URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Submission: On July 18 via api from DE — Scanned from DE

Summary

This website contacted 13 IPs in 4 countries across 13 domains to perform 121 HTTP transactions. The main IP is 151.101.194.228, located in San Francisco, United States and belongs to FASTLY, US. The main domain is www.forcepoint.com. The Cisco Umbrella rank of the primary domain is 535186.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on November 22nd 2023. Valid for: a year.
This is the only time www.forcepoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
100 151.101.194.228 54113 (FASTLY)
1 151.101.2.137 54113 (FASTLY)
4 104.17.24.14 13335 (CLOUDFLAR...)
3 13.33.187.116 16509 (AMAZON-02)
1 104.18.141.119 13335 (CLOUDFLAR...)
1 1 68.67.153.60 29990 (ASN-APPNEX)
2 2 37.252.171.52 29990 (ASN-APPNEX)
1 65.9.66.5 16509 (AMAZON-02)
5 104.18.80.204 13335 (CLOUDFLAR...)
1 159.89.102.253 14061 (DIGITALOC...)
1 162.247.243.39 54113 (FASTLY)
1 169.150.247.39 60068 (CDN77 _)
1 162.247.241.14 23467 (NEWRELIC-...)
1 190.2.151.160 49981 (WORLDSTREAM)
121 13
Apex Domain
Subdomains
Transfer
100 forcepoint.com
www.forcepoint.com — Cisco Umbrella Rank: 535186
2 MB
5 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 9382
forms-na1.hsforms.com — Cisco Umbrella Rank: 15115
17 KB
4 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336
68 KB
3 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1751
117 KB
2 simpleanalyticscdn.com
scripts.simpleanalyticscdn.com — Cisco Umbrella Rank: 119088
queue.simpleanalyticscdn.com — Cisco Umbrella Rank: 86702
5 KB
2 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 764
2 KB
1 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 441
711 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 1453
16 KB
1 geolocation-db.com
geolocation-db.com — Cisco Umbrella Rank: 34979 Failed
277 B
1 ml-api.io
attr.ml-api.io — Cisco Umbrella Rank: 48041
281 B
1 ml-attr.com
s.ml-attr.com — Cisco Umbrella Rank: 42102
283 B
1 hsforms.net
js.hsforms.net — Cisco Umbrella Rank: 14516
156 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
33 KB
121 13
Domain Requested by
100 www.forcepoint.com www.forcepoint.com
4 cdnjs.cloudflare.com www.forcepoint.com
3 forms-na1.hsforms.com www.forcepoint.com
js.hsforms.net
3 tags.tiqcdn.com www.forcepoint.com
tags.tiqcdn.com
2 forms.hsforms.com js.hsforms.net
2 secure.adnxs.com 2 redirects
1 queue.simpleanalyticscdn.com
1 bam.nr-data.net js-agent.newrelic.com
1 scripts.simpleanalyticscdn.com www.forcepoint.com
1 js-agent.newrelic.com www.forcepoint.com
1 geolocation-db.com code.jquery.com
1 attr.ml-api.io www.forcepoint.com
1 s.ml-attr.com 1 redirects
1 js.hsforms.net www.forcepoint.com
1 code.jquery.com www.forcepoint.com
121 15
Subject Issuer Validity Valid
forcepoint.com
Sectigo RSA Organization Validation Secure Server CA
2023-11-22 -
2024-11-21
a year crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA
2024-06-25 -
2025-06-25
a year crt.sh
cdnjs.cloudflare.com
E1
2024-06-02 -
2024-08-31
3 months crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02
2024-03-19 -
2025-04-17
a year crt.sh
hsforms.net
WE1
2024-06-13 -
2024-09-11
3 months crt.sh
hsforms.com
WE1
2024-06-14 -
2024-09-12
3 months crt.sh
geolocation-db.com
R11
2024-06-10 -
2024-09-08
3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2024 Q1
2024-03-21 -
2025-04-22
a year crt.sh
scripts.simpleanalyticscdn.com
R10
2024-07-03 -
2024-10-01
3 months crt.sh
*.nr-data.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-29 -
2024-10-01
a year crt.sh
queue.simpleanalyticscdn.com
R10
2024-06-07 -
2024-09-05
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Frame ID: 7F66CA725F79E6ECB1F7A71EF0204597
Requests: 142 HTTP requests in this frame

Screenshot

Page Title

ShadowRoot Ransomware Targeting Turkish Businesses

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Page Statistics

121
Requests

98 %
HTTPS

0 %
IPv6

13
Domains

15
Subdomains

13
IPs

4
Countries

2591 kB
Transfer

6027 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 97
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID HTTP 302
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=3311319404537773245

