features.propublica.org Open in urlscan Pro
2606:4700::6812:d026 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Submission: On August 29 via api (August 29th 2019, 8:23:51 pm UTC) from US

Summary HTTP 57 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 16 IPs in 4 countries across 15 domains to perform 57 HTTP transactions. The main IP is 2606:4700::6812:d026, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is features.propublica.org.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on April 17th 2019. Valid for: a year.

This is the only time features.propublica.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
25	2606:4700::68... 2606:4700::6812:d026	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
6	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1 5	2a00:1450:400... 2a00:1450:4001:818::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:814::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81a::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.12.134 151.101.12.134	54113 (FASTLY) (FASTLY - Fastly)
2	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.64.134 151.101.64.134	54113 (FASTLY) (FASTLY - Fastly)
1	2600:9000:205... 2600:9000:2057:f200:18:1fcd:349:ca21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	18.232.28.189 18.232.28.189	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	35.170.101.163 35.170.101.163	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
57	16

25 2606:4700::6812:d026 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

features.propublica.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.propublica.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.propublica.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
staticxx.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:818::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.194 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

propublica.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8083:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.64.134 (United States)

ASN54113 (FASTLY - Fastly, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:f200:18:1fcd:349:ca21 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.232.28.189 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: pi0-lba1-6-ue1.aws.pardot.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.170.101.163 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-35-170-101-163.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	propublica.org features.propublica.org www.propublica.org assets.propublica.org	1 MB
5	google.com 1 redirects www.google.com	1 KB
5	facebook.net connect.facebook.net	161 KB
4	facebook.com staticxx.facebook.com www.facebook.com	232 B
2	pardot.com pi.pardot.com	3 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	gstatic.com www.gstatic.com	183 KB
2	disqus.com propublica.disqus.com disqus.com Failed	22 KB
2	google.de adservice.google.de www.google.de	284 B
2	doubleclick.net 1 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net	58 KB
1	chartbeat.net ping.chartbeat.net	168 B
1	chartbeat.com static.chartbeat.com	14 KB
1	googletagmanager.com www.googletagmanager.com	38 KB
1	googletagservices.com www.googletagservices.com	13 KB
0	disquscdn.com Failed c.disquscdn.com Failed
57	15

	Domain	Requested by
14	features.propublica.org	features.propublica.org
6	assets.propublica.org	features.propublica.org assets.propublica.org
5	www.google.com	1 redirects features.propublica.org www.gstatic.com assets.propublica.org
5	connect.facebook.net	features.propublica.org www.propublica.org connect.facebook.net
5	www.propublica.org	features.propublica.org www.propublica.org
3	www.facebook.com	connect.facebook.net features.propublica.org www.googletagmanager.com
2	pi.pardot.com	www.propublica.org pi.pardot.com
2	www.google-analytics.com	www.googletagmanager.com features.propublica.org
2	www.gstatic.com	www.google.com
1	ping.chartbeat.net
1	static.chartbeat.com	www.propublica.org
1	disqus.com	propublica.disqus.com
1	www.google.de	features.propublica.org
1	stats.g.doubleclick.net	1 redirects
1	staticxx.facebook.com	connect.facebook.net
1	propublica.disqus.com	features.propublica.org
1	www.googletagmanager.com	www.propublica.org
1	adservice.google.de	www.googletagservices.com
1	securepubads.g.doubleclick.net	www.googletagservices.com
1	www.googletagservices.com	www.propublica.org
0	c.disquscdn.com Failed	propublica.disqus.com
57	21

This site contains links to these domains. Also see Links.

Domain
www.propublica.org
donate.propublica.org
www.theguardian.com
www.justice.gov
policies.google.com
www.fbi.gov
www.coveware.com
www.europol.europa.eu
research.checkpoint.com
vimeo.com
www.yelp.com
www.trustpilot.com

Subject Issuer	Validity	Valid
*.propub3r6espa33w.onion DigiCert SHA2 Extended Validation Server CA	`2019-04-17` - `2020-04-21`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-08-24` - `2019-10-19`	2 months	crt.sh
www.google.com GTS CA 1O1	`2019-07-29` - `2019-10-27`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-07-29` - `2019-10-27`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-07-29` - `2019-10-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-07-29` - `2019-10-27`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2018-03-28` - `2020-04-27`	2 years	crt.sh
www.google.de GTS CA 1O1	`2019-07-29` - `2019-10-27`	3 months	crt.sh
*.chartbeat.com Gandi Standard SSL CA 2	`2019-04-10` - `2020-04-10`	a year	crt.sh
*.pardot.com DigiCert SHA2 Secure Server CA	`2019-01-21` - `2020-01-22`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2018-12-20` - `2020-01-01`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Frame ID: 3E61C5DE4AA8C0045F791C6C0714FC4C
Requests: 52 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter.php?version=44
Frame ID: DDAB523FFE493071204AD2386AD9CFD7
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x&co=aHR0cHM6Ly9mZWF0dXJlcy5wcm9wdWJsaWNhLm9yZzo0NDM.&hl=en&v=v1565591531251&size=invisible&cb=crnhg5qy21r
Frame ID: 8D74F9963219C057512B10CDD407CDD5
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=propublica&t_i=1619431&t_u=https%3A%2F%2Ffeatures.propublica.org%2Fransomware%2Fransomware-attack-data-recovery-firms-paying-hackers%2F&t_e=Ransomware&t_d=The%20Trade%20Secret%3A%20Firms%20That%20Promised%20High-Tech%20Ransomware%20Solutions%20Almost%20Always%20Just%20Pay%20the%C2%A0Hackers&t_t=Ransomware&s_o=default
Frame ID: 8BE4705C93C00A5CC8AC5D485C9A072A
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 49A658062DCD41774FA0B265C5B43235
Requests: 1 HTTP requests in this frame

Frame: https://assets.propublica.org/prod/v3/css/deploy/syndicated-newsletter.css
Frame ID: 176C232C837BAFA41C95ADE865F15BAA
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x&co=aHR0cHM6Ly9mZWF0dXJlcy5wcm9wdWJsaWNhLm9yZzo0NDM.&hl=en&v=v1565591531251&size=invisible&cb=4405p7x4f9zq
Frame ID: 82CD8F80A8FF995EF25B7136852E707D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

57
Requests

93 %
HTTPS

69 %
IPv6

15
Domains

21
Subdomains

16
IPs

4
Countries

1782 kB
Transfer

3277 kB
Size

8
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://www.propublica.org/
Title: ProPublica

Search URL Search Domain Scan URL

URL: https://donate.propublica.org/
Title: Donate

Search URL Search Domain Scan URL

URL: https://www.theguardian.com/us
Title: An abridged version of this story is published in The Guardian.

