www.documentcloud.org Open in urlscan Pro
104.22.59.213  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 21397387-ragnarlocker-ransomware-indicators-of-compromise Show response www.documentcloud.org/documents/	505 B 660 B	177ms 121ms	Document text/html	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 84f8e9a668535fa4a77a84d9905392b3e4f874b780d4be84bc6399cc837d216c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language it-IT,it;q=0.9 Response headers date Tue, 08 Mar 2022 10:07:36 GMT content-type text/html; charset=UTF-8 age 52285 cache-control public, max-age=0, must-revalidate etag W/"ab83545834b1cafb294e4824dd11d616-ssl" strict-transport-security max-age=31536000 x-nf-request-id 01FXMFZ7BQZSD80N2MHAVSM350 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 6e8ac3ce9bbc0f66-MXP content-encoding gzip
GET H2	200	css fonts.googleapis.com/	9 KB 1 KB	106ms 38ms	Stylesheet text/css	216.58.212.170 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,400i,600,700&display=swap Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.58.212.170 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s01-in-f10.1e100.net Software ESF / Resource Hash 5fb7559c328b3a8c24c24d98163c286052aafaea71120e54be7bc038fbd584ec Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 08 Mar 2022 08:48:29 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 08 Mar 2022 10:07:36 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 08 Mar 2022 10:07:36 GMT
GET H2	200	global.css www.documentcloud.org/	141 B 320 B	34ms 34ms	Stylesheet text/css	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.documentcloud.org/global.css Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2363775ae69c16cf10895c1f0ac1dc974e059403abd16796b9c63bd32bc0988d Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-nf-request-id 01FWT5KN1WJVYYW300AHSERM2H date Tue, 08 Mar 2022 10:07:36 GMT content-encoding gzip cf-cache-status HIT server cloudflare age 270588 etag W/"ca78e1bed267e5b8023f359408b8d4d9-ssl" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public,max-age=86400,s-maxage=604800,immutable strict-transport-security max-age=31536000 cf-ray 6e8ac3cf7d6f0f66-MXP
GET H2	200	bundle.66e952d6a9c350d98128.css www.documentcloud.org/	6 KB 2 KB	35ms 34ms	Stylesheet text/css	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.documentcloud.org/bundle.66e952d6a9c350d98128.css Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 030b4ce51d224fbaa9b497aa6dfed078bba06b9bf7b542b3c5986b9425031501 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-nf-request-id 01FXANWRMD89HKXQC1HSHJVP49 date Tue, 08 Mar 2022 10:07:36 GMT content-encoding gzip cf-cache-status HIT server cloudflare age 328445 etag "f3684f9de5fc6cf2afeb95e2be4b17c9-ssl-df" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public,max-age=604800,immutable strict-transport-security max-age=31536000 cf-ray 6e8ac3cf7d730f66-MXP
GET H2	200	bundle.88eb1a4a2303da521ef2.js Show response www.documentcloud.org/	362 KB 82 KB	39ms 38ms	Script application/javascript	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.documentcloud.org/bundle.88eb1a4a2303da521ef2.js Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f8ab490ec63c0809c2f95df93937fd393ea407afeef4b12b441dfdeec56a7cf3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-nf-request-id 01FXANWRMEGEA7DJXTTRDKZPPA date Tue, 08 Mar 2022 10:07:36 GMT content-encoding gzip cf-cache-status HIT server cloudflare age 328445 etag "b00872a8a2ef02861ea3438aa4d2d4af-ssl-df" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public,max-age=604800,immutable strict-transport-security max-age=31536000 cf-ray 6e8ac3cf7d750f66-MXP
GET H2	200	24.a5e37069ccf7b5a8a71c.js Show response www.documentcloud.org/	29 KB 9 KB	35ms 35ms	Script application/javascript	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.documentcloud.org/24.a5e37069ccf7b5a8a71c.js Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/bundle.88eb1a4a2303da521ef2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 73777ca4890801aa9d1eb67e022c978be2332c5770151e69767f23423a83a8c6 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-nf-request-id 01FXANWS01NX7XXZBEWYJRTXDC date Tue, 08 Mar 2022 10:07:37 GMT content-encoding gzip cf-cache-status HIT server cloudflare age 328445 etag "8bd70d558d928372ae9e1b7d061e1c63-ssl-df" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public,max-age=604800,immutable strict-transport-security max-age=31536000 cf-ray 6e8ac3d03f0c0f66-MXP