121 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request shadowroot-ransomware-targeting-turkish-businesses
www.forcepoint.com/blog/x-labs/
126 KB
44 KB
Document
General
Full URL
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
483feab2b57e186b9b87d17c0441d26fd342526af75d64c8985a85734b879eb3
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com; img-src * data: *; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com *.hubspot.com *.hubspot.net *.demdex.net *.libsyn.com *.youtube.com; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
506
cache-control
public, max-age=3600
content-encoding
gzip
content-language
en
content-length
38017
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com; img-src * data: *; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com *.hubspot.com *.hubspot.net *.demdex.net *.libsyn.com *.youtube.com; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
content-type
text/html; charset=utf-8
date
Thu, 18 Jul 2024 08:18:45 GMT
etag
W/"1721290218-0"
expires
Sun, 19 Nov 1978 05:00:00 GMT
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent
EU
http_x_geo_region
DE-BY
last-modified
Thu, 18 Jul 2024 08:10:18 GMT
link
</sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</misc/throbber-inactive.png>; rel=preload; as=image; type="image/png"; nopush,</misc/throbber-active.gif>; rel=preload; as=image; type="image/gif"; nopush,</misc/grippie.png>; rel=preload; as=image; type="image/png"; nopush,</misc/draggable.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree-bottom.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-ok.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-warning.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-error.png>; rel=preload; as=image; type="image/png"; nopush,</misc/help.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-expanded.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-collapsed.png>; rel=preload; as=image; type="image/png"; nopush,</misc/progress.gif>; rel=preload; as=image; type="image/gif"; nopush,</sites/all/libraries/chosen/chosen-sprite.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/libraries/chosen/chosen-sprite@2x.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png>; rel=preload; as=image; type="image/png"; nopush
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=18410000; includeSubDomains; preload
vary
Accept-Encoding, x-geo-country, Cookie, Cookie
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, HIT, MISS
x-cache-hits
0, 15, 0
x-content-type-options
nosniff
x-drupal-cache
MISS
x-frame-options
SAMEORIGIN
x-generator
Drupal 7 (http://drupal.org)
x-pantheon-styx-hostname
styx-fe1-a-67db8dc7b8-gk745
x-served-by
cache-chi-kigq8000156-CHI, cache-fra-eddf8230087-FRA, cache-fra-eddf8230151-FRA
x-styx-req-id
2ba30fa4-44dd-11ef-baca-4e257a6666f1
x-timer
S1721290725.296228,VS0,VE5
x-ua-compatible
IE=Edge,chrome=1
x-xss-protection
1
Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized//
18 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin
https://www.forcepoint.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Thu, 17 Jul 2025 07:29:08 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-67db8dc7b8-zjqjf
content-length
18868
x-served-by
cache-chi-kigq8000062-CHI, cache-fra-etou8220029-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:36:00 GMT
server
nginx
x-timer
S1721290725.343597,VS0,VE6
etag
"66958830-49b4"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
16ff3869-4345-11ef-a32f-9265e67163a1
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
11, 3888, 0
Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin
https://www.forcepoint.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Thu, 17 Jul 2025 07:29:08 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-67db8dc7b8-zjqjf
content-length
18868
x-served-by
cache-chi-kigq8000080-CHI, cache-fra-etou8220023-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:35:59 GMT
server
nginx
x-timer
S1721290725.344616,VS0,VE5
etag
"6695882f-49b4"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
16ff3adc-4345-11ef-a32f-9265e67163a1
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
12, 4687, 0
Hoves_Medium.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin
https://www.forcepoint.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Thu, 17 Jul 2025 07:29:08 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-778cbf697c-nf2vw
content-length
18688
x-served-by
cache-chi-klot8100097-CHI, cache-fra-etou8220123-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:35:59 GMT
server
nginx
x-timer
S1721290725.344610,VS0,VE4
etag
"6695882f-4900"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
16fead65-4345-11ef-b54a-f60fc8a2deb7
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
12, 982, 0
Hoves_Regular.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin
https://www.forcepoint.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Thu, 17 Jul 2025 07:29:08 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-778cbf697c-jgk2s
content-length
18436
x-served-by
cache-chi-klot8100104-CHI, cache-fra-eddf8230093-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:36:00 GMT
server
nginx
x-timer
S1721290725.344539,VS0,VE5
etag
"66958830-4804"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
16ff6e58-4345-11ef-8edb-c281824f74e2
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
12, 5121, 0
Hoves_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
19 KB
20 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin
https://www.forcepoint.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Thu, 17 Jul 2025 07:29:08 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-67db8dc7b8-7qhbq
content-length
19656
x-served-by
cache-chi-klot8100074-CHI, cache-fra-etou8220119-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:35:59 GMT
server
nginx
x-timer
S1721290725.344524,VS0,VE4
etag
"6695882f-4cc8"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
16fecca0-4345-11ef-a73a-5adf03037691
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
12, 3040, 0
Hoves_Light.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin
https://www.forcepoint.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Thu, 17 Jul 2025 07:29:08 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-778cbf697c-x5pqn
content-length
18600
x-served-by
cache-chi-kigq8000086-CHI, cache-fra-etou8220108-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:35:59 GMT
server
nginx
x-timer
S1721290725.344508,VS0,VE5
etag
"6695882f-48a8"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
16ffed9d-4345-11ef-9849-f21714ecd673
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
12, 5129, 0
Hoves_Light_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
19 KB
19 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin
https://www.forcepoint.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Thu, 17 Jul 2025 07:29:08 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-67db8dc7b8-ghkb8
content-length
19360
x-served-by
cache-chi-klot8100179-CHI, cache-fra-eddf8230097-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:35:59 GMT
server
nginx
x-timer
S1721290725.344500,VS0,VE5
etag
"6695882f-4ba0"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
16ff45c9-4345-11ef-a39f-4ace80ec767d
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
12, 5112, 0
Hoves_ExtraLight.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/
18 KB
18 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Origin
https://www.forcepoint.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Thu, 17 Jul 2025 07:29:08 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-778cbf697c-czhxs
content-length
17944
x-served-by
cache-chi-kigq8000066-CHI, cache-fra-eddf8230083-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:35:59 GMT
server
nginx
x-timer
S1721290725.344801,VS0,VE5
etag
"6695882f-4618"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
16ff4e24-4345-11ef-84ac-ba0dcdbb94b4
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
12, 4572, 0
throbber-inactive.png
www.forcepoint.com/misc/
140 B
475 B
Image
General
Full URL
https://www.forcepoint.com/misc/throbber-inactive.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img04-europe-west2
age
1320881
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=320 idim=15x13 ifmt=png ofsz=140 odim=15x13 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-stjgw
content-length
140
x-served-by
cache-chi-kigq8000107-CHI, cache-ams21025-AMS, cache-ams12782-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.467950,VS0,VE2
etag
"CYYfXWQxa+SPObSsE32Xk7Do+LMPmm8BZYCZJK1ZEUA"
vary
Accept
content-type
image/webp
x-styx-req-id
d2013ab4-0758-11ef-98b3-564b3e61d328
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:19:13 GMT
throbber-active.gif
www.forcepoint.com/misc/
1 KB
2 KB
Image
General
Full URL
https://www.forcepoint.com/misc/throbber-active.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4d58ffb4437135b1a4f7b8cbf01321ea85fe244416aed493ea942462f3d58c86
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img03-europe-west2
age
2611179
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=1233 idim=15x13 ifmt=gif ofsz=1233 odim=15x13 ofmt=gif ofrm=12
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-stjgw
content-length
1233
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-klot8100061-CHI, cache-ams21051-AMS, cache-ams12734-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.470590,VS0,VE3
etag
"cciM0uPCYoc09vCSqOmHV4nMniFUM15FCTn0mYxlwCQ"
vary
Accept
content-type
image/gif
x-styx-req-id
eecd9c97-074f-11ef-98b3-564b3e61d328
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 00:15:36 GMT
grippie.png
www.forcepoint.com/misc/
56 B
503 B
Image
General
Full URL
https://www.forcepoint.com/misc/grippie.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img05-europe-west2
age
2034061
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=106 idim=27x5 ifmt=png ofsz=56 odim=27x5 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-qk47f
content-length
56
x-served-by
cache-chi-klot8100115-CHI, cache-ams21049-AMS, cache-ams21073-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.469945,VS0,VE2
etag
"kt9RZLYHWjv58VxK34gY2gtJI3NheIs+DTYX4JV5AGA"
vary
Accept
content-type
image/webp
x-styx-req-id
76960fe1-0759-11ef-8e2f-ce1bcc5ca899
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
draggable.png
www.forcepoint.com/misc/
268 B
608 B
Image
General
Full URL
https://www.forcepoint.com/misc/draggable.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img04-europe-west2
age
722990
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=268 idim=15x60 ifmt=png ofsz=268 odim=15x60 ofmt=png
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
268
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000056-CHI, cache-ams21037-AMS, cache-ams12734-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.469935,VS0,VE3
etag
"KWIpRFdw6XY1xKLUIvevvjFCVB7MVHDdktcCcAkddP0"
vary
Accept
content-type
image/png
x-styx-req-id
76898ab5-0759-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
tree.png
www.forcepoint.com/misc/
82 B
441 B
Image
General
Full URL
https://www.forcepoint.com/misc/tree.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img01-europe-west2
age
5041913
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=130 idim=80x81 ifmt=png ofsz=82 odim=80x81 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-x5bd7
content-length
82
x-served-by
cache-chi-kigq8000035-CHI, cache-ams21045-AMS, cache-ams21043-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.470150,VS0,VE3
etag
"Z35FTfoaAVemLhiXshryO4rkEzH1KA6bO8GIRsSVaO0"
vary
Accept
content-type
image/webp
x-styx-req-id
769d270e-0759-11ef-ae8b-0a204bd69ae8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
tree-bottom.png
www.forcepoint.com/misc/
78 B
466 B
Image
General
Full URL
https://www.forcepoint.com/misc/tree-bottom.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img08-europe-west2
age
1933206
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=129 idim=80x81 ifmt=png ofsz=78 odim=80x81 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-5wssg
content-length
78
x-served-by
cache-chi-klot8100109-CHI, cache-ams21021-AMS, cache-ams21028-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.471246,VS0,VE4
etag
"JyOt5s8au+dKwuKYWT9ybz2cVW6ZbelcJx3DlTABXvE"
vary
Accept
content-type
image/webp
x-styx-req-id
eef36650-074f-11ef-8b93-f2f52e1bfc3f
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 00:15:36 GMT
message-24-ok.png
www.forcepoint.com/misc/
902 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/misc/message-24-ok.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img06-europe-west2
age
1215628
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=1058 idim=24x24 ifmt=png ofsz=902 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-sp4l8
content-length
902
x-served-by
cache-chi-klot8100043-CHI, cache-ams21069-AMS, cache-ams12750-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.469500,VS0,VE3
etag
"60PoYDt+1vFXU4yAkaVKB1clxMNlUR3MuNzEGSZ9U9Y"
vary
Accept
content-type
image/webp
x-styx-req-id
e9d0538a-073e-11ef-a6dd-5e6873469e9c
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 22:13:46 GMT
message-24-warning.png
www.forcepoint.com/misc/
612 B
1018 B
Image
General
Full URL
https://www.forcepoint.com/misc/message-24-warning.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img09-europe-west2