Search URL Search Domain Scan URL

URL: https://www.justice.gov/opa/speech/deputy-attorney-general-rod-j-rosenstein-delivers-remarks-samsam-ransomware-press
Title: then-

Search URL Search Domain Scan URL

URL: https://www.propublica.org/article/ransomware-attack-do-you-know-something
Title: Let us know.

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.fbi.gov/news/stories/iranian-ransomware-suspects-indicted-112818
Title:

Search URL Search Domain Scan URL

URL: https://www.coveware.com/blog/2018/12/11/beware-of-dishonest-ransomware-recovery-firms
Title: blog

Search URL Search Domain Scan URL

URL: https://www.justice.gov/opa/speech/assistant-attorney-general-brian-benczkowski-delivers-remarks-samsam-ransomware-press
Title: indicted

Search URL Search Domain Scan URL

URL: https://www.justice.gov/opa/pr/washington-state-man-sentenced-prison-role-connection-reveton-ransomware
Title: money laundering

Search URL Search Domain Scan URL

URL: https://www.justice.gov/opa/pr/russian-national-who-operated-kelihos-botnet-pleads-guilty-fraud-conspiracy-computer-crime
Title: computer damage

Search URL Search Domain Scan URL

URL: https://www.europol.europa.eu/newsroom/news/prolific-cybercriminal-suspected-of-spreading-ransomware-arrested-polish-police
Title: arrested a Polish national

Search URL Search Domain Scan URL

URL: https://research.checkpoint.com/the-ransomware-doctor-without-a-cure/
Title: according to

Search URL Search Domain Scan URL

URL: https://www.coveware.com/blog/2018/10/29/ransomware-victims-rights
Title: note

Search URL Search Domain Scan URL

URL: https://vimeo.com/310852361
Title: video

Search URL Search Domain Scan URL

URL: https://www.yelp.com/biz/pc-usa-computer-solution-aventura
Title: Oujevolk

Search URL Search Domain Scan URL

URL: https://www.trustpilot.com/review/monstercloud.com
Title: wrote

Search URL Search Domain Scan URL

URL: https://www.propublica.org/people/renee-dudley
Title: Renee Dudley

Search URL Search Domain Scan URL

URL: https://www.propublica.org/people/jeff-kao
Title: Jeff Kao

Search URL Search Domain Scan URL

URL: https://www.propublica.org/people/rob-weychert
Title: Rob Weychert

Search URL Search Domain Scan URL

URL: https://www.propublica.org/people/hannah-birch
Title: Hannah Birch

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-3742720-1&cid=1318799313.1567110214&jid=1370944237&gjid=2078665211&_gid=2062341923.1567110214&_u=YGBAgAAB~&z=1006969644 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=1318799313.1567110214&jid=1370944237&_v=j79&z=1006969644 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=1318799313.1567110214&jid=1370944237&_v=j79&z=1006969644&slf_rd=1&random=399674684

57 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/ 140 KB
60 KB 589ms
517ms Document
text/html 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56f695c6decbe9bb598526d815e227f61dd8ded0909005b93aff218cc3c069f0

Request headers

:method: GET
:authority: features.propublica.org
:scheme: https
:path: /ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
date: Thu, 29 Aug 2019 20:23:33 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=de2d7d31cc06d9c74adee963f826d64f61567110213; expires=Fri, 28-Aug-20 20:23:33 GMT; path=/; domain=.propublica.org; HttpOnly
x-amz-id-2: B8DRKYbcSxAf6zW/EIDfqJhGyMGiQvo1DpQluD47hJXm766bEYEoxcqP6yV2mEIyK2zbTu0or3g=
x-amz-request-id: F3049D89AA4C43B4
cache-control: public, max-age=60
last-modified: Mon, 26 Aug 2019 23:01:16 GMT
cf-cache-status: REVALIDATED
expires: Thu, 29 Aug 2019 20:24:33 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 50e13e50b9eb8c98-VIE
content-encoding: br

GET
H2 200 main.css
features.propublica.org/ransomware/assets/css/ 33 KB
5 KB 188ms
187ms Stylesheet
text/css 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://features.propublica.org/ransomware/assets/css/main.css?20190826190111
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b441df5d5290c417724906029014c7ef42ad077d2e3cd6dfaf2d5428752e49fe

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:33 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: A13E60D45E024DDD
cf-polished: origSize=33784
status: 200
last-modified: Mon, 26 Aug 2019 23:01:14 GMT
x-amz-id-2: s0UXJRd1zeuMvMdotDEPZ1lZc6eWhQlRqBHpmhIJ3yd9xgqdHe9awGl2bxSt+LQmkaxFuVfVU7g=
cf-bgj: minify
server: cloudflare
etag: W/"6394aa362a17f4a81b00f90f86ea9526"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=60
cf-ray: 50e13e540bed8c98-VIE
expires: Thu, 29 Aug 2019 20:24:33 GMT

GET
H2 200 all.js Show response
www.propublica.org/js/public/assets/ 244 KB
68 KB 225ms
201ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.propublica.org/js/public/assets/all.js
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1dd1bb70981fb5553d49ff571ff90c1a342c46f280a0fc06d8ff851fd66ec6be

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:33 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: HIT
status: 200
content-encoding: br
x-served-by: cache-fra19140-FRA
last-modified: Thu, 28 Dec 2017 17:20:10 GMT
server: cloudflare
x-timer: S1567101609.535656,VS0,VE189
etag: W/"b5f6dcb837d91cdfe2ec3754d5a06e3d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
expires: Thu, 29 Aug 2019 20:28:33 GMT
cache-control: public, max-age=300
cf-ray: 50e13e542c108c98-VIE
x-cache-hits: 1

GET
H2 200 google_ads_boot.js Show response
www.propublica.org/js/public/assets/ 108 B
325 B 182ms
158ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.propublica.org/js/public/assets/google_ads_boot.js
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52c07848daa5a8b32e27e09e8bebc6c2fa8fb34c9942bf5f05e24e12bcd501c4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:33 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-hhn4065-HHN
last-modified: Thu, 28 Dec 2017 17:20:10 GMT
server: cloudflare
x-timer: S1564899698.909604,VS0,VE200
etag: W/"ae226c9fd7c24bdb1f936d75e6a8af1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
expires: Thu, 29 Aug 2019 20:28:33 GMT
cache-control: public, max-age=300
cf-ray: 50e13e542c0e8c98-VIE
x-cache-hits: 0

