20156ms
20129ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/chevron-right-xxs.svg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 61, 96, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175866
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-778cbf697c-x5pqn
content-length: 174
x-served-by: cache-chi-kigq8000176-CHI, cache-yyz4576-YYZ, cache-yyz4546-YYZ
last-modified: Mon, 15 Jul 2024 20:36:00 GMT
server: nginx
x-timer: S1721290817.810777,VS0,VE68
etag: W/"66958830-d5"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 17e28133-4345-11ef-9849-f21714ecd673
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 17 Jul 2025 07:29:10 GMT

GET
DATA 200
OK truncated
/ 636 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 636 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 636 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 banner-woman.jpg
www.forcepoint.com/sites/default/files/ 0
0 20153ms
20130ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/banner-woman.jpg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010217
age: 2000306
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=139269 idim=591x426 ifmt=jpeg ofsz=12712 odim=591x426 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-b-68b4468bdf-vk6xs
content-length: 12712
x-served-by: cache-chi-klot8100073-CHI, cache-yyz4552-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.810754,VS0,VE1
etag: "N0lQYBtHe5ciagpRVpui8m2mvIrccgSXz/6JZdtfgoA"
vary: Accept
content-type: image/webp
x-styx-req-id: 5b7775bc-2d85-11ef-a28f-ae88a7f263ba
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 19 Jun 2025 15:13:46 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 750 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H2 200 ajax-loader.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 0
0 20127ms
20115ms Image
image/gif 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ajax-loader.gif

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010249
age: 2323513
http_x_geo_region: CA-ON
x-cache: HIT, MISS, HIT
fastly-io-info: ifsz=404 idim=43x11 ifmt=gif ofsz=365 odim=43x11 ofmt=gif ofrm=4
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-w9nrv
content-length: 365
x-served-by: cache-chi-klot8100112-CHI, cache-yyz4572-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.831742,VS0,VE1
etag: "c9vdSz1SobFgJvEEIebuVOe3obQGnXd87HeEFJfv0io"
vary: Accept
content-type: image/gif
x-styx-req-id: b72050a5-2fbc-11ef-b993-de70e4427182
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sun, 22 Jun 2025 10:55:04 GMT

GET
H2 200 bg-blog-podcast-final-plea.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/ 0
0 20127ms
20115ms Image
image/webp 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/bg-blog-podcast-final-plea.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 18 Jul 2024 08:20:16 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
fastly-io-served-by: vpop-kiad7010212
age: 764796
http_x_geo_region: CA-ON
x-cache: MISS, MISS, HIT
fastly-io-info: ifsz=236236 idim=580x458 ifmt=png ofsz=139710 odim=580x458 ofmt=webp
http_x_geo_continent: NA
fastly-stats: io=1
x-pantheon-styx-hostname: styx-fe1-a-5d77cc44f5-x24lf
content-length: 139710
x-served-by: cache-chi-kigq8000133-CHI, cache-yyz4570-YYZ, cache-yyz4546-YYZ
server: nginx
x-timer: S1721290817.832157,VS0,VE1
etag: "J4HM7COV6lmZQG/n7TaO0MtxZmafgyzKI2fNbOojs8E"
vary: Accept
content-type: image/webp
x-styx-req-id: e26a7a56-3de9-11ef-a111-0a5f4b927256
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 10 Jul 2025 11:53:40 GMT

GET
H2 200 f-white.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 0
0 20127ms
20116ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/f-white.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 50, 107, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-a-67db8dc7b8-d8mdp
content-length: 187
x-served-by: cache-chi-klot8100146-CHI, cache-yyz4569-YYZ, cache-yyz4546-YYZ
last-modified: Mon, 15 Jul 2024 20:36:00 GMT
server: nginx
x-timer: S1721290817.832135,VS0,VE4
etag: W/"66958830-101"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 17e26d46-4345-11ef-879d-66813a86faf3
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 17 Jul 2025 07:29:10 GMT

GET
DATA 200
OK truncated
/ 442 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 icon-anchor-arrow-teal.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/ 0
0 20127ms
20116ms Image
image/svg+xml 151.101.66.228
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/icon-anchor-arrow-teal.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.228 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 68, 104, 0
date: Thu, 18 Jul 2024 08:20:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 175867
http_x_geo_region: CA-ON
x-cache: HIT, HIT, MISS
http_x_geo_continent: NA
x-pantheon-styx-hostname: styx-fe1-b-778cbf697c-8gq4f
content-length: 400
x-served-by: cache-chi-kigq8000077-CHI, cache-yyz4544-YYZ, cache-yyz4546-YYZ
last-modified: Mon, 15 Jul 2024 20:36:00 GMT
server: nginx
x-timer: S1721290817.832109,VS0,VE4
etag: W/"66958830-28f"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 17e25f95-4345-11ef-92c5-1af899943841
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 17 Jul 2025 07:29:10 GMT