age
3504641
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=753 idim=24x24 ifmt=png ofsz=612 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-2snzw
content-length
612
x-served-by
cache-chi-klot8100163-CHI, cache-ams21073-AMS, cache-ams12751-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.469961,VS0,VE5
etag
"etN9kWF1zriHIse4xor9Tv/e40PLoR3lRGg8xe6tRQE"
vary
Accept
content-type
image/webp
x-styx-req-id
38c734ce-074c-11ef-bd21-e6711c542c27
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 23:49:02 GMT
message-24-error.png
www.forcepoint.com/misc/
614 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/misc/message-24-error.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img03-europe-west2
age
1381432
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=733 idim=24x24 ifmt=png ofsz=614 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-wwn9v
content-length
614
x-served-by
cache-chi-kigq8000043-CHI, cache-ams21054-AMS, cache-ams12747-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.469937,VS0,VE3
etag
"gVoMZ8dd1QgL/2SjIwn0GwzJENiBt143AYaoiF4Ws6M"
vary
Accept
content-type
image/webp
x-styx-req-id
76864225-0759-11ef-96e8-7ad7a55b083e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
help.png
www.forcepoint.com/misc/
192 B
530 B
Image
General
Full URL
https://www.forcepoint.com/misc/help.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img05-europe-west2
age
2936399
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=294 idim=16x16 ifmt=png ofsz=192 odim=16x16 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-nfg5w
content-length
192
x-served-by
cache-chi-klot8100132-CHI, cache-ams21052-AMS, cache-ams12742-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.469424,VS0,VE2
etag
"v6al66PXjd/2WqSfHyL2pCCxkfKAcJfvgCU3I6pbO+4"
vary
Accept
content-type
image/webp
x-styx-req-id
7684955d-0759-11ef-bfc9-82a8b8e523a0
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
menu-expanded.png
www.forcepoint.com/misc/
46 B
386 B
Image
General
Full URL
https://www.forcepoint.com/misc/menu-expanded.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 55, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img03-europe-west2
age
3216198
http_x_geo_region
DE-BY
x-cache
HIT, HIT, HIT, HIT
fastly-io-info
ifsz=106 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-rvvcb
content-length
46
x-served-by
cache-chi-klot8100163-CHI, cache-ams21032-AMS, cache-ams12749-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.470580,VS0,VE2
etag
"lnOeF6KlRRR5aM+MCm3C8DB9Vu1cySrSTIEOJY+eTS4"
vary
Accept
content-type
image/webp
x-styx-req-id
767b0174-0759-11ef-b67f-0ae317fe726a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
menu-collapsed.png
www.forcepoint.com/misc/
46 B
403 B
Image
General
Full URL
https://www.forcepoint.com/misc/menu-collapsed.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
1, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img01-europe-west2
age
1320880
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=105 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-x5bd7
content-length
46
x-served-by
cache-chi-kigq8000091-CHI, cache-ams21034-AMS, cache-ams21028-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.469274,VS0,VE1
etag
"HJgRuOhWhAFgOazVOW2HjRFb16cHmG+HSX+vLor86a0"
vary
Accept
content-type
image/webp
x-styx-req-id
75fa540b-0759-11ef-ae8b-0a204bd69ae8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:48 GMT
progress.gif
www.forcepoint.com/misc/
6 KB
6 KB
Image
General
Full URL
https://www.forcepoint.com/misc/progress.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
91997f03543fdd296c85e60feede1e3df0e950aca03698583ff2870869a2dc0b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img05-europe-west2
age
2871752
http_x_geo_region
DE-BY
x-cache
HIT, HIT, HIT, HIT
fastly-io-info
ifsz=5872 idim=20x40 ifmt=gif ofsz=5872 odim=20x40 ofmt=gif ofrm=20
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
5872
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-klot8100021-CHI, cache-ams21053-AMS, cache-ams21022-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.469266,VS0,VE2
etag
"KSQIcjJuPSqTVV6Yjqa330VSb5j46NEcKLjR3ejGL1A"
vary
Accept
content-type
image/gif
x-styx-req-id
769b8111-0759-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
chosen-sprite.png
www.forcepoint.com/sites/all/libraries/chosen/
430 B
821 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 5, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img07-europe-west2
age
1998608
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=538 idim=52x37 ifmt=png ofsz=430 odim=52x37 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
430
x-served-by
cache-chi-klot8100058-CHI, cache-ams21062-AMS, cache-ams12724-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.472371,VS0,VE2
etag
"pCuJ3WEDsPQPzkbIkY90U4TfuAo3yBgHEEN2IOPELGY"
vary
Accept
content-type
image/webp
x-styx-req-id
860e9f46-0742-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 22:39:37 GMT
chosen-sprite@2x.png
www.forcepoint.com/sites/all/libraries/chosen/
628 B
968 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 5, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img06-europe-west2
age
3470622
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=738 idim=104x74 ifmt=png ofsz=628 odim=104x74 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-969xc
content-length
628
x-served-by
cache-chi-klot8100088-CHI, cache-ams21032-AMS, cache-ams12759-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.469271,VS0,VE4
etag
"1954vZ3omyWtqZWjx3EPpQPU3ZMgJvFFfwvKeF5rhm0"
vary
Accept
content-type
image/webp
x-styx-req-id
7697473a-0759-11ef-8c7d-8e78efa3e15b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
ui-bg_flat_75_ffffff_40x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
44 B
508 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 5, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img07-europe-west2
age
1410697
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, HIT
fastly-io-info
ifsz=178 idim=40x100 ifmt=png ofsz=44 odim=40x100 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
44
x-served-by
cache-chi-kigq8000066-CHI, cache-ams21029-AMS, cache-ams12723-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.469183,VS0,VE2
etag
"O9SdHkbja5Mmzi4DWOWJdZgUQirITGa5uuAK5R/QoyM"
vary
Accept
content-type
image/webp
x-styx-req-id
e880855f-0768-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 03:14:23 GMT
ui-bg_highlight-soft_75_cccccc_1x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
54 B
400 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
1, 0, 5, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img03-europe-west2
age
2623369
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=101 idim=1x100 ifmt=png ofsz=54 odim=1x100 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-z9kn6
content-length
54
x-served-by
cache-chi-kigq8000036-CHI, cache-ams21053-AMS, cache-ams12766-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.469166,VS0,VE6
etag
"SVL3LfYtpcUTzNEo8mHT+EoBDkNcvK2l7xiLlLE7P6w"
vary
Accept
content-type
image/webp
x-styx-req-id
79be48f5-07bc-11ef-b06b-3246cedab68e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:12:34 GMT
ui-bg_glass_75_e6e6e6_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
78 B
585 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
1, 0, 5, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img01-europe-west2
age
113069
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=110 idim=1x400 ifmt=png ofsz=78 odim=1x400 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-vj962
content-length
78
x-served-by
cache-chi-kigq8000098-CHI, cache-ams21026-AMS, cache-ams12763-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.469145,VS0,VE2
etag
"4s1MwOZKDfGEu/a/SFo57USn639l3MbW8dYbzZPyEag"
vary
Accept
content-type
image/webp
x-styx-req-id
79be7b6b-07bc-11ef-891e-fad2edf62dbb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:12:34 GMT
ui-bg_glass_75_dadada_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/
84 B
591 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
1, 0, 5, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img07-europe-west2
age
3031961
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=111 idim=1x400 ifmt=png ofsz=84 odim=1x400 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-m45gq
content-length
84
x-served-by
cache-chi-klot8100024-CHI, cache-ams21047-AMS, cache-ams21038-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.474309,VS0,VE2
etag
"msf+sm6St45S//5aPCnGaIqq4DmKLsS3uxv+ikcGyuY"
vary
Accept
content-type
image/webp
x-styx-req-id
df701124-0757-11ef-9cb5-de9f5536d504
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:12:26 GMT
css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1260, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
2109
x-served-by
cache-chi-kigq8000159-CHI, cache-fra-etou8220141-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000159_CHI
last-modified
Tue, 05 Mar 2024 06:05:49 GMT
server
nginx
x-timer
S1721290725.353811,VS0,VE4
etag
W/"65e6b63d-1797"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e591bfd4-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
11 KB
3 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Mon, 28 Apr 2025 10:38:01 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-6zx56
content-length
2662
x-served-by
cache-chi-kigq8000165-CHI, cache-fra-eddf8230033-FRA, cache-fra-eddf8230151-FRA
last-modified
Tue, 05 Mar 2024 06:05:43 GMT
server
nginx
x-timer
S1721290725.353791,VS0,VE5
etag
W/"65e6b637-2d9a"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
387529c2-0482-11ef-be95-3a8be9a6877a
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1707, 0
css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
789 B
777 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 2003, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-z27mm
content-length
405
x-served-by
cache-chi-kigq8000114-CHI, cache-fra-eddf8230127-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:43 GMT
server
nginx
x-timer
S1721290725.354480,VS0,VE4
etag
W/"65e6b637-315"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d80591ea-f1d7-11ee-8a97-36bf4d504f37
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:03 GMT
css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
14 KB
3 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 2009, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-kk5rj
content-length
2632
x-served-by
cache-chi-klot8100179-CHI, cache-fra-eddf8230036-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100179_CHI
last-modified
Tue, 05 Mar 2024 06:05:45 GMT
server
nginx
x-timer
S1721290725.354406,VS0,VE5
etag
W/"65e6b639-3962"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d721e3ae-f1d7-11ee-b87b-f2654297ce89
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
512 B
573 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
2, 1630, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-m255z
content-length
230
x-served-by
cache-chi-kigq8000068-CHI, cache-fra-etou8220042-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000068_CHI
last-modified
Tue, 05 Mar 2024 06:05:46 GMT
server
nginx
x-timer
S1721290725.354422,VS0,VE5
etag
W/"65e6b63a-200"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d804a972-f1d7-11ee-976d-4e9dd3d547b2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:03 GMT
css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
3 KB
1 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1261, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
1172
x-served-by
cache-chi-kigq8000154-CHI, cache-fra-etou8220065-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000154_CHI
last-modified
Tue, 05 Mar 2024 06:05:52 GMT
server
nginx
x-timer
S1721290725.355118,VS0,VE4
etag
W/"65e6b640-c8c"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e591a2ff-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
506 B
522 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1258, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-fn6sp
content-length
175
x-served-by
cache-chi-kigq8000153-CHI, cache-fra-etou8220116-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000153_CHI
last-modified
Tue, 05 Mar 2024 06:05:53 GMT
server
nginx
x-timer
S1721290725.355142,VS0,VE4
etag
W/"65e6b641-1fa"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e596f71a-f1d7-11ee-89fc-2e39b17a00a2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
454 B
521 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1259, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-97hrc
content-length
221
x-served-by
cache-chi-klot8100165-CHI, cache-fra-etou8220130-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100165_CHI
last-modified
Tue, 05 Mar 2024 06:05:54 GMT
server
nginx
x-timer
S1721290725.355121,VS0,VE5
etag
W/"65e6b642-1c6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e59403e9-f1d7-11ee-9c8c-7a18807b770d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
502 B
578 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1534, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
252
x-served-by
cache-chi-klot8100023-CHI, cache-fra-eddf8230057-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100023_CHI
last-modified
Tue, 05 Mar 2024 06:05:55 GMT
server
nginx
x-timer
S1721290725.355057,VS0,VE4
etag
W/"65e6b643-1f6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e592fe3d-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