GET
H2 200 google_ads.js Show response
www.propublica.org/js/public/assets/ 1 KB
500 B 428ms
404ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.propublica.org/js/public/assets/google_ads.js
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 031d2af0b94a1c28fd91bc638ee6ae7db363881a09f55844c809a2c30984920b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-hhn4051-HHN
last-modified: Thu, 28 Dec 2017 17:20:10 GMT
server: cloudflare
x-timer: S1566896477.443456,VS0,VE236
etag: W/"b803a9f264f2a0450c11c84c71124a99"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
expires: Thu, 29 Aug 2019 20:28:33 GMT
cache-control: public, max-age=300
cf-ray: 50e13e542c0d8c98-VIE
x-cache-hits: 0

GET
H2 200 socialsnippet.js Show response
features.propublica.org/ransomware/assets/js/lib/ 3 KB
867 B 182ms
181ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://features.propublica.org/ransomware/assets/js/lib/socialsnippet.js
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28ad9812c123d3b3bd7264967fd55f3bb1b0a70024623f8c63dc4084a24e2e33

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:33 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Mon, 26 Aug 2019 23:01:16 GMT
server: cloudflare
x-amz-request-id: A0463D0F2EAEDAC9
etag: W/"49fcc95469436c60ea0a003a8dc6232b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=60
cf-ray: 50e13e540bee8c98-VIE
x-amz-id-2: ZR3LM9ZQd7SgCeNRR+bMrBViVbJVNiIsI9xinUOCY3LWZjktMwlcb5YkgR2Ir4cHZP+OXaKkhHA=
expires: Thu, 29 Aug 2019 20:24:33 GMT

GET
H2 200 beacons.js Show response
www.propublica.org/js/public/assets/ 3 KB
1 KB 198ms
174ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.propublica.org/js/public/assets/beacons.js
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffdc5a0a06a4c0b1b5c3c2e4271ae9253dd6cb3a4aecfa1da546c8f323d43db4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:33 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: HIT
status: 200
content-encoding: br
x-served-by: cache-fra19149-FRA
last-modified: Thu, 28 Dec 2017 17:20:10 GMT
server: cloudflare
x-timer: S1567101609.528799,VS0,VE195
etag: W/"ba2ec1bd9c42ad6e9fe5f3903627dc5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
expires: Thu, 29 Aug 2019 20:28:33 GMT
cache-control: public, max-age=300
cf-ray: 50e13e542c0f8c98-VIE
x-cache-hits: 1

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

260f6e1316aa5561c28543555b58245cf13777ea683623e078249a439f73f043

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Ednmx547XvgOUaQT1q94rg==
status: 200
content-length: 1779
etag: "c83c66078d285450506624de77fcb7c6"
x-fb-debug: Gn+aXurs6qfNR1IM7LAOFAx7ckUKLBSCapVHrymgneAWJk8xE4DMg3JaioOJnyKoLdL6gk/0w7cCnSAF3XI55Q==
x-fb-trip-id: 365799557
x-fb-content-md5: 79e8b2935e8f092a7b9769c99bbd42f1
x-frame-options: DENY
date: Thu, 29 Aug 2019 20:23:33 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 29 Aug 2019 20:36:55 GMT

GET
H2 200 main.js Show response
features.propublica.org/ransomware/assets/js/ 28 KB
9 KB 195ms
193ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://features.propublica.org/ransomware/assets/js/main.js?20190826190111
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb474388f28563881762c05c446269d1546dfed4a15a1427e970164d13ec3552

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:33 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Mon, 26 Aug 2019 23:01:16 GMT
server: cloudflare
x-amz-request-id: 47122D5036ED792E
etag: W/"9cf5119dfbf2b57f6947c108af0d50b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=60
cf-ray: 50e13e541bff8c98-VIE
x-amz-id-2: twOyOeeQRsY5NZKgCOryFkdsaOsewhg0c0stf8A+VWqfZS6JO0uleabwHXKyLUoAmxaaHKNMN2Q=
expires: Thu, 29 Aug 2019 20:24:33 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 871 B
643 B 59ms
58ms Script
text/javascript 2a00:1450:4001:818::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=grecaptchaLoaded&render=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x

Requested by

Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

80c58477dbc87c0b570ebf3fc6f7060656594e018dd395e7f08a361a2305b99c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 495
x-xss-protection: 1; mode=block
expires: Thu, 29 Aug 2019 20:23:33 GMT

GET
H2 200 recaptcha-init.js Show response
assets.propublica.org/prod/v3/js/deploy/ 954 B
547 B 202ms
181ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/js/deploy/recaptcha-init.js
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a525131e0b21b4d76f0a1c6160b23952e78352433655b692460cb554baedd7cd

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:33 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Mon, 26 Aug 2019 21:58:27 GMT
server: cloudflare
x-amz-request-id: 1F93778033C81DC9
etag: W/"0de68e88441d5522ebc9fe97fe7e36c4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cf-ray: 50e13e543c188c98-VIE
x-amz-id-2: Iunz88z9mFSeuCmTjbOtVFD0rlADejvPqpUHj7B3xNv8iq1rTsUWQE078GyfmS0SMlJ//i51ZVg=

GET
H2 200 syndicated-newsletter-v1.0.0.js Show response
assets.propublica.org/prod/v3/js/deploy/ 5 KB
2 KB 206ms
185ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/js/deploy/syndicated-newsletter-v1.0.0.js
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f977f8c04ed7c72fba02ba47aa4ffa32121a007f2a9f8ac4d4f19fcaf6d0d17

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:33 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Wed, 14 Aug 2019 18:26:55 GMT
server: cloudflare
x-amz-request-id: 0FBA551866AF69F4
etag: W/"1015dd9fc802a191b6aa58a5a486fa86"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cf-ray: 50e13e543c178c98-VIE
x-amz-id-2: W77uxX3H/KA/WbLp7itlKmGO3cDkxMyWEGLiEfrzb/mJAnKE9S1PsZhj/6J2H7EjRxCTJe7SXrg=

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 40 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/js/public/assets/google_ads_boot.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8b74c864b6b01be0d32b35bb3d8a224e46e3ee9113fc9d8ff1fe629447760d0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "264 / 460 of 1000 / last-modified: 1567094784"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 12714
x-xss-protection: 0
expires: Thu, 29 Aug 2019 20:23:34 GMT

GET
H2 200 pubads_impl_2019082201.js Show response
securepubads.g.doubleclick.net/gpt/ 158 KB
58 KB 15ms
15ms Script
text/javascript 172.217.16.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019082201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

sffe /

Resource Hash

f8e8baebac4f64ee22208b08a36fa7bb4996b541e95b03f978e7318bf2c8b362

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Aug 2019 13:08:19 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 59542
x-xss-protection: 0
expires: Thu, 29 Aug 2019 20:23:34 GMT

GET
H2 200 integrator.sync.js Show response
adservice.google.de/adsid/ 113 B
175 B 18ms
18ms Script
application/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.sync.js?domain=features.propublica.org