GET H2	200	19.5331c51a564c0b894f6e.js Show response www.documentcloud.org/	35 KB 9 KB	67ms 66ms	Script application/javascript	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.documentcloud.org/19.5331c51a564c0b894f6e.js Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/bundle.88eb1a4a2303da521ef2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7cf024a6ff4f21d09880a4fe1625ed53f65ea319bf0c5c934c8b916b8036b419 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-nf-request-id 01FXANWS0JKXRTFTR3Q621V5K2 date Tue, 08 Mar 2022 10:07:37 GMT content-encoding gzip cf-cache-status HIT server cloudflare age 328445 etag "8e86b5012b575ce5c93b269de0eb4979-ssl-df" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public,max-age=604800,immutable strict-transport-security max-age=31536000 cf-ray 6e8ac3d05f4e0f66-MXP
GET H2	200	0.fbbfe9910218178ad0c4.css www.documentcloud.org/	5 KB 1 KB	67ms 66ms	Stylesheet text/css	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.documentcloud.org/0.fbbfe9910218178ad0c4.css Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/bundle.88eb1a4a2303da521ef2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d3818bcf5d2f5ca2249715a6354a878e8ca3bc008adb9b9bcd23faad82070982 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-nf-request-id 01FXAPMF971D0JVP7FEBEM123T date Tue, 08 Mar 2022 10:07:37 GMT content-encoding gzip cf-cache-status HIT server cloudflare age 328445 etag "d14b16e8155cddd115d103d57f33afef-ssl-df" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public,max-age=604800,immutable strict-transport-security max-age=31536000 cf-ray 6e8ac3d05f570f66-MXP
GET H2	200	0.107ddcdd50819bb04310.js Show response www.documentcloud.org/	34 KB 7 KB	46ms 45ms	Script application/javascript	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.documentcloud.org/0.107ddcdd50819bb04310.js Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/bundle.88eb1a4a2303da521ef2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a7f40dc2f665e05b63e6f72452b2505df8acd101af44bdb94924c0c9c5884b05 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-nf-request-id 01FXANWS0E1Y6SFEXXP08GRZ3S date Tue, 08 Mar 2022 10:07:37 GMT content-encoding gzip cf-cache-status HIT server cloudflare age 328445 etag "b6f34eef1a638e877d9dd6c4e37b6281-ssl-df" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public,max-age=604800,immutable strict-transport-security max-age=31536000 cf-ray 6e8ac3d05f660f66-MXP
GET H2	200	1.4930e1cc1479d6bd0083.css www.documentcloud.org/	6 KB 2 KB	67ms 66ms	Stylesheet text/css	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.documentcloud.org/1.4930e1cc1479d6bd0083.css Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/bundle.88eb1a4a2303da521ef2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3bb379fdcf4c98fef6f481c94200073325f3e0683903ef8dd97d9333ac71a2cd Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-nf-request-id 01FXANWS0QMXBNZSBS1WATGGDZ date Tue, 08 Mar 2022 10:07:37 GMT content-encoding gzip cf-cache-status HIT server cloudflare age 328445 etag "55814b37f120306ce9172b2c82cc6dae-ssl-df" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public,max-age=604800,immutable strict-transport-security max-age=31536000 cf-ray 6e8ac3d05f6b0f66-MXP
GET H2	200	1.0a404221808dccb498e7.js Show response www.documentcloud.org/	59 KB 10 KB	47ms 46ms	Script application/javascript	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.documentcloud.org/1.0a404221808dccb498e7.js Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/bundle.88eb1a4a2303da521ef2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 56c42e5445b8f4ef8f7876035a8a89fe89b199f3f9de3d7c78c38b655be56794 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-nf-request-id 01FXANWS0YMJP4XGMNHJD7GD04 date Tue, 08 Mar 2022 10:07:37 GMT content-encoding gzip cf-cache-status HIT server cloudflare age 328445 etag "1a47244a0ddfbe034af20ac03942333e-ssl-df" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public,max-age=604800,immutable strict-transport-security max-age=31536000 cf-ray 6e8ac3d05f6d0f66-MXP