5 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 588, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175752
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
2091
x-served-by
cache-chi-klot8100098-CHI, cache-fra-etou8220066-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:05:56 GMT
server
nginx
x-timer
S1721290725.355062,VS0,VE5
etag
W/"65e6b644-1218"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e5943fb9-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
128 B
441 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1524, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-j9qgk
content-length
118
x-served-by
cache-chi-kigq8000036-CHI, cache-fra-eddf8230055-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000036_CHI
last-modified
Tue, 05 Mar 2024 06:05:47 GMT
server
nginx
x-timer
S1721290725.354989,VS0,VE5
etag
W/"65e6b63b-80"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e599bfb1-f1d7-11ee-8caf-72f948985f1d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
203 B
452 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Wed, 11 Jun 2025 01:59:45 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-845bccb87b-s649l
content-length
137
x-served-by
cache-chi-klot8100122-CHI, cache-fra-etou8220150-FRA, cache-fra-eddf8230151-FRA
last-modified
Tue, 05 Mar 2024 06:05:56 GMT
server
nginx
x-timer
S1721290725.355804,VS0,VE5
etag
W/"65e6b644-cb"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
1c673fac-26cd-11ef-a8ca-6e88d504bb51
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1259, 0
css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
99 B
439 B
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
21, 1258, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175777
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
100
x-served-by
cache-chi-klot8100084-CHI, cache-fra-etou8220147-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:58 GMT
server
nginx
x-timer
S1721290725.356264,VS0,VE4
etag
W/"65e6b646-63"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e593f98b-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
493 KB
118 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
1, 1632, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-2j9t5
content-length
120174
x-served-by
cache-chi-kigq8000100-CHI, cache-fra-etou8220150-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000100_CHI
last-modified
Tue, 05 Mar 2024 06:05:48 GMT
server
nginx
x-timer
S1721290725.355746,VS0,VE5
etag
W/"65e6b63c-7b4f7"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d80a6483-f1d7-11ee-aed0-566d988ffce8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:04 GMT
css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
2 MB
300 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8117b5d7ba159bfb0cf341d96a566b4b06c466a0038eca2273a8533b1536e019
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Sat, 21 Jun 2025 13:27:13 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-56d7969b4f-nzfgb
content-length
307198
x-served-by
cache-chi-kigq8000037-CHI, cache-fra-eddf8230069-FRA, cache-fra-eddf8230151-FRA
last-modified
Thu, 20 Jun 2024 13:27:07 GMT
server
nginx
x-timer
S1721290725.355739,VS0,VE4
etag
W/"66742e2b-1f7287"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
ce42fc2e-2f08-11ef-b403-3a4931867672
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
11, 14, 0
forcepoint.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/forcepoint.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
16, 4741, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-67db8dc7b8-jjllv
content-length
783
x-served-by
cache-chi-klot8100172-CHI, cache-fra-eddf8230106-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:36:00 GMT
server
nginx
x-timer
S1721290725.355744,VS0,VE5
etag
W/"66958830-6ad"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
1708bde2-4345-11ef-bfff-92b70a8cdf9e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 17 Jul 2025 07:29:09 GMT
about_us_0.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/about_us_0.svg?itok=3xrS9jXe
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
6, 1398, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-8gp4k
content-length
866
x-served-by
cache-chi-kigq8000108-CHI, cache-fra-etou8220154-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000108_CHI
last-modified
Wed, 18 Oct 2023 11:53:36 GMT
server
nginx
x-timer
S1721290725.359485,VS0,VE4
etag
W/"652fc740-76e"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d8a73d5e-f1d7-11ee-96a4-d2ef4ea261cb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:05 GMT
our_approach_0.svg
www.forcepoint.com/sites/default/files/
3 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/our_approach_0.svg?itok=XjvgKmGS
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1360, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
129850
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
1012
x-served-by
cache-chi-klot8100045-CHI, cache-fra-eddf8230075-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100045_CHI
last-modified
Wed, 18 Oct 2023 11:53:58 GMT
server
nginx
x-timer
S1721290725.379551,VS0,VE5
etag
W/"652fc756-a97"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d725995a-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
our_customers_0.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/our_customers_0.svg?itok=pljm0BZO
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1396, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175775
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-684rx
content-length
913
x-served-by
cache-chi-kigq8000075-CHI, cache-fra-etou8220064-FRA, cache-fra-eddf8230151-FRA
last-modified
Wed, 18 Oct 2023 11:54:19 GMT
server
nginx
x-timer
S1721290725.381196,VS0,VE6
etag
W/"652fc76b-9af"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
31a8bc86-304e-11ef-aacb-96169af5812a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Mon, 23 Jun 2025 04:16:27 GMT
fp_one_icon_12.svg
www.forcepoint.com/sites/default/files/
1 KB
996 B
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon_12.svg?itok=mLSyqP7-
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
7, 1393, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175777
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-l79x9
content-length
725
x-served-by
cache-chi-kigq8000075-CHI, cache-fra-etou8220141-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000075_CHI
last-modified
Mon, 18 Mar 2024 16:01:42 GMT
server
nginx
x-timer
S1721290725.471768,VS0,VE4
etag
W/"65f86566-5ed"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db750a4b-f1d7-11ee-a7b0-d6145dabcebb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon-hover_12.svg
www.forcepoint.com/sites/default/files/
1 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon-hover_12.svg?itok=lvMOGlA6
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
7, 1634, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-kk5rj
content-length
737
x-served-by
cache-chi-kigq8000131-CHI, cache-fra-eddf8230026-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000131_CHI
last-modified
Mon, 18 Mar 2024 16:01:47 GMT
server
nginx
x-timer
S1721290725.471541,VS0,VE5
etag
W/"65f8656b-5fb"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db770500-f1d7-11ee-b87b-f2654297ce89
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon_0.svg
www.forcepoint.com/sites/default/files/
1 KB
974 B
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon_0.svg?itok=eKi29PlI
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1392, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175777
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-z27mm
content-length
725
x-served-by
cache-chi-kigq8000060-CHI, cache-fra-etou8220025-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Wed, 18 Oct 2023 11:35:43 GMT
server
nginx
x-timer
S1721290725.473752,VS0,VE5
etag
W/"652fc30f-5ed"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db7b0db8-f1d7-11ee-8a97-36bf4d504f37
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon-hover_0.svg
www.forcepoint.com/sites/default/files/
1 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon-hover_0.svg?itok=ecRnPBsZ
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
6, 1632, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-6v4d5
content-length
737
x-served-by
cache-chi-kigq8000145-CHI, cache-fra-eddf8230132-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000145_CHI
last-modified
Wed, 18 Oct 2023 11:35:50 GMT
server
nginx
x-timer
S1721290725.473173,VS0,VE6
etag
W/"652fc316-5fb"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d8a93da4-f1d7-11ee-b900-62d8d57276c4
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:05 GMT
cyber_edu_icon.svg
www.forcepoint.com/sites/default/files/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/cyber_edu_icon.svg?itok=XXkKE01K
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1396, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-x24lf
content-length
813
x-served-by
cache-chi-klot8100039-CHI, cache-fra-etou8220137-FRA, cache-fra-eddf8230151-FRA
last-modified
Wed, 18 Oct 2023 12:02:27 GMT
server
nginx
x-timer
S1721290725.472512,VS0,VE5
etag
W/"652fc953-9a9"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
649a3ed4-3829-11ef-a111-0a5f4b927256
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 03 Jul 2025 04:13:10 GMT
cyber_edu_icon-hover.svg
www.forcepoint.com/sites/default/files/
3 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/cyber_edu_icon-hover.svg?itok=ymKcsOZ4
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2528d731c4e61e67f78982f202d1de7e6f7a234117b4d9c98325c27e33c6e1d3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1391, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175777
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-5zbrs
content-length
869
x-served-by
cache-chi-kigq8000147-CHI, cache-fra-etou8220138-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Wed, 18 Oct 2023 12:02:37 GMT
server
nginx
x-timer
S1721290725.473788,VS0,VE4
etag
W/"652fc95d-b0c"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
dc5b370e-f1d7-11ee-bbb7-623f168e5bfe
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:11 GMT
turkish-ransomware-i-hero.png
www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/
230 KB
230 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/turkish-ransomware-i-hero.png?itok=jJ8gZgn8&timestamp=1720786293
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ac549b887c22d68ffc9963e419cb31015a2305200948d06f3ca24c67b1986d81
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 1, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
vpop-etou8240194
age
198615
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=271023 idim=1180x346 ifmt=png ofsz=235250 odim=1180x346 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-p5mqc
content-length
235250
x-served-by
cache-chi-klot8100058-CHI, cache-ams21075-AMS, cache-ams2100113-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.471432,VS0,VE4
etag
"ARyepglzjQOVSsVALQBrVpjm+jPHwzXO+BUs0BEKM50"
vary
Accept
content-type
image/webp
x-styx-req-id
b11c702a-4052-11ef-9a42-ee9e1dde6fad
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 13 Jul 2025 13:28:57 GMT
turkish-ransomware-i-1.png
www.forcepoint.com/sites/default/files/
36 KB
37 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-1.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ec5d5e9a8573943abc88da8c47fead83a877d69e64c69b339dbc9a893da055c9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 2, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img04-europe-west3
age
502975
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=94838 idim=780x546 ifmt=png ofsz=37140 odim=780x546 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-w9nrv
content-length
37140
x-served-by
cache-chi-klot8100176-CHI, cache-ams21039-AMS, cache-ams2100113-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.471890,VS0,VE3
etag
"uNJWYqypNdOFqJmH83PVKUgACyMkCigVg7DzHvW+e3w"
vary
Accept
content-type
image/webp
x-styx-req-id
4544c800-404b-11ef-9aee-de70e4427182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 13 Jul 2025 12:35:50 GMT
turkish-ransomware-i-2.png
www.forcepoint.com/sites/default/files/
31 KB
31 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-2.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
212f36154bde29fb1769244168fa4f40e77315fffa6ae42fff232062f8ed7a0a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 2, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
vpop-etou8240194
age
503886
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=41997 idim=826x110 ifmt=png ofsz=31446 odim=826x110 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-4fsf9
content-length
31446
x-served-by
cache-chi-kigq8000172-CHI, cache-ams21033-AMS, cache-ams21074-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.471377,VS0,VE1
etag
"jzQ8GBMoXnuRL+FfzQxIWPtysQpwUUT2P4Sh4XwoW5E"
vary
Accept
content-type
image/webp
x-styx-req-id
26ce45c6-4049-11ef-9bc7-0e47c8ff5b51
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 13 Jul 2025 12:20:39 GMT
turkish-ransomware-i-3.png
www.forcepoint.com/sites/default/files/
91 KB
91 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-3.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
83fb1040f8f7dc9b42904b8ea0507b1fec248e2ffa8a0ad32d8f00357e9a01f3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 2, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