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Aug 2019 20:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 108
x-xss-protection: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 88 KB
23 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/js/public/assets/beacons.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

f15f778cd39043a166a29f654b1191bc6fbf8043a8cc3477c42764b14b919dec

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 23404
x-xss-protection: 0
pragma: public
x-fb-debug: 8awcx80IsJ0Zgg8xHhtLEI7Lvr3Vq24tMkzzCQElpPbXTIDlsjEJNYrA5zGyVEdofp+V3hvY5B4jLBR7oLtisg==
x-fb-trip-id: 365799557
x-frame-options: DENY
date: Thu, 29 Aug 2019 20:23:34 GMT
vary: Origin, Accept-Encoding
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 184 KB
38 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:81a::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M4BNWZ

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/js/public/assets/beacons.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

041bc2c17ec015ef806c668b4eb8810687b52e275e4e528a2abad4e2fa9552ee

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
content-encoding: br
last-modified: Thu, 29 Aug 2019 18:00:00 GMT
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 39247
x-xss-protection: 0
expires: Thu, 29 Aug 2019 20:23:34 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 192 KB
57 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=ea4197ebb6d4539796c6f8ed35e82fac&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

f08eef2c53ff913e56a7982a737483937b5350e6abd8ec5cd817c9770f9f5509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Origin: https://features.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: osbgRsEvjTndr8VDVDBlag==
status: 200
content-length: 58020
etag: "f819f345f4b5ee73f4679cba87051bcc"
x-fb-debug: xsbcKWWVywgnEcT3pk2qcDeVRdX8e1vE8aTOrSAkpbpdtJR9aDFsyqA9O1HGd+gHCDuhvFySxCazkhJ7uVQs6Q==
x-fb-trip-id: 365799557
x-fb-content-md5: 30c3c1772417e9dd0ad3b47c0fd36b7b
x-frame-options: DENY
date: Thu, 29 Aug 2019 20:23:34 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Fri, 28 Aug 2020 19:25:11 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2860e26b1585c3d2e9819046edccb99c21a9a1ab3cd5db9fc68ea47b54662866

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 463 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52884ade65fb7f22ad0344dcb656fe4a253cf22d70636c730a6168e1887ec381

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e659122a884d2cf1a040ab24242e9bfacbd6059334e6efb79b54580dcdff0434

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 28 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 22e6b300b9258112743e81e8c0bbe13222142f68caa582daab32ed2bcfb25493

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5f64c9209bdf96ebd28f41d42b8e2ca066789b3504905fca079ec179c3dd656

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7292610f85a9a18307d505b342c4ee9661f2e84a8b588cd382b16737231b8e9

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H/1.1 200
OK embed.js Show response
propublica.disqus.com/ 65 KB
22 KB 298ms
277ms Script
application/javascript 151.101.12.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://propublica.disqus.com/embed.js

Requested by

Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

openresty /

Resource Hash

9a1ef035cc0f1a1a7bdf83e6f7e86477b5fe45507e91d12ff4cad24ad5759cbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 29 Aug 2019 20:23:34 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 21861

GET
H2 200 pp-logo-light.min.svg
features.propublica.org/ransomware/assets/images/ 3 KB
1 KB 198ms
198ms Image
image/svg+xml 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://features.propublica.org/ransomware/assets/images/pp-logo-light.min.svg?548603
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13fa9430e13df4a536095b95424ea02d14aedbef6531ad2d94717a1a42913830

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/assets/css/main.css?20190826190111
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 26 Aug 2019 23:01:15 GMT
server: cloudflare
x-amz-request-id: 53607DF6A650CA85
etag: W/"ca9fc336e48de954befcc6b4596ca5ab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: public, max-age=60
cf-ray: 50e13e56cd988c98-VIE
x-amz-id-2: 9GbZyjeJ249AmMJK33pBGXztpIWEtbVxePXoTs3oNNqMHpPSPxnlabUqfAjZ9GvjYZYxSYMXz94=
expires: Thu, 29 Aug 2019 20:24:34 GMT

GET
H2 200 nav-sprites-light.min.svg
features.propublica.org/ransomware/assets/images/ 2 KB
1 KB 250ms
250ms Image
image/svg+xml 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://features.propublica.org/ransomware/assets/images/nav-sprites-light.min.svg?548603
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ead5388a789c640a2f820543fcddaaef721b241d7844a5b50a81a4bf149f0995

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/assets/css/main.css?20190826190111
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 26 Aug 2019 23:01:15 GMT
server: cloudflare
x-amz-request-id: C72FE800A3AAFC4C
etag: W/"28a888daf86994befe212a53be4bf223"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: public, max-age=60
cf-ray: 50e13e56cd998c98-VIE
x-amz-id-2: 5yl/dCY9c9RZbQxxpoE6IWUoX2UiGPQ2YGqnQw7ZVI+6GBBSK6f1Rh/Cn3F4tcC33KVLxcOxJZs=
expires: Thu, 29 Aug 2019 20:24:34 GMT

GET
H2 200 TiemposTextWeb-Regular.woff2
features.propublica.org/ransomware/assets/fonts/ 55 KB
55 KB 198ms
198ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://features.propublica.org/ransomware/assets/fonts/TiemposTextWeb-Regular.woff2
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b85918584d7a87585bd579dd207b246fd6656fe55eb3e5ecf605cfd9e832bb3a

Request headers

Sec-Fetch-Mode: cors
Referer: https://features.propublica.org/ransomware/assets/css/main.css?20190826190111
Origin: https://features.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
cf-cache-status: MISS
x-amz-request-id: D6D8A5F6CBFBA7BB
status: 200
content-length: 56044
x-amz-id-2: glYRhgPF/8jYC3LrnH82I6Mvgp+zM+ZJ0sRI4EKQZxg6z4jQZ9utTywvfVHlzO3DcmtSSE5YXK0=
last-modified: Mon, 26 Aug 2019 23:01:15 GMT
server: cloudflare
etag: "b6de382e69480b30c00cafae11a32d17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 50e13e56cd9d8c98-VIE
expires: Thu, 29 Aug 2019 20:24:34 GMT

GET
H2 200 ransomware-hr.png
features.propublica.org/ransomware/assets/images/ 351 KB
351 KB 255ms
254ms Image
image/png 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://features.propublica.org/ransomware/assets/images/ransomware-hr.png
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c7a1cf6de1b6a2dcc700576e04c1c906cd7a844e931c0a7bdd839e2fc4b169d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/assets/css/main.css?20190826190111
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
cf-cache-status: MISS
x-amz-request-id: FA70F260E03297A7
status: 200
content-length: 359264
x-amz-id-2: UuPUbMM4LIm9S1PzloUkk0tgXR5mROe3411ft/v0jK04E/gUMgp/cclXnOJ8lxhTzY2NMkV4kUE=
last-modified: Mon, 26 Aug 2019 23:01:16 GMT
server: cloudflare
etag: "f3b7e22d1bdd218356c3b30359015326"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 50e13e56cd9e8c98-VIE
expires: Thu, 29 Aug 2019 20:24:34 GMT