GET H2	200	6.b511598d28be63de062e.css www.documentcloud.org/	29 KB 5 KB	65ms 64ms	Stylesheet text/css	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.documentcloud.org/6.b511598d28be63de062e.css Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/bundle.88eb1a4a2303da521ef2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4ca506e5801f97c3b387193f6091157b7c0b2a5d5509fc895f2281dad993bb0c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-nf-request-id 01FXANWS0F32WPXY55RZPCT3QG date Tue, 08 Mar 2022 10:07:37 GMT content-encoding gzip cf-cache-status HIT server cloudflare age 328445 etag "e4fe185383324a99665b6ad522ef9a5c-ssl-df" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public,max-age=604800,immutable strict-transport-security max-age=31536000 cf-ray 6e8ac3d05f700f66-MXP
GET H2	200	6.dd93cb7cd1b573747827.js Show response www.documentcloud.org/	346 KB 51 KB	58ms 58ms	Script application/javascript	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.documentcloud.org/6.dd93cb7cd1b573747827.js Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/bundle.88eb1a4a2303da521ef2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 81e4bd6996ea6acb5014f13aaded14044284eaf5fca05ce749104f0248ac8fb2 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-nf-request-id 01FXANWS67CQV6DB0ZDMGD15JZ date Tue, 08 Mar 2022 10:07:37 GMT content-encoding gzip cf-cache-status HIT server cloudflare age 328445 etag "963da451c77bd412e28497d59046b847-ssl-df" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public,max-age=604800,immutable strict-transport-security max-age=31536000 cf-ray 6e8ac3d05f730f66-MXP
GET H2	200	/ Show response api.www.documentcloud.org/api/documents/21397387/	2 KB 1 KB	71ms 61ms	XHR application/json	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.www.documentcloud.org/api/documents/21397387/?expand=user%2Corganization%2Cnotes%2Csections%2Cnotes.organization%2Cnotes.user Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/bundle.88eb1a4a2303da521ef2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 010ad13911bf890d31e8b10d477e7b1e39e8b279f6f50f70a17a328f4f7d172c Security Headers Name Value Strict-Transport-Security max-age=60; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Accept application/json, text/plain, */* Referer https://www.documentcloud.org/ Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 10:07:37 GMT via 1.1 vegur x-content-type-options nosniff cf-cache-status HIT age 248 x-moesif-transaction-id f746d0d1-61bd-418c-b432-1c14b558475a content-type application/json content-encoding gzip vary Cookie, Accept, Origin, Accept-Language, Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin allow GET, PUT, PATCH, DELETE, HEAD, OPTIONS last-modified Tue, 08 Mar 2022 10:03:29 GMT server cloudflare x-frame-options DENY expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=60; includeSubDomains; preload content-language fr access-control-allow-origin https://www.documentcloud.org cache-control public, max-age=600 access-control-allow-credentials true cf-ray 6e8ac3d05f7d0f66-MXP
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 fonts.gstatic.com/s/sourcesanspro/v19/	13 KB 13 KB	99ms 30ms	Font font/woff2	142.250.186.163 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v19/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,400i,600,700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.163 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f3.1e100.net Software sffe / Resource Hash c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.documentcloud.org Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 02 Mar 2022 18:03:30 GMT x-content-type-options nosniff age 489847 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13036 x-xss-protection 0 last-modified Wed, 23 Feb 2022 17:39:39 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 02 Mar 2023 18:03:30 GMT
GET DATA	200 OK	truncated /	123 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 964f619d79d4ebc1522aa1780158dfe8457d5db1cef4dcc8d3aa25a254b381ad Request headers Accept-Language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v19/	13 KB 13 KB	31ms 30ms	Font font/woff2	142.250.186.163 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v19/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,400i,600,700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.163 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f3.1e100.net Software sffe / Resource Hash 7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.documentcloud.org Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 02 Mar 2022 18:04:09 GMT x-content-type-options nosniff age 489808 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 12924 x-xss-protection 0 last-modified Wed, 23 Feb 2022 17:39:25 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 02 Mar 2023 18:04:09 GMT