vpop-etou8240194
age
503883
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, HIT
fastly-io-info
ifsz=117661 idim=678x288 ifmt=png ofsz=92758 odim=678x288 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-w9nrv
content-length
92758
x-served-by
cache-chi-klot8100129-CHI, cache-ams2100120-AMS, cache-ams21082-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.471372,VS0,VE2
etag
"nozWbhv5GyIfBKBAWhuYwI93wz2hbpGsupWE4bsRPB4"
vary
Accept
content-type
image/webp
x-styx-req-id
27d07c78-4049-11ef-9aee-de70e4427182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 13 Jul 2025 12:20:41 GMT
turkish-ransomware-i-4.png
www.forcepoint.com/sites/default/files/
201 KB
202 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-4.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2caf6812d133b2fc835155902536bee390fd4dca3f8d6cc7e62f7081e27debf6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 2, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img04-europe-west3
age
503879
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, HIT
fastly-io-info
ifsz=257987 idim=651x492 ifmt=png ofsz=205972 odim=651x492 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-m7qcg
content-length
205972
x-served-by
cache-chi-kigq8000079-CHI, cache-ams21058-AMS, cache-ams21041-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.471851,VS0,VE4
etag
"oHWJWJttw0bnLGZnFhZPzYI2EwL+ygi+OHB7hhgxPhY"
vary
Accept
content-type
image/webp
x-styx-req-id
2a687027-4049-11ef-8cd9-222e41344d78
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 13 Jul 2025 12:20:46 GMT
turkish-ransomware-i-5.png
www.forcepoint.com/sites/default/files/
241 KB
241 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-5.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c309dbbe647bbf8904cf5cf33833f02fdc6e00c6bb5a95cdf9f29fac4e662207
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 2, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
vpop-etou8240196
age
503884
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=455605 idim=654x375 ifmt=png ofsz=246462 odim=654x375 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-p5mqc
content-length
246462
x-served-by
cache-chi-kigq8000149-CHI, cache-ams21070-AMS, cache-ams21028-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.474308,VS0,VE6
etag
"4Ae9OqXfzWlFdFxrwoYhxmMkd/MRxTKqY1mAK5GZXX4"
vary
Accept
content-type
image/webp
x-styx-req-id
27b7d23b-4049-11ef-9a42-ee9e1dde6fad
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 13 Jul 2025 12:20:41 GMT
turkish-ransomware-i-6.png
www.forcepoint.com/sites/default/files/
69 KB
70 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-6.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
33b9732e0e2aa2683522382286b86715ec85f147959f352137f49a1d4feb79a0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 2, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
vpop-etou8240195
age
503872
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=88301 idim=666x151 ifmt=png ofsz=70858 odim=666x151 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-z4chc
content-length
70858
x-served-by
cache-chi-klot8100125-CHI, cache-ams2100121-AMS, cache-ams21052-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.471275,VS0,VE4
etag
"KbwlYUTXJtoVwKP//Ky7Llr4VG9+FuJ6ur+S0DozwBo"
vary
Accept
content-type
image/webp
x-styx-req-id
2f326baa-4049-11ef-8ee1-8245d19189a9
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 13 Jul 2025 12:20:54 GMT
turkish-ransomware-i-7.png
www.forcepoint.com/sites/default/files/
78 KB
79 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-7.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b59117aaaa77098f07b611fff721f582ad56daaf3a460dc4161c29172632918d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 2, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
vpop-etou8240196
age
503884
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=111582 idim=689x271 ifmt=png ofsz=80122 odim=689x271 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-prbvz
content-length
80122
x-served-by
cache-chi-klot8100088-CHI, cache-ams21052-AMS, cache-ams2100089-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.475590,VS0,VE2
etag
"6FlEOaafHr98UWObrJdySNdIam4RI/JaNSHS02D7LOY"
vary
Accept
content-type
image/webp
x-styx-req-id
271af048-4049-11ef-ad50-1edbf4b9e77b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 13 Jul 2025 12:20:40 GMT
turkish-ransomware-i-8.png
www.forcepoint.com/sites/default/files/
129 KB
129 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/turkish-ransomware-i-8.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
23101a57da5bd64dde755399a7f34a1c69bb4addcdfe003a9aa99d3d022483ed
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 2, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img04-europe-west3
age
503136
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=185201 idim=840x347 ifmt=png ofsz=131744 odim=840x347 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-cr9cd
content-length
131744
x-served-by
cache-chi-klot8100100-CHI, cache-ams21081-AMS, cache-ams21058-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.476355,VS0,VE4
etag
"oXJiF6h7vLunwwxk9Gix0+31TLHd4+ly8lkwGhHkkqY"
vary
Accept
content-type
image/webp
x-styx-req-id
e4f74395-404a-11ef-b3d9-563f282b1988
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 13 Jul 2025 12:33:08 GMT
placeholder_image.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
34 B
403 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/placeholder_image.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 1, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img08-europe-west2
age
714486
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=1272 idim=20x20 ifmt=png ofsz=34 odim=20x20 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-5j69z
content-length
34
x-served-by
cache-chi-kigq8000157-CHI, cache-ams21040-AMS, cache-ams21022-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.477627,VS0,VE1
etag
"1Cw1g26qcqy/qXiETpkqMbr8ayhbr57dIxJ0jC+RrrE"
vary
Accept
content-type
image/webp
x-styx-req-id
28491965-0742-11ef-8b9d-16ab02f7e8e2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 22:36:59 GMT
snycu-purple.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/
19 KB
24 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/snycu-purple.jpg?itok=9YaXm6cf&timestamp=1720181106
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4577c7682212aced0e91a82f5d2e9876a77151bf8f16a8317e8a95fc29c87f8d
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com; img-src * data: *; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com *.hubspot.com *.hubspot.net *.demdex.net *.libsyn.com *.youtube.com; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 443, 0
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com; img-src * data: *; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com *.hubspot.com *.hubspot.net *.demdex.net *.libsyn.com *.youtube.com; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
strict-transport-security
max-age=18410000; includeSubDomains; preload
x-content-type-options
nosniff
date
Thu, 18 Jul 2024 08:18:45 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
fastly-io-served-by
img03-europe-west3
age
1104930
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, MISS
fastly-io-info
ifsz=19160 idim=570x270 ifmt=jpeg ofsz=19160 odim=570x270 ofmt=jpeg
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent
EU
fastly-stats
io=1
expires
Sun, 19 Nov 1978 05:00:00 GMT
content-length
19160
x-xss-protection
1
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000067-CHI, cache-ams21030-AMS, cache-ams21068-AMS, cache-fra-eddf8230151-FRA
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-timer
S1721290725.477106,VS0,VE9
etag
"FQjOeNVYvcbgpj64kR+6Z0Un7v/CzGkmrYHkIMHOUQ0"
x-frame-options
SAMEORIGIN
vary
Accept
content-type
image/jpeg
x-styx-req-id
bef221d4-3acd-11ef-9ce6-065f8a95e18c
cache-control
no-cache, must-revalidate
accept-ranges
bytes
x-drupal-cache
MISS
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-ct69k
remcos.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/
26 KB
27 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/remcos.jpg?itok=GOEjP2Jd&timestamp=1719232019
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
712e59da51ddbfc83c263cc8c2b6a404d9f3ec89e830f11220db390c5a410456
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 1, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
vpop-etou8240196
age
2051572
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=26884 idim=570x270 ifmt=jpeg ofsz=26884 odim=570x270 ofmt=jpeg
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-5d77cc44f5-z4chc
content-length
26884
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000149-CHI, cache-ams21044-AMS, cache-ams21078-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.477010,VS0,VE2
etag
"Bj6V4XDrta5qWNJIi+Jp/8es/hc89Whhyy6eiztHJ1g"
vary
Accept
content-type
image/jpeg
x-styx-req-id
a9d41264-3235-11ef-8eb8-8245d19189a9
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 25 Jun 2025 14:25:53 GMT
turkish-ransomware-i-hero.png
www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/
18 KB
19 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/turkish-ransomware-i-hero.png?itok=aF-78Yax
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
04b512735003d45868136e8382b0835e32e8aa2bbe73634cb6a9059bde1f50de
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
2, 0, 1, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
vpop-etou8240192
age
504148
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=19611 idim=199x111 ifmt=png ofsz=18888 odim=199x111 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-6m95f
content-length
18888
x-served-by
cache-chi-klot8100101-CHI, cache-ams21026-AMS, cache-ams21045-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.477006,VS0,VE2
etag
"Fgm3d4a68L15hjo7Gl4iPYFNKA/KUbKsa3gsOoPFXtA"
vary
Accept
content-type
image/webp
x-styx-req-id
8a69eb0e-4048-11ef-a95a-7a520cdabf04
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 13 Jul 2025 12:16:17 GMT
jquery-1.12.4.min.js
code.jquery.com/
95 KB
33 KB
Script
General
Full URL
https://code.jquery.com/jquery-1.12.4.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
6280545
x-cache
HIT, HIT
content-length
33738
x-served-by
cache-lga21956-LGA, cache-fra-eddf8230100-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1721290726.724951,VS0,VE0
etag
W/"28feccc0-17b8b"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
47, 286440
jquery-migrate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.4.1/
13 KB
5 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.4.1/jquery-migrate.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
263952
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4374
last-modified
Fri, 24 Feb 2023 02:37:49 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"63f822fd-1116"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AC7bJ1oUbhpsrrcnupXt5sbk3QXbK9ryA13D07MPtXgFWp69EX%2B3K79M83uCKqCNdRv9r2RTxoBAT5zLOJ4cwu43sXOXWSqM%2BqEgcEAJ3pnK0%2BaMp3AHvMRoW%2BWYCYy3m3lbdN4Y"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a510af9cf2b9bf2-FRA
expires
Tue, 08 Jul 2025 08:18:45 GMT
jquery-ui.min.js
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/
249 KB
56 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
499272
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
56990
last-modified
Fri, 29 Jul 2022 20:40:53 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"62e445d5-de9e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6semZ0l9tIeC%2BkH81sP7%2BG6ZbL1%2B5HRmUlj5uXdc0OxujZ4scqEF9wKEZiTyLgv9yWNBThsRbKicr9tKt8XpuXgbqhLRUarxp7PB8rT6Eo8wWvNS21demg4tSbfecMRMG1GhhBNQ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a510afa1f9c9bf2-FRA
expires
Tue, 08 Jul 2025 08:18:45 GMT
jquery.cookie.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/
1 KB
1 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
642339
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
591
last-modified
Mon, 04 May 2020 16:11:45 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec1-514"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3xX7t6cSjFM5ZXRLWzRTpuTxf5E771WDDO8TGX%2F3TQK3wWKJ%2Bt%2BByC7KGPsMbgzXgi%2BYOch%2FiTrhFnelCQnIsvoy7f0t9%2FPnPPMmb476MA%2BXBAhis9%2B%2B4bitaok9X8sZZ9TGS0n"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a510afa1fa19bf2-FRA
expires
Tue, 08 Jul 2025 08:18:45 GMT
jquery.form.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.form/4.3.0/
17 KB
6 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.form/4.3.0/jquery.form.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
498603
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5719
last-modified
Sun, 07 Jun 2020 05:05:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5edc7595-42c6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9fBFzs6zlbc%2FIbdIDkqkrkMXQWv0MkHQaDFdgPNWU44foft4cCpC%2BcXPI05VO13upug%2BKNnkTLRZnR1t8dvbAQagonkS%2Bn%2FdFWvdZs1GqwHXv6ujl%2FSB6w9IZClPNPSORHNmQPQ4"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a510afa1fa49bf2-FRA
expires
Tue, 08 Jul 2025 08:18:45 GMT
utag.sync.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/
23 KB
6 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-116.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ea07860293f07c2308249b8655e8ef4d5c1569accaec066614e9e49190103cbb