GET
H2 200 Graphik-Bold-Web.woff2
features.propublica.org/ransomware/assets/fonts/ 34 KB
34 KB 237ms
236ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://features.propublica.org/ransomware/assets/fonts/Graphik-Bold-Web.woff2
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c032cdcc121e29848b9216cc0af9818e757e66f35f8ab2af042fa15e339ea48

Request headers

Sec-Fetch-Mode: cors
Referer: https://features.propublica.org/ransomware/assets/css/main.css?20190826190111
Origin: https://features.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
cf-cache-status: MISS
x-amz-request-id: F02973D952090EF2
status: 200
content-length: 34721
x-amz-id-2: LpxSuge/srL3BaKCwck98JNp+qn19otpaiu1wuxERCRyyDW9ktZtdrK9ijdTfR8eSpFtP/6BHE0=
last-modified: Mon, 26 Aug 2019 23:01:14 GMT
server: cloudflare
etag: "ebc0597eaf0597b8de30b939ddf6b11c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 50e13e56cd9f8c98-VIE
expires: Thu, 29 Aug 2019 20:24:34 GMT

GET
H2 200 Graphik-Regular-Web.woff2
features.propublica.org/ransomware/assets/fonts/ 30 KB
30 KB 230ms
229ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://features.propublica.org/ransomware/assets/fonts/Graphik-Regular-Web.woff2
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09c162769cb9779dc01e08dd0cf6e837c72225cef171202eda69ca3b7d9c45f2

Request headers

Sec-Fetch-Mode: cors
Referer: https://features.propublica.org/ransomware/assets/css/main.css?20190826190111
Origin: https://features.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
cf-cache-status: MISS
x-amz-request-id: F9988B893C4CE338
status: 200
content-length: 30953
x-amz-id-2: im9VkH0BmKkfD3XGccAaGoZzKO+Z7OddSzMfBrYLtsiVeXL3Ck5XNC7PsBoYEmEXjsZRby1K+5A=
last-modified: Mon, 26 Aug 2019 23:01:14 GMT
server: cloudflare
etag: "1f3881c410d658f75566379cd744c4af"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 50e13e56cda08c98-VIE
expires: Thu, 29 Aug 2019 20:24:34 GMT

GET
H2 200 TiemposTextWeb-RegularItalic.woff2
features.propublica.org/ransomware/assets/fonts/ 56 KB
57 KB 194ms
193ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://features.propublica.org/ransomware/assets/fonts/TiemposTextWeb-RegularItalic.woff2
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd92f6c93e22ac7c4a2d92489ee5cd1e931122b449588453e4366f99d106faed

Request headers

Sec-Fetch-Mode: cors
Referer: https://features.propublica.org/ransomware/assets/css/main.css?20190826190111
Origin: https://features.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
cf-cache-status: MISS
x-amz-request-id: 371D2EDD9C445A25
status: 200
content-length: 57835
x-amz-id-2: jmK60AmGXIxlAVfcQDeFJDEeKT8q1A/yE6j2vFB1FDtPrR/Z2Zc4u+gEFEf/oKsv+DbAawCzaSE=
last-modified: Mon, 26 Aug 2019 23:01:15 GMT
server: cloudflare
etag: "45bb942d00ebc3ebcdeb77b6e2e0ad88"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 50e13e56cda18c98-VIE
expires: Thu, 29 Aug 2019 20:24:34 GMT

GET
H2 200 TiemposTextWeb-Bold.woff2
features.propublica.org/ransomware/assets/fonts/ 55 KB
56 KB 591ms
591ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://features.propublica.org/ransomware/assets/fonts/TiemposTextWeb-Bold.woff2
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6efe45f4a692895ee2e16ad21c0bc523b73511c98ac097d46997a72ee35a335

Request headers

Sec-Fetch-Mode: cors
Referer: https://features.propublica.org/ransomware/assets/css/main.css?20190826190111
Origin: https://features.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
cf-cache-status: MISS
x-amz-request-id: 59201E0D3F63B8E2
status: 200
content-length: 56703
x-amz-id-2: Cq//VeJl/QswFzw+3umGRRsoTXIIRHLmwzANRLekR5+hzbAHHVHP2+FnoXlHp9Vp7KmDqW0eSio=
last-modified: Mon, 26 Aug 2019 23:01:14 GMT
server: cloudflare
etag: "97d5bd3d3b360e63bee30a723ebfc2d5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 50e13e56cda28c98-VIE
expires: Thu, 29 Aug 2019 20:24:34 GMT

GET
H2 200 TiemposTextWeb-BoldItalic.woff2
features.propublica.org/ransomware/assets/fonts/ 58 KB
58 KB 369ms
368ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://features.propublica.org/ransomware/assets/fonts/TiemposTextWeb-BoldItalic.woff2
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7dad042684ea3d02d9961f8cd4885047c1128ae9f7d5ef9fa2e8568c6514b11b

Request headers

Sec-Fetch-Mode: cors
Referer: https://features.propublica.org/ransomware/assets/css/main.css?20190826190111
Origin: https://features.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
cf-cache-status: MISS
x-amz-request-id: 99E3F3AF6D24E260
status: 200
content-length: 58945
x-amz-id-2: GxJ2jlEy3z/9duOPFQRXljcjOc+ssNuYseZrzi+2ntmoCBr8d46E4g0fm6zoKCGTINv3czjgcfk=
last-modified: Mon, 26 Aug 2019 23:01:14 GMT
server: cloudflare
etag: "0cd4cfdd61be2cd755b2e226f5e65089"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 50e13e56cda38c98-VIE
expires: Thu, 29 Aug 2019 20:24:34 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/api2/v1565591531251/ 263 KB
92 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/api2/v1565591531251/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=grecaptchaLoaded&render=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e37175c872fc53f06ace33890986b1983980812d7130f497a9f0125e78188b7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 19:56:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 12 Aug 2019 17:15:00 GMT
server: sffe
age: 1652
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 93780
x-xss-protection: 0
expires: Fri, 28 Aug 2020 19:56:02 GMT