GET H2	200	ragnarlocker-ransomware-indicators-of-compromise-p1-thumbnail.gif s3.documentcloud.org/documents/21397387/pages/	4 KB 5 KB	61ms 51ms	Image image/gif	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s3.documentcloud.org/documents/21397387/pages/ragnarlocker-ransomware-indicators-of-compromise-p1-thumbnail.gif?ts=1646681012663 Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 345652d04b0cd81944366f23b5453c4e20ec6c9d4149ecd2d4f8a30072f2bbc5 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 10:07:37 GMT cf-cache-status HIT last-modified Mon, 07 Mar 2022 19:23:19 GMT server cloudflare age 246 etag "9b06cba82b339695157ff03a4add8595" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/gif content-length 4356 accept-ranges bytes cf-ray 6e8ac3d1194e0f66-MXP x-amz-request-id GN5PMYN4PRC6AHNG x-amz-id-2 PESizlSwikdAOBoLi0jP/HVOx5xCJyZN29BuZzfSI1Y5Vu6GmIA5Fg2Ah80eXny9VcjM6pgsFGA=
GET H2	200	ragnarlocker-ransomware-indicators-of-compromise-p2-thumbnail.gif s3.documentcloud.org/documents/21397387/pages/	4 KB 4 KB	61ms 51ms	Image image/gif	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s3.documentcloud.org/documents/21397387/pages/ragnarlocker-ransomware-indicators-of-compromise-p2-thumbnail.gif?ts=1646681012663 Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5a5a81752dd3fbc6e8b11b952274c15d6d717a8eec5b1e3141ec3b42caa36aef Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 10:07:37 GMT cf-cache-status HIT last-modified Mon, 07 Mar 2022 19:23:21 GMT server cloudflare age 6963 etag "3351a9d36ddb01f7b395f84845e22fb4" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/gif content-length 4107 accept-ranges bytes cf-ray 6e8ac3d119540f66-MXP x-amz-request-id FJ254VZXWM045GXV x-amz-id-2 R+Y1ClWCMDrDUy6TQVu2ZBYs4xh/ASn60fmnd4BGBb6jsmpbGqxnAhQlIqHsRF4ObtuwIQTix2o=
GET H2	200	ragnarlocker-ransomware-indicators-of-compromise-p1-normal.gif s3.documentcloud.org/documents/21397387/pages/	321 KB 322 KB	60ms 51ms	Image image/gif	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s3.documentcloud.org/documents/21397387/pages/ragnarlocker-ransomware-indicators-of-compromise-p1-normal.gif?ts=1646681012663 Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6b59b5488ff9b6aee82915d273075c9300c31883fa811b1a6e35e636cbdcf922 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 10:07:37 GMT cf-cache-status HIT last-modified Mon, 07 Mar 2022 19:23:19 GMT server cloudflare age 246 etag "2a5d168270159d0938ea1e35cb582143" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/gif content-length 328989 accept-ranges bytes cf-ray 6e8ac3d119520f66-MXP x-amz-request-id GN5Z7BX4G509XY6J x-amz-id-2 S3f+yHGcv7pQze0OyZavpLlm9mCtuCf5+bZDVzdcsqiB8uV1xIULI4MWAg7V49lVHN38rltxFYU=
GET H2	200	ragnarlocker-ransomware-indicators-of-compromise-p2-normal.gif s3.documentcloud.org/documents/21397387/pages/	227 KB 227 KB	80ms 71ms	Image image/gif	104.22.59.213 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s3.documentcloud.org/documents/21397387/pages/ragnarlocker-ransomware-indicators-of-compromise-p2-normal.gif?ts=1646681012663 Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.59.213 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7107b8b429062e910a69b194e7a38a196ccc1117282f8dc03333e22035e014f0 Request headers Accept-Language it-IT,it;q=0.9 Referer https://www.documentcloud.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 10:07:37 GMT cf-cache-status HIT last-modified Mon, 07 Mar 2022 19:23:21 GMT server cloudflare age 6619 etag "f36f20ac987f8062187f479264bf11e7" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/gif content-length 232463 accept-ranges bytes cf-ray 6e8ac3d119360f66-MXP x-amz-request-id 8E3155S16TJ0NGYX x-amz-id-2 u92esb8GZKy2TLAIqoB/WBukD0ianH0nDEKFEOcXmD1NJPWvp2HlizNTDIM559eUJBBCIQ90f4s=