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
ho1Qs_7AJ5mr5ny9KwcltzOLaxCY8Whp
content-encoding
br
via
1.1 51b32b366d2fc0baf4c02123f643c37c.cloudfront.net (CloudFront)
date
Thu, 18 Jul 2024 08:13:59 GMT
last-modified
Tue, 16 Jul 2024 17:03:36 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
286
x-amz-server-side-encryption
AES256
etag
W/"2dcc7c313c7551888d9b80c8c5e4d90d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
8uI7RoqPgcAtaawZtpJtwuBIQSyr--RR1lEvsoMJhrDAdZjdGPWnnA==
v2.js
js.hsforms.net/forms/
482 KB
156 KB
Script
General
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.141.119 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
age
47
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=8a5109d1dd739104-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.5387/bundles/project-v2.js
date
Thu, 18 Jul 2024 08:18:45 GMT
x-amz-version-id
mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-content-type-options
nosniff
cf-cache-status
HIT
via
1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
aa3d49cb-4ddd-4d81-a9b4-769061421d43
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
4
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
aa3d49cb-4ddd-4d81-a9b4-769061421d43
last-modified
Thu, 06 Jun 2024 13:36:59 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yk6yOB2XkYxQHHIPTzdzdcm89ZcwlQdiyz1bunVUK0jYgtQNdu5OnObfH%2BMLm6V4f4QV%2BYZ9M5ohf0PTgjOAOvLmMzH0LYyHVQl8RxmgHGZiSkZKlG%2F5jEXxv3NDnLWH"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-8zszv
cf-ray
8a510afa3802085d-FRA
x-amz-cf-id
oTWj49w_403zoopWMdDstY_1WUHh1jvG9MWOQ0THncpwbEZQbQGAUg==
js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
11 KB
5 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f443007354af04e5d9f0aea2ce21303442752753ce63ab035a6c76d4f06d5d52
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1175, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-m255z
content-length
4874
x-served-by
cache-chi-kigq8000024-CHI, cache-fra-etou8220151-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000024_CHI
last-modified
Tue, 05 Mar 2024 06:05:59 GMT
server
nginx
x-timer
S1721290725.477791,VS0,VE4
etag
W/"65e6b647-2a50"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e593445d-f1d7-11ee-976d-4e9dd3d547b2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
13 KB
5 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff79200e9d0486ad1207f01f3c5918eea0771ded9b1681694da8caaae4c74c1a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 2031, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-fddpv
content-length
4854
x-served-by
cache-chi-kigq8000072-CHI, cache-fra-eddf8230115-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:05:49 GMT
server
nginx
x-timer
S1721290725.474587,VS0,VE4
etag
W/"65e6b63d-343a"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d721c50f-f1d7-11ee-a6cf-faab7e7aaaa3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
547 B
585 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
634b615987ef6bc5cf11ff7eb78673aebf61e436dc7a56de0f4b4aa543ccb577
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1278, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175777
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-srsz5
content-length
294
x-served-by
cache-chi-klot8100132-CHI, cache-fra-etou8220155-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100132_CHI
last-modified
Tue, 05 Mar 2024 06:06:00 GMT
server
nginx
x-timer
S1721290725.478709,VS0,VE4
etag
W/"65e6b648-223"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e597477d-f1d7-11ee-83a9-32c190c1efda
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
27 KB
8 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
033ea4cefced423a11d0cc62afb56c3b09c16913abe8a891fc578b2f2327a101
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Sat, 05 Jul 2025 23:44:02 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175767
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-p5mqc
content-length
7981
x-served-by
cache-chi-kigq8000113-CHI, cache-fra-etou8220066-FRA, cache-fra-eddf8230151-FRA
last-modified
Tue, 05 Mar 2024 06:05:55 GMT
server
nginx
x-timer
S1721290725.479892,VS0,VE4
etag
W/"65e6b643-6d75"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
4af7c218-3a5f-11ef-94c8-ee9e1dde6fad
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1255, 0
js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
22 KB
8 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b2da29ed5ab13ba88c22a51b412428640f8b495c40e0225d712d16eb6ea8351e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1059, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
7765
x-served-by
cache-chi-kigq8000098-CHI, cache-fra-eddf8230071-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000098_CHI
last-modified
Tue, 05 Mar 2024 06:06:01 GMT
server
nginx
x-timer
S1721290725.479949,VS0,VE5
etag
W/"65e6b649-59a3"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e59287d2-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
730 B
677 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
67138202cdb85739d98743e8226b60fbef18366ce3da88902bee16dacd0f0959
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
1, 1383, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ph6zp
content-length
381
x-served-by
cache-chi-klot8100120-CHI, cache-fra-etou8220105-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100120_CHI
last-modified
Tue, 05 Mar 2024 06:05:56 GMT
server
nginx
x-timer
S1721290725.480531,VS0,VE4
etag
W/"65e6b644-2da"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd343a59-f1d7-11ee-89af-8edf77054182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__udVKtMVyYcbvVHDJ0nPML4nntXexNWL2oMqAdYSCgWM__DGF7DhDt4X72RMZfC0gLtM1DzR4cKNX-xUUTDHAODaQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
27 KB
10 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__udVKtMVyYcbvVHDJ0nPML4nntXexNWL2oMqAdYSCgWM__DGF7DhDt4X72RMZfC0gLtM1DzR4cKNX-xUUTDHAODaQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c3af792cf17fc9da7b301e6ec8a24dcec9e7b4d3ef83622c2417329f658e8848
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Thu, 17 Apr 2025 13:54:31 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-dfscd
content-length
10066
x-served-by
cache-chi-klot8100144-CHI, cache-fra-eddf8230027-FRA, cache-fra-eddf8230151-FRA
last-modified
Tue, 16 Apr 2024 13:54:18 GMT
server
nginx
x-timer
S1721290725.480550,VS0,VE5
etag
W/"661e830a-6bc3"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d99a5f32-fbf8-11ee-84c5-c204ae6b7bc4
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1135, 0
js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
710 B
695 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1f81387d932ab97c0ddff8edfc8e1ca4e37201b3cfb5d3911bc25a04e4087ae7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
1, 1339, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ph6zp
content-length
306
x-served-by
cache-chi-klot8100117-CHI, cache-fra-etou8220152-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100117_CHI
last-modified
Tue, 05 Mar 2024 06:05:57 GMT
server
nginx
x-timer
S1721290725.480756,VS0,VE4
etag
W/"65e6b645-2c6"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd2ddb29-f1d7-11ee-89af-8edf77054182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
798 B
776 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0af941ad21ab4dc704f04bdf8d21825869cfe27eb61b3a37e295f70697c48c88
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1566, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-srsz5
content-length
428
x-served-by
cache-chi-klot8100128-CHI, cache-fra-eddf8230056-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_b_sharedvpc_dmz_05
last-modified
Tue, 05 Mar 2024 06:06:02 GMT
server
nginx
x-timer
S1721290725.481106,VS0,VE5
etag
W/"65e6b64a-31e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e59612e5-f1d7-11ee-83a9-32c190c1efda
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
981 B
772 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
33df7d1430b49b83528e5df930e1da6d9bf492fb32b37ff2b9fd4d97834a0abd
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1621, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-kk5rj
content-length
452
x-served-by
cache-chi-klot8100097-CHI, cache-fra-eddf8230050-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100097_CHI
last-modified
Tue, 05 Mar 2024 06:06:03 GMT
server
nginx
x-timer
S1721290725.481110,VS0,VE4
etag
W/"65e6b64b-3d5"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e5927087-f1d7-11ee-b87b-f2654297ce89
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
3 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9e815610f978cad8bc6a72832b206c68e17bf6799cd0c937b2b3c30014243f73
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Sun, 25 May 2025 07:15:48 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175777
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-6b7857bbbb-dfbjw
content-length
1539
x-served-by
cache-chi-klot8100066-CHI, cache-fra-etou8220025-FRA, cache-fra-eddf8230151-FRA
last-modified
Tue, 19 Mar 2024 19:19:24 GMT
server
nginx
x-timer
S1721290725.482271,VS0,VE4
etag
W/"65f9e53c-d5a"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
721db0cf-199d-11ef-a9e0-26ad238f469f
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1641, 0
js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
32 KB
14 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6806cdcdd3c7f06950968eeebc5ed11dc261adde18cfefd541532fcf5e59ddff
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1570, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-h68w5
content-length
14177
x-served-by
cache-chi-klot8100139-CHI, cache-fra-eddf8230145-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100139_CHI
last-modified
Tue, 05 Mar 2024 06:06:03 GMT
server
nginx
x-timer
S1721290725.477806,VS0,VE5
etag
W/"65e6b64b-81b7"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e592268a-f1d7-11ee-9fa0-220fea7644ee
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__awDE3dco34o6B5V5PT-wcPX9t75VGt6sjYxNLg-Ibew__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
6 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__awDE3dco34o6B5V5PT-wcPX9t75VGt6sjYxNLg-Ibew__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c654220d555e70fb63334836085ed53e9a9d2982e79824664fba6d89e6dc490e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Thu, 17 Apr 2025 13:54:31 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175777
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-c4v2w
content-length
2104
x-served-by
cache-chi-klot8100167-CHI, cache-fra-etou8220057-FRA, cache-fra-eddf8230151-FRA
last-modified
Tue, 16 Apr 2024 13:54:19 GMT
server
nginx
x-timer
S1721290725.481316,VS0,VE4
etag
W/"661e830b-183e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d99b81fb-fbf8-11ee-9c93-fae8d33dc845
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1643, 0
js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
4 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
61deedef5519831c5ba93b5ea4ccbe1d3a6a544c37709704271d05871caf1a02
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 45, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175749
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-fddpv
content-length
1194
x-served-by
cache-chi-kigq8000035-CHI, cache-fra-eddf8230056-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000035_CHI
last-modified
Tue, 05 Mar 2024 06:06:26 GMT
server
nginx
x-timer
S1721290725.482288,VS0,VE5
etag
W/"65e6b662-f33"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e5d6cc25-f1d7-11ee-a6cf-faab7e7aaaa3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:27 GMT
js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
4 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7a06dd94021db644db9732192dd8c6b062b80d3f99488e35ce495e82f0ccf961
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 863, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175749
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-srsz5
content-length
1541
x-served-by
cache-chi-klot8100156-CHI, cache-fra-eddf8230134-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100156_CHI
last-modified
Tue, 05 Mar 2024 06:06:04 GMT
server
nginx
x-timer
S1721290725.481712,VS0,VE5
etag
W/"65e6b64c-f24"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e594d3d7-f1d7-11ee-83a9-32c190c1efda
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
4 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fd08b09bb992ad9d8eb1fa512716a782939ee1df7c7b10ebecef57bc7b023626
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
1, 629, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175749
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
1260
x-served-by
cache-chi-kigq8000118-CHI, cache-fra-eddf8230107-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000118_CHI
last-modified
Tue, 05 Mar 2024 06:06:05 GMT
server
nginx
x-timer
S1721290725.481696,VS0,VE5
etag
W/"65e6b64d-ebd"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
ea32fd72-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:34 GMT
js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
5 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a167f660daaa2f0abba7204685eb46f7127b490d936f10747a2f8c5daba26b83
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
1, 1971, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-2j9t5
content-length
1853
x-served-by
cache-chi-klot8100113-CHI, cache-fra-eddf8230156-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100113_CHI
last-modified
Tue, 05 Mar 2024 06:05:50 GMT
server
nginx
x-timer
S1721290725.477161,VS0,VE6
etag
W/"65e6b63e-1377"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
ddfed7c4-f1d7-11ee-aed0-566d988ffce8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:13 GMT
js__Z8_z4Ixa-D0iNdI4Vha8piNlJPIvuqBB03fpnqgg0ZU__7hSyf_bmxpB7an3khq1utmSHnVzI32jc5ywGqSrYb0g__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
3 KB
1 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__Z8_z4Ixa-D0iNdI4Vha8piNlJPIvuqBB03fpnqgg0ZU__7hSyf_bmxpB7an3khq1utmSHnVzI32jc5ywGqSrYb0g__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ece4490c33a7069c08a0e696be3541870684db90df7dbb70205a99dc57973eac
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1062, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175750
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-fddpv
content-length
1088
x-served-by
cache-chi-kigq8000061-CHI, cache-fra-etou8220048-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000061_CHI
last-modified
Tue, 05 Mar 2024 06:06:18 GMT
server
nginx
x-timer
S1721290725.477128,VS0,VE4
etag
W/"65e6b65a-bee"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
f017d2d1-f1d7-11ee-a6cf-faab7e7aaaa3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:44 GMT
js__3PyHVp_4SRq6pNQOBF08IE7KMR78aq2RPCDHv-23ni8__7F-DhWAuWWcJXOiKyc1JsZkkESiDxwbjA5pvRgf1qdA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
3 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__3PyHVp_4SRq6pNQOBF08IE7KMR78aq2RPCDHv-23ni8__7F-DhWAuWWcJXOiKyc1JsZkkESiDxwbjA5pvRgf1qdA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2a4693f2cfab06c8f82a71e57d82363c57e3b93597ea2a9c08c2bb08f83839f0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Thu, 17 Apr 2025 13:54:31 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175750
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-fccxt
content-length
1351
x-served-by
cache-chi-kigq8000056-CHI, cache-fra-etou8220109-FRA, cache-fra-eddf8230151-FRA
last-modified
Tue, 16 Apr 2024 13:54:19 GMT
server
nginx
x-timer
S1721290725.481405,VS0,VE4
etag
W/"661e830b-d77"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d99b9a52-fbf8-11ee-b353-66628c6b068f
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1111, 0
js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
2 KB
1 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ac12f243172f3c8376a67f24942257093fd70d0c10212a58bf8df60f372be24e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
9, 1662, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
762
x-served-by
cache-chi-kigq8000175-CHI, cache-fra-eddf8230041-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
6cecXOA5eq1mdycR8IETIO--F_styx_fe1_a_sharedvpc_dmz_01
last-modified
Tue, 05 Mar 2024 06:05:59 GMT
server
nginx
x-timer
S1721290725.481996,VS0,VE5
etag
W/"65e6b647-76d"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
de004b55-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:14 GMT
js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__YDKn5kOzd1mgJhYu7UkUXBFTO-WC5n-FhasqlgTZXKY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
10 KB
4 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__YDKn5kOzd1mgJhYu7UkUXBFTO-WC5n-FhasqlgTZXKY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0eb42d32c51e79e9d48a5694328c0ce8889f58a2c25bf13f239a8d818226a96a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Thu, 17 Apr 2025 13:54:51 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175749
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-c4v2w
content-length
3791
x-served-by
cache-chi-kigq8000049-CHI, cache-fra-eddf8230084-FRA, cache-fra-eddf8230151-FRA
last-modified
Tue, 16 Apr 2024 13:54:33 GMT
server
nginx
x-timer
S1721290725.477176,VS0,VE5
etag
W/"661e8319-262c"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e54d52df-fbf8-11ee-9c93-fae8d33dc845
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
7, 892, 0
js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
1017 B
889 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2db23bd96dca0757b0f0d309acb62fe766c08348c86c195ed79658f7f7b456c3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1463, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-2j9t5
content-length
566
x-served-by
cache-chi-kigq8000115-CHI, cache-fra-eddf8230091-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000115_CHI
last-modified
Tue, 05 Mar 2024 06:05:51 GMT
server
nginx
x-timer
S1721290725.482606,VS0,VE5
etag
W/"65e6b63f-3f9"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d721917e-f1d7-11ee-aed0-566d988ffce8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
2 KB
944 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3180fea88eaa47e87effdffd92cc7f52249a701909b6b617b2d0c55b7a0e7c98
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
2, 1381, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175777
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-h68w5
content-length
629
x-served-by
cache-chi-kigq8000137-CHI, cache-fra-etou8220058-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000137_CHI
last-modified
Tue, 05 Mar 2024 06:06:01 GMT
server
nginx
x-timer
S1721290725.477333,VS0,VE7
etag
W/"65e6b649-61e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
ddd9505b-f1d7-11ee-9fa0-220fea7644ee
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:13 GMT
js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__AT6c7sCefn259J383Kk5L3xgymjOI5hghQofGOoaazQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
21 KB
7 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__AT6c7sCefn259J383Kk5L3xgymjOI5hghQofGOoaazQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7dfeb329f73421a0c80e8a067d3e1d67c916c84746f94cb9826c06bc58516d1f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Fri, 27 Jun 2025 13:26:32 GMT
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5d587d78fd-ct69k
content-length
6820
x-served-by
cache-chi-klot8100110-CHI, cache-fra-eddf8230090-FRA, cache-fra-eddf8230151-FRA
last-modified
Wed, 26 Jun 2024 13:26:03 GMT
server
nginx
x-timer
S1721290725.482937,VS0,VE6
etag
W/"667c16eb-55f3"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
b45e7b01-33bf-11ef-a5ff-065f8a95e18c
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
6, 1388, 0
js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__bunscNd0XY0JtFyEPHN8vrG4QmOdFsldeaRN0v3VA9M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/
79 KB
27 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__bunscNd0XY0JtFyEPHN8vrG4QmOdFsldeaRN0v3VA9M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2da781a6191588a46eeb8e47e2d5c4fd2d49a2eceeb1e6e061dbac289e63dc7c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 39, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175749
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
26917
x-served-by
cache-chi-klot8100116-CHI, cache-fra-etou8220069-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100116_CHI
last-modified
Mon, 18 Mar 2024 14:45:01 GMT
server
nginx
x-timer
S1721290725.477707,VS0,VE7
etag
W/"65f8536d-13c91"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e5945f6d-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
/
attr.ml-api.io/
Redirect Chain
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=3311319404537773245
4 B
281 B
Image
General
Full URL
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=3311319404537773245
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Server
65.9.66.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-5.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 08:18:46 GMT
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
content-type
application/json
alt-svc
h3=":443"; ma=86400
content-length
4
apigw-requestid
bGVsAjn9IAMEZdQ=
x-amz-cf-id
YTD0HO0IUEVdGxaZe7A7d6KEoBqTI8oC5X-sPYz9inCaUh9MPnl_8g==