GET
H2 200 ransomware-lead-900*643-475992.jpg
features.propublica.org/ransomware/assets/images/generated/ 407 KB
407 KB 817ms
817ms Image
image/jpeg 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://features.propublica.org/ransomware/assets/images/generated/ransomware-lead-900*643-475992.jpg
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c196c4ccbc9b6153b108b8bac62f144d14fd0ea701438e567a3a370eae026e1a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:35 GMT
cf-cache-status: MISS
x-amz-request-id: CD63EF591AB292D5
status: 200
content-length: 416363
x-amz-id-2: p7qTkfRBZ378iSxQUH9Z6jNcyZqKgySdmrDNtUIR6iEMm5cVWi3q+3m6BQPSM2hssHKeQWyT3GE=
last-modified: Mon, 26 Aug 2019 23:01:15 GMT
server: cloudflare
etag: "703360561f378d92613ff8542d8aa760"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 50e13e570db88c98-VIE
expires: Thu, 29 Aug 2019 20:24:34 GMT

GET
H2 200 132868157351935 Show response
connect.facebook.net/signals/config/ 307 KB
79 KB 112ms
112ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/132868157351935?v=2.9.4&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

d4bf635e4f8bb9e39b0ecaaf7b5989d9a68a4f99e8806039ae686bb23d4934a2

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-xss-protection: 0
pragma: public
x-fb-debug: iO8qz5NJrASvPuMhHqe8BMsfoL8UACwwXq7pRfZ2h9W2d5ZB8fk+b7um8VnqJYRdFdiov3tAiQiAk0XkFSIgtQ==
x-fb-trip-id: 365799557
x-frame-options: DENY
date: Thu, 29 Aug 2019 20:23:34 GMT
vary: Origin, Accept-Encoding
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 newsletter-roadblock-big-story-features.propublica.org.html Show response
www.propublica.org/partials/ 2 KB
1 KB 1846ms
1815ms XHR
text/html 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.propublica.org/partials/newsletter-roadblock-big-story-features.propublica.org.html

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/js/public/assets/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b74ecdf2dd3352da79dd762bcc24c49a1e1793849a028f731d4ad0f69f981867

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload

Request headers

Accept: */*
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 29 Aug 2019 20:23:36 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
age: 0
x-cache: MISS, MISS
status: 200
content-encoding: br
x-served-by: cache-iad2123-IAD, cache-hhn4083-HHN
pragma: no-cache
server: cloudflare
x-timer: S1567110214.471882,VS0,VE1600
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=10886400; includeSubDomains; preload
content-type: text/html; charset=utf-8
access-control-allow-origin: https://features.propublica.org
charset: utf-8
cache-control: max-age=30, public, must-revalidate
cf-ray: 50e13e574c5acbac-VIE
x-cache-hits: 0, 0

GET
H2 200 xd_arbiter.php
staticxx.facebook.com/connect/ Frame DDAB 0
0 6ms
6ms Document
text/html 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://staticxx.facebook.com/connect/xd_arbiter.php?version=44

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=ea4197ebb6d4539796c6f8ed35e82fac&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: staticxx.facebook.com
:scheme: https
:path: /connect/xd_arbiter.php?version=44
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Response headers

status: 200
content-encoding: br
content-type: text/html; charset=utf-8
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0
expires: Fri, 28 Aug 2020 19:21:04 GMT
cache-control: public,max-age=31536000,immutable
x-fb-debug: UVR1U7Z47T7PdvVeHFvkobcwxKi8wCgnVTEKDRLF31cSRXrCjgT2GxppF/EjKcuiAXPNtjKyDgIxf7U3ifgY1Q==
content-length: 11670
x-fb-trip-id: 365799557
date: Thu, 29 Aug 2019 20:23:34 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 98ms
98ms Fetch
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=229862657130557&input_token&origin=1&redirect_uri=https%3A%2F%2Ffeatures.propublica.org%2Fransomware%2Fransomware-attack-data-recovery-firms-paying-hackers%2F&sdk=joey&wants_cookie_data=true

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=ea4197ebb6d4539796c6f8ed35e82fac&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: cors
Referer: https://features.propublica.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
x-fb-debug: BxjNSp+VyaMbYQI1M6i5ht153UHrEbEqX+HB06gVoxKAYV3xar1yoY8+c2x/HEvTz3iZNRrQmwZ28VFimdettg==
fb-s: unknown
status: 200
x-frame-options: DENY
date: Thu, 29 Aug 2019 20:23:34 GMT
strict-transport-security: max-age=15552000; preload
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://features.propublica.org
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 0
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:81a::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M4BNWZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 6000
date: Thu, 29 Aug 2019 18:43:34 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 17803
expires: Thu, 29 Aug 2019 20:43:34 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
108 B 6ms
5ms Image
image/gif 2a00:1450:4001:81a::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1470865607&t=pageview&_s=1&dl=https%3A%2F%2Ffeatures.propublica.org%2Fransomware%2Fransomware-attack-data-recovery-firms-paying-hackers%2F&ul=en-us&de=UTF-8&dt=The%20Trade%20Secret%3A%20Firms%20That%20Promised%20High-Tech%20Ransomware%20Solutions%20Almost%20Always%20Just%20Pay%20the%20Hackers&sd=24-bit&sr=1600x1200&vp=1585x1185&je=0&_u=YGBAgAAB~&jid=1370944237&gjid=2078665211&cid=1318799313.1567110214&tid=UA-3742720-1&_gid=2062341923.1567110214&gtm=2wg8l2M4BNWZ&cg1=Item&cd1=Item&cd2=Article&cd3=RENEE%20DUDLEY%2CJEFF%20KAO&cd4=&cd5=May%2015%2C%202019%2005%3A00%3A00&cd6=&cd7=&cd8=Ransomware&cd9=site&cd10=&z=695321381

Requested by

Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Aug 2019 07:28:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 478496
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-3742720-1&cid=1318799313.1567110214&jid=1370944237&gjid=2078665211&_gid=2062341923.1567110214&_u=YGBAgAAB~&z=1006969644
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=1318799313.1567110214&jid=1370944237&_v=j79&z=1006969644
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=1318799313.1567110214&jid=1370944237&_v=j79&z=1006969644&slf_rd=1&random=399674684

42 B
109 B

29ms
29ms

Image
image/gif

2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=1318799313.1567110214&jid=1370944237&_v=j79&z=1006969644&slf_rd=1&random=399674684

Requested by

Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Aug 2019 20:23:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Aug 2019 20:23:34 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=1318799313.1567110214&jid=1370944237&_v=j79&z=1006969644&slf_rd=1&random=399674684
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame 8D74 0
0 39ms
39ms Document
text/html 2a00:1450:4001:818::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x&co=aHR0cHM6Ly9mZWF0dXJlcy5wcm9wdWJsaWNhLm9yZzo0NDM.&hl=en&v=v1565591531251&size=invisible&cb=crnhg5qy21r