GET H2	200	ragnarlocker-ransomware-indicators-of-compromise-p1.position.json Show response s3.documentcloud.org/documents/21397387/pages/	40 KB 6 KB	100ms 52ms	XHR application/json	172.67.12.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://s3.documentcloud.org/documents/21397387/pages/ragnarlocker-ransomware-indicators-of-compromise-p1.position.json?ts=1646681012663 Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/bundle.88eb1a4a2303da521ef2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.12.145 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 60f844258ce7a59f299ffa725a03f7867c9a59284169b69222e8b75537e655bb Request headers Accept application/json, text/plain, */* Referer https://www.documentcloud.org/ Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 10:07:37 GMT content-encoding gzip vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding cf-cache-status HIT age 5330 x-amz-request-id S5XKDK7D8KDHYJMM x-amz-id-2 HWVHXYvRlUfEJFmezStd0XedH97/zRER/dcofwbfE3X4dK5z4HfJt6qyd8l74HaDszGQYmlt2O8= last-modified Mon, 07 Mar 2022 19:23:23 GMT server cloudflare etag W/"d781b109ed5824c96e3c0dade20c0244" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 3000 access-control-allow-methods GET content-type application/json access-control-allow-origin * cf-ray 6e8ac3d1aa873762-MXP
GET H2	200	ragnarlocker-ransomware-indicators-of-compromise-p2.position.json Show response s3.documentcloud.org/documents/21397387/pages/	50 KB 7 KB	100ms 52ms	XHR application/json	172.67.12.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://s3.documentcloud.org/documents/21397387/pages/ragnarlocker-ransomware-indicators-of-compromise-p2.position.json?ts=1646681012663 Requested by Host: www.documentcloud.org URL: https://www.documentcloud.org/bundle.88eb1a4a2303da521ef2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.12.145 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dd982db1d3fe150b191ba7732d0555afc2d3687361903314e73168660607a769 Request headers Accept application/json, text/plain, */* Referer https://www.documentcloud.org/ Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 10:07:37 GMT content-encoding gzip vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding cf-cache-status HIT age 5316 x-amz-request-id S5XG3F88JN6V93JS x-amz-id-2 Q2DOQnQCjkt4w7U38CBL3Q4Xl69my5wE5mILuIC0VaT0HJiRF0ARnac4fsF9K9HWhX8qnRfiml8= last-modified Mon, 07 Mar 2022 19:23:24 GMT server cloudflare etag W/"65cb06cd0f98a80296f7cfeb558b5894" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 3000 access-control-allow-methods GET content-type application/json access-control-allow-origin * cf-ray 6e8ac3d1aa893762-MXP

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored object| webpackJsonp object| app

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.www.documentcloud.org
fonts.googleapis.com
fonts.gstatic.com
s3.documentcloud.org
www.documentcloud.org
104.22.59.213
142.250.186.163
172.67.12.145
216.58.212.170
010ad13911bf890d31e8b10d477e7b1e39e8b279f6f50f70a17a328f4f7d172c
030b4ce51d224fbaa9b497aa6dfed078bba06b9bf7b542b3c5986b9425031501
2363775ae69c16cf10895c1f0ac1dc974e059403abd16796b9c63bd32bc0988d
345652d04b0cd81944366f23b5453c4e20ec6c9d4149ecd2d4f8a30072f2bbc5
3bb379fdcf4c98fef6f481c94200073325f3e0683903ef8dd97d9333ac71a2cd
4ca506e5801f97c3b387193f6091157b7c0b2a5d5509fc895f2281dad993bb0c
56c42e5445b8f4ef8f7876035a8a89fe89b199f3f9de3d7c78c38b655be56794
5a5a81752dd3fbc6e8b11b952274c15d6d717a8eec5b1e3141ec3b42caa36aef
5fb7559c328b3a8c24c24d98163c286052aafaea71120e54be7bc038fbd584ec
60f844258ce7a59f299ffa725a03f7867c9a59284169b69222e8b75537e655bb
6b59b5488ff9b6aee82915d273075c9300c31883fa811b1a6e35e636cbdcf922
7107b8b429062e910a69b194e7a38a196ccc1117282f8dc03333e22035e014f0
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
73777ca4890801aa9d1eb67e022c978be2332c5770151e69767f23423a83a8c6
7cf024a6ff4f21d09880a4fe1625ed53f65ea319bf0c5c934c8b916b8036b419
81e4bd6996ea6acb5014f13aaded14044284eaf5fca05ce749104f0248ac8fb2
84f8e9a668535fa4a77a84d9905392b3e4f874b780d4be84bc6399cc837d216c
964f619d79d4ebc1522aa1780158dfe8457d5db1cef4dcc8d3aa25a254b381ad
a7f40dc2f665e05b63e6f72452b2505df8acd101af44bdb94924c0c9c5884b05
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
d3818bcf5d2f5ca2249715a6354a878e8ca3bc008adb9b9bcd23faad82070982
dd982db1d3fe150b191ba7732d0555afc2d3687361903314e73168660607a769
f8ab490ec63c0809c2f95df93937fd393ea407afeef4b12b441dfdeec56a7cf3