Redirect headers

pragma
no-cache
date
Thu, 18 Jul 2024 08:18:45 GMT
an-x-request-uuid
93c0bcf7-8c98-4aff-b1d0-d7a8be69baf1
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=3311319404537773245
x-proxy-origin
185.213.155.144; 185.213.155.144; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ee27e3cdc69e172aac4b82b3f20d30a2e9b8fc56e7154475292f0ce338b8a5a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 1536, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175775
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
1421
x-served-by
cache-chi-kigq8000092-CHI, cache-fra-eddf8230025-FRA, cache-fra-eddf8230151-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000092_CHI
last-modified
Tue, 05 Mar 2024 06:05:59 GMT
server
nginx
x-timer
S1721290725.477038,VS0,VE5
etag
W/"65e6b647-19a6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e5937e66-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
utag.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/
434 KB
111 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-116.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e6bb0467284ad6bf4b716def881b4ecb16751807121ba3e2fcca55a33c850dc0

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
2i6PDnq9Dj4ToerNLa_U9W6mjHKEMpq_
content-encoding
br
via
1.1 51b32b366d2fc0baf4c02123f643c37c.cloudfront.net (CloudFront)
date
Thu, 18 Jul 2024 08:18:03 GMT
last-modified
Tue, 16 Jul 2024 17:03:36 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
43
x-amz-server-side-encryption
AES256
etag
W/"0d6f6bedfcf3c993f2460235311eff1a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
N3VtCmX6pf8LtlLzvCmZ2QJCLXzeOujrFTbfg_nRfpUYKOx9wR1Bqw==
truncated
/
166 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
450 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
141 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
187 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
660 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
372 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
372 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
248 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
chevron-right-xxs.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/
213 B
478 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/chevron-right-xxs.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
eb06d9c1faf512de924b0840e5ff2cea13ea5154e84b9a2edb23c3ee94602bd7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
16, 4515, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175775
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-778cbf697c-x5pqn
content-length
174
x-served-by
cache-chi-kigq8000176-CHI, cache-fra-eddf8230157-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:36:00 GMT
server
nginx
x-timer
S1721290725.483826,VS0,VE6
etag
W/"66958830-d5"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
17e28133-4345-11ef-9849-f21714ecd673
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 17 Jul 2025 07:29:10 GMT
truncated
/
636 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
636 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
636 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
banner-woman.jpg
www.forcepoint.com/sites/default/files/
12 KB
13 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/banner-woman.jpg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img10-europe-west2
age
1908633
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS, HIT
fastly-io-info
ifsz=139269 idim=591x426 ifmt=jpeg ofsz=12712 odim=591x426 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-6zx56
content-length
12712
x-served-by
cache-chi-klot8100073-CHI, cache-ams21065-AMS, cache-ams12723-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.489510,VS0,VE2
etag
"N0lQYBtHe5ciagpRVpui8m2mvIrccgSXz/6JZdtfgoA"
vary
Accept
content-type
image/webp
x-styx-req-id
c380a60e-0635-11ef-be95-3a8be9a6877a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 30 Apr 2025 14:35:45 GMT
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
750 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
ajax-loader.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
365 B
748 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ajax-loader.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
195211df418c32079abb41bb0ebd2ea3aace287509a9c49702d80f1350313527
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 4, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img01-europe-west2
age
3489664
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=404 idim=43x11 ifmt=gif ofsz=365 odim=43x11 ofmt=gif ofrm=4
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-2w9x6
content-length
365
x-served-by
cache-chi-klot8100112-CHI, cache-ams21072-AMS, cache-ams21053-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.493143,VS0,VE1
etag
"c9vdSz1SobFgJvEEIebuVOe3obQGnXd87HeEFJfv0io"
vary
Accept
content-type
image/gif
x-styx-req-id
86b514b5-07bc-11ef-bee0-eaad830a048d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:12:56 GMT
bg-blog-podcast-final-plea.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/
136 KB
137 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/bg-blog-podcast-final-plea.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
defd01b0db74c62e4efe18ef38e5ec968f2b8c2cf51ab6b14f12e1ad250eec84
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 0, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img03-europe-west2
age
1112314
http_x_geo_region
DE-BY
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=236236 idim=580x458 ifmt=png ofsz=139710 odim=580x458 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
139710
x-served-by
cache-chi-kigq8000133-CHI, cache-ams21029-AMS, cache-ams12730-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290725.493132,VS0,VE2
etag
"J4HM7COV6lmZQG/n7TaO0MtxZmafgyzKI2fNbOojs8E"
vary
Accept
content-type
image/webp
x-styx-req-id
82115b34-07bd-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:19:58 GMT
f-white.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/
257 B
566 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/f-white.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
15, 1450, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175776
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-67db8dc7b8-d8mdp
content-length
187
x-served-by
cache-chi-klot8100146-CHI, cache-fra-etou8220152-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:36:00 GMT
server
nginx
x-timer
S1721290725.493056,VS0,VE4
etag
W/"66958830-101"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
17e26d46-4345-11ef-879d-66813a86faf3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 17 Jul 2025 07:29:10 GMT
truncated
/
442 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
icon-anchor-arrow-teal.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/
655 B
623 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/icon-anchor-arrow-teal.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__yLUlsZO8Aw1QbDVmt9Emb7WQDVsiqE8WSyAbbDd2S8M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
14, 1382, 0
date
Thu, 18 Jul 2024 08:18:45 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
175775
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-778cbf697c-8gq4f
content-length
400
x-served-by
cache-chi-kigq8000077-CHI, cache-fra-eddf8230034-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:36:00 GMT
server
nginx
x-timer
S1721290725.493603,VS0,VE6
etag
W/"66958830-28f"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
17e25f95-4345-11ef-92c5-1af899943841
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 17 Jul 2025 07:29:10 GMT
truncated
/
383 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
558 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
356 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
431 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
688 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/
47 KB
7 KB
XHR
General
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
215d0f0045ab0ae86e1bc9f6a6ba636858df75adbadd10f0b228c4ab05dc7729
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-origin-hublet
na1
date
Thu, 18 Jul 2024 08:18:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
dc3f40d6-9b1e-4a45-9431-d6e91b82bb2f
x-envoy-upstream-service-time
13
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
dc3f40d6-9b1e-4a45-9431-d6e91b82bb2f
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.forcepoint.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
8a510afccd79196d-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-ptpxr
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/
47 KB
7 KB
XHR
General
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b953b08e1df7e7f679d26b34118e8b99ce2f0889060bdf0f74ca30c641e1473c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-origin-hublet
na1
date
Thu, 18 Jul 2024 08:18:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
04ad58e2-578d-457b-afa7-2ccf27945db8
x-envoy-upstream-service-time
22
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
04ad58e2-578d-457b-afa7-2ccf27945db8
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.forcepoint.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
8a510afdbf15196d-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-phcmr
loading.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
76 KB
77 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/loading.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3f3a06c93db350a7a9d3616a3dbbd6c252e702ade48978256c8a125fc2981d2d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
0, 0, 1, 1
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 18 Jul 2024 08:18:45 GMT
fastly-io-served-by
img04-europe-west2
age
706361
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=80522 idim=200x200 ifmt=gif ofsz=78253 odim=200x200 ofmt=gif ofrm=30
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
78253
x-served-by
cache-chi-kigq8000130-CHI, cache-ams21037-AMS, cache-ams21030-AMS, cache-fra-eddf8230151-FRA
server
nginx
x-timer
S1721290726.876073,VS0,VE2
etag
"Nxhc6+NYNokf+oi4tit7qUckgh54LwQ6JJFLiU/ddPg"
vary
Accept
content-type
image/gif
x-styx-req-id
94ec1476-07a6-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 10:35:51 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/
2 B
433 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=websense/forcepoint-2018/202407161702&cb=1721290725876
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-116.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date
Thu, 18 Jul 2024 08:08:55 GMT
via
1.1 51b32b366d2fc0baf4c02123f643c37c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
age
591
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2
last-modified
Sat, 11 Mar 2023 06:57:46 GMT
server
AmazonS3
etag
"7bc0ee636b3b83484fc3b9348863bd22"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
UcQI6ABJuAOj2OGVx-JW7ls4bcKBxGbom6tVEPEA1YvG2io3oCEz8w==
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
886 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 08:18:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
efb56e25-5a1f-409c-9a7b-3729f4df2faa
x-envoy-upstream-service-time
5
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
efb56e25-5a1f-409c-9a7b-3729f4df2faa
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-hsmnc
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
8a510afe1e759191-FRA
truncated
/
133 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
geolocation-db.com/json/
0
0

counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
849 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 08:18:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
50ec1864-c328-4015-bd02-f92d54f7f692
x-envoy-upstream-service-time
5
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
50ec1864-c328-4015-bd02-f92d54f7f692
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-gqvlc
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
8a510afe4e969191-FRA
/
geolocation-db.com/json/
169 B
277 B
XHR
General
Full URL
https://geolocation-db.com/json/
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.12.4.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
1e474a6a3472ae8db643f4c49d9abb43dbeff4c78a1c27caf4e87d81d2bc8884

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 18 Jul 2024 08:18:46 GMT
content-encoding
gzip
server
nginx/1.14.0 (Ubuntu)
content-type
text/html; charset=UTF-8
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
540 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 08:18:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
3346bd45-891b-4897-b237-0c5ae37bb003
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
3346bd45-891b-4897-b237-0c5ae37bb003
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-rb5dx
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
8a510aff1fcd9191-FRA
nr-rum-1.262.0.min.js
js-agent.newrelic.com/
49 KB
16 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-rum-1.262.0.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.39 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a557b02ea64886c022f719706e39e65ad6ba8accd1ab25498e9dd18e6da880d7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/
Origin
https://www.forcepoint.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
r7yL2WJdLoR2RnA7cy4KmyFp0CcyXjOe
content-encoding
br
via
1.1 varnish
date
Thu, 18 Jul 2024 08:18:46 GMT
strict-transport-security
max-age=300
x-amz-request-id
SM68FBRA83Q31W1C
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
15610
x-amz-id-2
kpOAYrqMO3Rlccygumm/12tPvyNSOKa4CDb86/EMlnsQpO2evywgTS/kQtoA6OvnHpnsXvx6KzQ=
x-served-by
cache-fra-eddf8230139-FRA
last-modified
Wed, 10 Jul 2024 15:59:13 GMT
server
AmazonS3
etag
"8725f7bd03f3c4df3f40d580cf1e5f6c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
5563
latest.js
scripts.simpleanalyticscdn.com/
7 KB
5 KB
Script
General
Full URL
https://scripts.simpleanalyticscdn.com/latest.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_js/js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
BunnyCDN-DE1-1082 /
Resource Hash
a965bdafdcbdf6a1bc0a04fb81ee6d5fb86e1fde7a2da4e8998ab3bcf467bdb4

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 08:18:46 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-storageserver
DE-680
cdn-cachedat
04/30/2024 19:00:38
cdn-pullzone
103822
last-modified
Mon, 10 Jul 2023 03:50:47 GMT
server
BunnyCDN-DE1-1082
cdn-fileserver
635
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"64ab8017-1d5b"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
621ef7c8-45de-46e4-8237-2eca0c3a2d75
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=604800
simple-analytics
true
cdn-requestid
997ee458c4b97ecf6f76118fa3f30272
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
favicon.ico
www.forcepoint.com/sites/all/themes/custom/fp/assets/icons/favicon/
15 KB
1001 B
Other
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/icons/favicon/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.228 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
59a410a623d86c98b190b07e27d0cf4e36455f184fc85cc1a4021aac1bc8a860
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-778cbf697c-t7qk6
date
Thu, 18 Jul 2024 08:18:46 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
119979
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
expires
Thu, 17 Jul 2025 07:29:20 GMT
content-length
606
x-served-by
cache-chi-klot8100165-CHI, cache-fra-etou8220135-FRA, cache-fra-eddf8230151-FRA
last-modified
Mon, 15 Jul 2024 20:35:59 GMT
server
nginx
x-timer
S1721290726.402142,VS0,VE4
etag
"6695882f-3aee"
vary
Accept-Encoding
content-type
image/x-icon
x-styx-req-id
1e260433-4345-11ef-99b2-1aa621e8227a
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
12, 393, 0
NRJS-922263b7f65c352c48b
bam.nr-data.net/1/
150 B
711 B
XHR
General
Full URL
https://bam.nr-data.net/1/NRJS-922263b7f65c352c48b?a=477262540&v=1.262.0&to=YFEDbUMFXBBXB0RbXlkbNEtYSx0KWABVSh9HXBE%3D&rst=1784&ck=0&s=830d030fa1c351be&ref=https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses&ptid=fb803794587f5409&ap=1051&be=338&fe=1079&dc=571&at=TBYAGwsfTx4%3D&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1721290724969,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:1,%22c%22:1,%22s%22:306,%22ce%22:324,%22rq%22:324,%22rp%22:338,%22rpe%22:352,%22di%22:859,%22ds%22:871,%22de%22:909,%22dc%22:1410,%22l%22:1410,%22le%22:1417%7D,%22navigation%22:%7B%7D%7D&fp=588&fcp=588
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.262.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d178ee57c5d2a506b3799b50fea41d93ed1b786b8249434071bd048f2f376ac

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type
text/plain

Response headers

Date
Thu, 18 Jul 2024 08:18:46 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Transfer-Encoding
chunked
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.forcepoint.com
access-control-expose-headers
Date
Vary
Accept-Encoding
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
Connection
keep-alive
CF-Ray
8a510b026d38195e-FRA
timing-allow-origin
https://www.forcepoint.com
simple.gif
queue.simpleanalyticscdn.com/
43 B
410 B
Image
General
Full URL
https://queue.simpleanalyticscdn.com/simple.gif?version=cdn_latest_11&hostname=www.forcepoint.com&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F126.0.0.0%20Safari%2F537.36&https=true&timezone=Europe%2FBerlin&page_id=dc3a4a12-664f-4ec3-8051-6f6c1c670eba&session_id=8e1eedf6-4ab7-4079-8bd9-62d123abbd6a&sri=false&mobile=false&brands=%5B%5D&os_name=&os_version=&path=%2Fblog%2Fx-labs%2Fshadowroot-ransomware-targeting-turkish-businesses&viewport_width=1600&viewport_height=1200&language=de-DE&screen_width=1600&screen_height=1200&unique=true&id=dc3a4a12-664f-4ec3-8051-6f6c1c670eba&type=pageview&time=1721290726777
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
190.2.151.160 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
190-2-151-160.hosted-by-worldstream.net
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Jul 2024 08:18:46 GMT
Simple-Analytics-Feedback
Thanks for sending this page view!
Simple-Analytics-Location
not_set
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
43
Expires
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
geolocation-db.com
URL
https://geolocation-db.com/json/