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/api2/v1565591531251/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-YSj3iYPp0hRKmnXIN8jIXw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x&co=aHR0cHM6Ly9mZWF0dXJlcy5wcm9wdWJsaWNhLm9yZzo0NDM.&hl=en&v=v1565591531251&size=invisible&cb=crnhg5qy21r
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Aug 2019 20:23:34 GMT
content-security-policy: script-src 'report-sample' 'nonce-YSj3iYPp0hRKmnXIN8jIXw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9006
server: GSE
alt-svc: quic=":443"; ma=2592000; v="46,43,39"

GET
H2 200 inferredEvents.js Show response
connect.facebook.net/signals/plugins/ 1 KB
893 B 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.9.4

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 772
x-xss-protection: 0
pragma: public
x-fb-debug: fFTcgbAHEbT1ooo67uiiQnv8v1/3z2VBlFuvW1lt+gEfb8AEOC8o1Reftgq1NUt1FaPAcFCfbznadiIQHORnAQ==
x-fb-trip-id: 365799557
x-frame-options: DENY
date: Thu, 29 Aug 2019 20:23:34 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET lounge.c46a5b3df6acec9d5cde6bf8b61aaf6e.css
c.disquscdn.com/next/embed/styles/ 0
0

GET common.bundle.57d935b03ca64a8fc2ae95b8d550f132.js
c.disquscdn.com/next/embed/ 0
0

GET lounge.bundle.10adfde1a6e883b828255fddc56fa508.js
c.disquscdn.com/next/embed/ 0
0

GET config.js
disqus.com/next/ 0
0

GET
H2 200 /
www.facebook.com/tr/ 44 B
232 B 8ms
8ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=132868157351935&ev=PageView&dl=https%3A%2F%2Ffeatures.propublica.org%2Fransomware%2Fransomware-attack-data-recovery-firms-paying-hackers%2F&rl=&if=false&ts=1567110214639&sw=1600&sh=1200&v=2.9.4&r=stable&ec=0&o=30&fbp=fb.1.1567110214638.82165486&it=1567110214242&coo=false&rqm=GET

Requested by

Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-asan /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:34 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-asan
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 29 Aug 2019 20:23:34 GMT

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame 8BE4 0
0 167ms
150ms Document
text/html 151.101.64.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=propublica&t_i=1619431&t_u=https%3A%2F%2Ffeatures.propublica.org%2Fransomware%2Fransomware-attack-data-recovery-firms-paying-hackers%2F&t_e=Ransomware&t_d=The%20Trade%20Secret%3A%20Firms%20That%20Promised%20High-Tech%20Ransomware%20Solutions%20Almost%20Always%20Just%20Pay%20the%C2%A0Hackers&t_t=Ransomware&s_o=default

Requested by

Host: propublica.disqus.com
URL: https://propublica.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Response headers

Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Tue, 13 Aug 2019 01:01:48 GMT
ETag: W/"lounge:view:7418643381.26a53e00cc6200ca089f9fe474f42bd6.2"
Content-Encoding: gzip
Content-Length: 7550
Date: Thu, 29 Aug 2019 20:23:34 GMT
Age: 0
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 35 KB
14 KB 7ms
6ms Script
application/x-javascript 2600:9000:2057:f200:18:1fcd:349:ca21
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/js/public/assets/beacons.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:f200:18:1fcd:349:ca21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 99fd27cd410417b5633d3fc37196751afc4b3f9ffa5853dedb73cfcb3e810d7c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:00:38 GMT
content-encoding: gzip
last-modified: Thu, 01 Aug 2019 01:56:46 GMT
server: nginx
age: 1377
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=7200
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: k2ikXTgWHFYHqxp2-6vj3DZXQnPTA0IWRZWEdsyVl5ob-bkQY0LRRA==
via: 1.1 b0954612f115b3d0a0db0a669e45ae8f.cloudfront.net (CloudFront)
expires: Thu, 29 Aug 2019 22:00:38 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 404ms
98ms Script
application/javascript 18.232.28.189
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/js/public/assets/beacons.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: pi0-lba1-6-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: f6652dacc3641651bf842bb18861c6fbb66581a3dd2c41dde3226764740684b6

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 29 Aug 2019 20:23:35 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: e95a292e477f6214c8e77c2cf881a7d3
Last-Modified: Mon, 29 Oct 2018 18:54:06 GMT
Server: PardotServer
ETag: "13e7-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1817
Expires: Sat, 28 Aug 2021 20:23:35 GMT

POST
H2 200 /
www.facebook.com/tr/ Frame 49A6 0
0 8ms
8ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M4BNWZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-asan /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 2304
pragma: no-cache
cache-control: no-cache
origin: https://features.propublica.org
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
accept-encoding: gzip, deflate, br
cookie: fr=07npB0R22MiceqFwE..BdaDRG...1.0.BdaDRG.
Origin: https://features.propublica.org
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Response headers

status: 200
content-type: text/plain
access-control-allow-origin: https://features.propublica.org
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 0
server: proxygen-asan
date: Thu, 29 Aug 2019 20:23:35 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
168 B 96ms
96ms Image
image/gif 35.170.101.163
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=propublica.org&p=%2Fransomware%2Fransomware-attack-data-recovery-firms-paying-hackers%2F&u=D_UlJNCWAeXlfXN5a&d=features.propublica.org&g0=No%20Section&g1=RENEE%20DUDLEY%2CJEFF%20KAO&n=1&f=00001&c=0&x=0&m=0&y=26865&o=1592&w=1185&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=1972&t=CAC08mWdMbSB0pKoDXA6JWBTtYup&V=116&i=The%20Trade%20Secret%3A%20Firms%20That%20Promised%20High-Tech%20Ransomware%20Solutions%20Almost%20Always%20Just%20Pay%20the%20Hack&tz=-120&sn=1&sv=Ct5Ai2BLEVbdDjJup8DcsLDCGerwh&sd=1&im=061bfff3&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.170.101.163 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-170-101-163.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Thu, 29 Aug 2019 20:23:35 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 1 KB
1 KB 133ms
133ms Script
text/javascript 18.232.28.189
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&pi_opt_in=&campaign_id=1035&account_id=126411&title=The%20Trade%20Secret%3A%20Firms%20That%20Promised%20High-Tech%20Ransomware%20Solutions%20Almost%20Always%20Just%20Pay%20the%20Hackers&url=https%3A%2F%2Ffeatures.propublica.org%2Fransomware%2Fransomware-attack-data-recovery-firms-paying-hackers%2F&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: pi0-lba1-6-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b63dab5652337940f4cd8bbceaef0c8ac28de05b0b43525144cdf80b619851a0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 29 Aug 2019 20:23:35 GMT
Content-Encoding: gzip
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: e95a292e477f6214c8e77c2cf881a7d3
X-Pardot-Rsp: 17/13/134
Vary: Accept-Encoding,User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 649
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 syndicated-newsletter.css
assets.propublica.org/prod/v3/css/deploy/ Frame 176C 3 KB
1 KB 194ms
193ms Stylesheet
text/css 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/css/deploy/syndicated-newsletter.css
Requested by: Host: assets.propublica.org
URL: https://assets.propublica.org/prod/v3/js/deploy/syndicated-newsletter-v1.0.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fe5c6deb18284ea814e0c5e1bfe22916a943a088827d80b9ee2d24643064930