GET
DATA 200
OK truncated
/ 383 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 558 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 356 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 431 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 688 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID

Domain: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.hsforms.net/	1970-01-20 22:08:12	Name: __cf_bm Value: XLzjnTPaZbUoFdgpYGV4O91A.4GT4Ft123GWaP0WTiI-1721290816-1.0.1.1-3rTjaMXfakpfbdMqbozyOvhCi_QXR7G0S4bGF2WbzfaJ0nCDkS0P8WifBcGx8fzqJeoP9yLpP7qBU_1ju0caPA

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .fonts.net .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com .ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com .nr-data.net .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com .theadex.com .aumago.com .driftqa.com .scribblecdn.net .esg-global.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .clickagy.com .nimblestory.com .usemessages.com .stackadapt.com .googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net .w55c.net .demandbase.com .company-target.com .gstatic.com .tiqcdn.com .marketo.net .newrelic.com .facebook.net .ads-twitter.com .burly.io .bizographics.com .nr-data.net .licdn.com .tt.omtrdc.net .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com .ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com app.vwo.com .ubembed.com .driftt.com .vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com .adobe.com .consensu.org .bizible.com .theadex.com .aumago.com .zoominfo.com .clickagy.com .redditstatic.com .quantcount.com .g2crowd.com .steelhousemedia.com .scribblecdn.net .esg-global.com .6sc.co .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .jquery.com .google.com .hscollectedforms.net .jsdelivr.net .stackadapt.com .googlesyndication.com .simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com .ceros.com; img-src * data: ; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' .cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net .w55c.net .demandbase.com .company-target.com .gstatic.com .tiqcdn.com .marketo.net .newrelic.com .facebook.net .ads-twitter.com .burly.io .bizographics.com .nr-data.net .licdn.com .tt.omtrdc.net .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com .ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com app.vwo.com .ubembed.com .driftt.com .vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com .adobe.com .consensu.org .bizible.com .theadex.com .aumago.com .zoominfo.com .clickagy.com .redditstatic.com .quantcount.com .g2crowd.com .steelhousemedia.com .scribblecdn.net .esg-global.com .6sc.co .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com .hubapi.com .hsforms.net .hsforms.com geolocation-db.com .drift.com .jquery.com .google.com .hscollectedforms.net .jsdelivr.net .stackadapt.com .googlesyndication.com .simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com .ceros.com .hubspot.com .hubspot.net .demdex.net .libsyn.com .youtube.com; font-src 'self' .google.com .googleadservices.com; connect-src 'self' .vwo.com .demdex.net .omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net .theadex.com .aumago.com .google-analytics.com .6sc.co .adnxs.com .vidyard.com .6sense.com .hs-scripts.com .hs-analytics.net .hsadspixel.net .hs-banner.com api.hubapi.com .hsforms.net .hsforms.com .s3.amazonaws.com .drift.com .clickagy.com .facebook.com .zoominfo.com geolocation-db.com dn.linkedin.oribi.io .hubspot.com .hscollectedforms.net .stackadapt.com .google.com .googletagmanager.com .googleadservices.com google.com .googlesyndication.com .linkedin.com .redditstatic.com .reddit.com .g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
code.jquery.com
js.hsforms.net
secure.adnxs.com
tags.tiqcdn.com
www.forcepoint.com
secure.adnxs.com
tags.tiqcdn.com
104.17.25.14
104.18.142.119
151.101.66.137
151.101.66.228
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae
10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4
3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3
4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a
4d58ffb4437135b1a4f7b8cbf01321ea85fe244416aed493ea942462f3d58c86
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70
521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886
5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868
69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d
712e59da51ddbfc83c263cc8c2b6a404d9f3ec89e830f11220db390c5a410456
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a
8117b5d7ba159bfb0cf341d96a566b4b06c466a0038eca2273a8533b1536e019
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
91997f03543fdd296c85e60feede1e3df0e950aca03698583ff2870869a2dc0b
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
947a399a9eae30ed4894ebb83e38765f7a2b54082ea44668794f1b4780d31f61
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9
b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b
b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b
bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf
c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f
e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad
e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5
f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1
fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0

www.forcepoint.com Open in urlscan Pro 151.101.66.228 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

107 Requests

97 %HTTPS

0 %IPv6

6 Domains

6 Subdomains

5 IPs

2 Countries

784 kBTransfer

3633 kBSize

1 Cookies

8 Outgoing links

Redirected requests

107 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 20 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.forcepoint.com Open in urlscan Pro
151.101.66.228 Public Scan

Screenshot
Live screenshot

Full Image

107
Requests

97 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

784 kB
Transfer

3633 kB
Size

1
Cookies

107 HTTP transactions
20 data transactions