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| NREUM object| webpackChunk:NRBA-1.262.0.PROD object| newrelic function| advagg_fallback object| utag_data function| jQuery number| _vis_opt_account_id string| _vis_opt_protocol string| _vis_opt_script1src string| _vis_opt_script1id string| _vis_opt_script2src string| _vis_opt_script2id function| _vis_opt_loadScript function| _vis_opt_loadScript_write function| loadTopBottomScript function| vwoSyncCode function| consentCookie function| vwoConsentGiven function| shouldRunScript object| body function| insertModalInBody function| userScrolledUp function| userInteracted function| userSpentTime function| userLeavesPage function| closeModal object| forresterUrls object| dseUrls object| hubspot object| HubSpotForms object| hbspt object| hsFormsOnReady function| advagg_mod_2 function| advagg_mod_2_check function| advagg_mod_defer_1 function| init_drupal_core_settings object| utag_err string| url object| utag function| e object| s function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap object| _linkedin object| _qevents function| _tealium_old_error object| adobe function| Visitor object| s_c_il number| s_c_in object| _linkedin_data_partner_ids string| gtagRename object| dataLayer function| gtag function| rdt object| md5 function| fbq function| _fbq object| html5 object| Modernizr object| Drupal object| jQuery112407759440430873743 function| DOMPurify function| lazyloaderDebounceOrThrottle object| echo function| Waypoint object| AOS object| picturefillCFG function| picturefill object| options function| tealiumGetResourceSearchData function| tealiumTrackResourceSearch object| tealFuncs object| _hsq boolean| sa_event_loaded boolean| sa_loaded function| sa_event

12 Cookies

Domain/Path Name / Value
.hsforms.net/ Name: __cf_bm
Value: kidPs09xynr1HD5em9fyaRxaOKQbEKRGfMDZgp.Uvig-1721290725-1.0.1.1-.rJpMtsddRFmeBhqU6VOLyxCRiyliIT2SpwZ1_CW6qLWkC1GDCC1GL_U4TSCcips4CcsGm0v82NH5h.1EFm0IA
.adnxs.com/ Name: XANDR_PANID
Value: I3ah0d2IrxxrsBPfnVy0n30bpcY-fftKaBKvdr0CkLml_-gx_zT8LDLSxJX41Xtpm4oYzzBM1DaCks4Uk7gVNpZ5vkEd8AFzYnvNr5hXCSU.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 3311319404537773245
.forcepoint.com/ Name: utag_main__sn
Value: 1
.forcepoint.com/ Name: utag_main__se
Value: 1%3Bexp-session
.forcepoint.com/ Name: utag_main__ss
Value: 1%3Bexp-session
.forcepoint.com/ Name: utag_main__st
Value: 1721292525819%3Bexp-session
.forcepoint.com/ Name: utag_main_ses_id
Value: 1721290725819%3Bexp-session
.forcepoint.com/ Name: utag_main__pn
Value: 1%3Bexp-session
.hsforms.com/ Name: __cf_bm
Value: _.cn1YHLldJM.lPjcbd2tx_GIDwSWrnbLznZ24.Q5OY-1721290726-1.0.1.1-ERapbPoV.GfOoIaHp296a.4MoxgyBZ2qRCXuKyuB9s7RHL0LX1ohs8ap9iv3UNc2JAWU4wpeEYxANx9slPAvgg
.hsforms.com/ Name: _cfuvid
Value: oR9b_6UMSGF6.VbIA_7_acYOM.4iHwQoWYoqt88N3zc-1721290726230-0.0.1.1-604800000

21 Console Messages

Source Level URL
Text
javascript error URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
Access to XMLHttpRequest at 'https://geolocation-db.com/json/' from origin 'https://www.forcepoint.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://geolocation-db.com/json/
Message:
Failed to load resource: net::ERR_FAILED
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/help.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/message-24-warning.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/message-24-error.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/menu-expanded.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/tree-bottom.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/menu-collapsed.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/message-24-ok.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/throbber-inactive.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/draggable.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/grippie.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/tree.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/throbber-active.gif was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
Message:
The resource https://www.forcepoint.com/misc/progress.gif was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
security error URL: https://scripts.simpleanalyticscdn.com/latest.js(Line 2)
Message:
Refused to connect to 'https://queue.simpleanalyticscdn.com/append' because it violates the following Content Security Policy directive: "connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com; img-src * data: *; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com *.ceros.com *.hubspot.com *.hubspot.net *.demdex.net *.libsyn.com *.youtube.com; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com *.reddit.com *.g2crowd.com *.quantcount.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

attr.ml-api.io
bam.nr-data.net
cdnjs.cloudflare.com
code.jquery.com
forms-na1.hsforms.com
forms.hsforms.com
geolocation-db.com
js-agent.newrelic.com
js.hsforms.net
queue.simpleanalyticscdn.com
s.ml-attr.com
scripts.simpleanalyticscdn.com
secure.adnxs.com
tags.tiqcdn.com
www.forcepoint.com
geolocation-db.com
104.17.24.14
104.18.141.119
104.18.80.204
13.33.187.116
151.101.194.228
151.101.2.137
159.89.102.253
162.247.241.14
162.247.243.39
169.150.247.39
190.2.151.160
37.252.171.52
65.9.66.5
68.67.153.60
033ea4cefced423a11d0cc62afb56c3b09c16913abe8a891fc578b2f2327a101
04b512735003d45868136e8382b0835e32e8aa2bbe73634cb6a9059bde1f50de
0af941ad21ab4dc704f04bdf8d21825869cfe27eb61b3a37e295f70697c48c88
0eb42d32c51e79e9d48a5694328c0ce8889f58a2c25bf13f239a8d818226a96a
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae
10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
195211df418c32079abb41bb0ebd2ea3aace287509a9c49702d80f1350313527
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d
1e474a6a3472ae8db643f4c49d9abb43dbeff4c78a1c27caf4e87d81d2bc8884
1f81387d932ab97c0ddff8edfc8e1ca4e37201b3cfb5d3911bc25a04e4087ae7
212f36154bde29fb1769244168fa4f40e77315fffa6ae42fff232062f8ed7a0a
215d0f0045ab0ae86e1bc9f6a6ba636858df75adbadd10f0b228c4ab05dc7729
23101a57da5bd64dde755399a7f34a1c69bb4addcdfe003a9aa99d3d022483ed
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
2528d731c4e61e67f78982f202d1de7e6f7a234117b4d9c98325c27e33c6e1d3
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
2a4693f2cfab06c8f82a71e57d82363c57e3b93597ea2a9c08c2bb08f83839f0
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
2caf6812d133b2fc835155902536bee390fd4dca3f8d6cc7e62f7081e27debf6
2d178ee57c5d2a506b3799b50fea41d93ed1b786b8249434071bd048f2f376ac
2da781a6191588a46eeb8e47e2d5c4fd2d49a2eceeb1e6e061dbac289e63dc7c
2db23bd96dca0757b0f0d309acb62fe766c08348c86c195ed79658f7f7b456c3
3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d
3180fea88eaa47e87effdffd92cc7f52249a701909b6b617b2d0c55b7a0e7c98
33b9732e0e2aa2683522382286b86715ec85f147959f352137f49a1d4feb79a0
33df7d1430b49b83528e5df930e1da6d9bf492fb32b37ff2b9fd4d97834a0abd
3f3a06c93db350a7a9d3616a3dbbd6c252e702ade48978256c8a125fc2981d2d
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
4577c7682212aced0e91a82f5d2e9876a77151bf8f16a8317e8a95fc29c87f8d
483feab2b57e186b9b87d17c0441d26fd342526af75d64c8985a85734b879eb3
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3
4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a
4d58ffb4437135b1a4f7b8cbf01321ea85fe244416aed493ea942462f3d58c86
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70
521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
59a410a623d86c98b190b07e27d0cf4e36455f184fc85cc1a4021aac1bc8a860
5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886
5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49
61deedef5519831c5ba93b5ea4ccbe1d3a6a544c37709704271d05871caf1a02
634b615987ef6bc5cf11ff7eb78673aebf61e436dc7a56de0f4b4aa543ccb577
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
67138202cdb85739d98743e8226b60fbef18366ce3da88902bee16dacd0f0959
6806cdcdd3c7f06950968eeebc5ed11dc261adde18cfefd541532fcf5e59ddff
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868
69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
712e59da51ddbfc83c263cc8c2b6a404d9f3ec89e830f11220db390c5a410456
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455
7a06dd94021db644db9732192dd8c6b062b80d3f99488e35ce495e82f0ccf961
7dfeb329f73421a0c80e8a067d3e1d67c916c84746f94cb9826c06bc58516d1f
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a
8117b5d7ba159bfb0cf341d96a566b4b06c466a0038eca2273a8533b1536e019
83fb1040f8f7dc9b42904b8ea0507b1fec248e2ffa8a0ad32d8f00357e9a01f3
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
91997f03543fdd296c85e60feede1e3df0e950aca03698583ff2870869a2dc0b
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
9e815610f978cad8bc6a72832b206c68e17bf6799cd0c937b2b3c30014243f73
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
a167f660daaa2f0abba7204685eb46f7127b490d936f10747a2f8c5daba26b83
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d
a557b02ea64886c022f719706e39e65ad6ba8accd1ab25498e9dd18e6da880d7
a965bdafdcbdf6a1bc0a04fb81ee6d5fb86e1fde7a2da4e8998ab3bcf467bdb4
ac12f243172f3c8376a67f24942257093fd70d0c10212a58bf8df60f372be24e
ac549b887c22d68ffc9963e419cb31015a2305200948d06f3ca24c67b1986d81
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9
b2da29ed5ab13ba88c22a51b412428640f8b495c40e0225d712d16eb6ea8351e
b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b
b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29
b59117aaaa77098f07b611fff721f582ad56daaf3a460dc4161c29172632918d
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef
b953b08e1df7e7f679d26b34118e8b99ce2f0889060bdf0f74ca30c641e1473c
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b
bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf
c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b
c309dbbe647bbf8904cf5cf33833f02fdc6e00c6bb5a95cdf9f29fac4e662207
c3af792cf17fc9da7b301e6ec8a24dcec9e7b4d3ef83622c2417329f658e8848
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
c654220d555e70fb63334836085ed53e9a9d2982e79824664fba6d89e6dc490e
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3
defd01b0db74c62e4efe18ef38e5ec968f2b8c2cf51ab6b14f12e1ad250eec84
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f
e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c
e6bb0467284ad6bf4b716def881b4ecb16751807121ba3e2fcca55a33c850dc0
ea07860293f07c2308249b8655e8ef4d5c1569accaec066614e9e49190103cbb
eb06d9c1faf512de924b0840e5ff2cea13ea5154e84b9a2edb23c3ee94602bd7
ec5d5e9a8573943abc88da8c47fead83a877d69e64c69b339dbc9a893da055c9
ece4490c33a7069c08a0e696be3541870684db90df7dbb70205a99dc57973eac
ee27e3cdc69e172aac4b82b3f20d30a2e9b8fc56e7154475292f0ce338b8a5a5
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
f443007354af04e5d9f0aea2ce21303442752753ce63ab035a6c76d4f06d5d52
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5
f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1
fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5
fd08b09bb992ad9d8eb1fa512716a782939ee1df7c7b10ebecef57bc7b023626
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0
ff79200e9d0486ad1207f01f3c5918eea0771ded9b1681694da8caaae4c74c1a