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:36 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Wed, 14 Aug 2019 18:26:54 GMT
server: cloudflare
x-amz-request-id: 06B4E0B8D49360D3
etag: W/"e70899496aaff7c3204311c0c6141483"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
status: 200
cf-polished: origSize=3461
cf-ray: 50e13e62ac758c98-VIE
x-amz-id-2: CXqfbie78rVkKrhPnsyQsHbuLVYHsG9e+jDEWm16tEY7mwkFe+rPhfojwfEkoD+hoBP9IimS9+Q=
cf-bgj: minify

GET
H2 200 api.js Show response
www.google.com/recaptcha/ Frame 176C 871 B
584 B 18ms
17ms Script
text/javascript 2a00:1450:4001:818::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=grecaptchaLoaded&render=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x

Requested by

Host: assets.propublica.org
URL: https://assets.propublica.org/prod/v3/js/deploy/syndicated-newsletter-v1.0.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

80c58477dbc87c0b570ebf3fc6f7060656594e018dd395e7f08a361a2305b99c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 495
x-xss-protection: 1; mode=block
expires: Thu, 29 Aug 2019 20:23:36 GMT

GET
H2 200 recaptcha-init.js Show response
assets.propublica.org/prod/v3/js/ Frame 176C 1 KB
575 B 281ms
281ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/js/recaptcha-init.js
Requested by: Host: assets.propublica.org
URL: https://assets.propublica.org/prod/v3/js/deploy/syndicated-newsletter-v1.0.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd5fc4e73e506c00b0b70b80867ce34207e5f443fa24808d33f8c076b8de0bc6

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:36 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 13 Aug 2019 15:28:23 GMT
server: cloudflare
x-amz-request-id: A3B9604FD59B1CF6
etag: W/"b7db79f085d73dcaec3abcfbe9c512d6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cf-ray: 50e13e62ac768c98-VIE
x-amz-id-2: F0NMcLUzFycPfpAB2xy9LX6P008pYTKu1jdw1WU6Mw2rSlng246QCUrwny8u7vPs/ONBoeCfNVk=

GET
DATA 200
OK truncated
/ Frame 176C 241 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8dcf6056b56eba6e8541d8441d30ea1b08e662ebd2a98addca3493a403cf8ae2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 TiemposHeadlineWeb-Black.woff2
assets.propublica.org/prod/v3/fonts/ Frame 176C 35 KB
35 KB 222ms
221ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/fonts/TiemposHeadlineWeb-Black.woff2
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85480f83cd66d9c8abb804d9b8d05b69cc38070fcc8b761499099e66c003aee0

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.propublica.org/prod/v3/css/deploy/syndicated-newsletter.css
Origin: https://features.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:36 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: MISS
x-amz-request-id: B6C605B63C6B8501
status: 200
content-length: 36125
x-amz-id-2: Sc9J+VUswqSt3sOXb4ORN4COVXq0BN8l5Yrb5iEbgChSPaDd1OtUSxOSwdE3pNpBdyAEFdXNT3E=
last-modified: Wed, 28 Aug 2019 19:11:57 GMT
server: cloudflare
etag: "1e547434d515975d10fc9bb1f7d270bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 50e13e63ed98cbac-VIE
expires: Fri, 28 Aug 2020 20:23:36 GMT

GET
H2 200 Graphik-Regular-Web.woff2
assets.propublica.org/prod/v3/fonts/ Frame 176C 30 KB
31 KB 178ms
177ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/fonts/Graphik-Regular-Web.woff2
Requested by: Host: features.propublica.org
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09c162769cb9779dc01e08dd0cf6e837c72225cef171202eda69ca3b7d9c45f2

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.propublica.org/prod/v3/css/deploy/syndicated-newsletter.css
Origin: https://features.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 20:23:36 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: REVALIDATED
x-amz-request-id: B286FCF11176B275
status: 200
content-length: 30953
x-amz-id-2: fzAxnopDtB/wP3dfXZaOlrGgrlzlBU8L4uA+wnhMNGOFbSgma+gB6r18oKDdeFg6rPg82SeDZcM=
last-modified: Wed, 28 Aug 2019 19:11:57 GMT
server: cloudflare
etag: "1f3881c410d658f75566379cd744c4af"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 50e13e63ed9ccbac-VIE
expires: Fri, 28 Aug 2020 20:23:36 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/api2/v1565591531251/ Frame 176C 263 KB
92 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/api2/v1565591531251/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=grecaptchaLoaded&render=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e37175c872fc53f06ace33890986b1983980812d7130f497a9f0125e78188b7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 19:56:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 12 Aug 2019 17:15:00 GMT
server: sffe
age: 1654
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 93780
x-xss-protection: 0
expires: Fri, 28 Aug 2020 19:56:02 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame 82CD 0
0 29ms
29ms Document
text/html 2a00:1450:4001:818::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x&co=aHR0cHM6Ly9mZWF0dXJlcy5wcm9wdWJsaWNhLm9yZzo0NDM.&hl=en&v=v1565591531251&size=invisible&cb=4405p7x4f9zq

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/api2/v1565591531251/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-+15h6lr2xc82MiuvyoTcrQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x&co=aHR0cHM6Ly9mZWF0dXJlcy5wcm9wdWJsaWNhLm9yZzo0NDM.&hl=en&v=v1565591531251&size=invisible&cb=4405p7x4f9zq
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
accept-encoding: gzip, deflate, br
cookie: NID=188=Nx_92xMI06xXinEQQsRxsBiRC0k7B6Nxe-sF4GVrTyL02Y-1uqpCfAfsyZ7z6keoG2w1Uk3usT1cxA7dL_RWS6wpi7_on2pOlEWfWBVVhLMuaPFLjSODqKN7ZjgVyUWb9L-PpiC1UitVBz6GIKBHu86sYEY7YzpWQLlQ16SBJQY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Aug 2019 20:23:36 GMT
content-security-policy: script-src 'report-sample' 'nonce-+15h6lr2xc82MiuvyoTcrQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9042
server: GSE
alt-svc: quic=":443"; ma=2592000; v="46,43,39"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.c46a5b3df6acec9d5cde6bf8b61aaf6e.css

Domain: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.57d935b03ca64a8fc2ae95b8d550f132.js

Domain: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.10adfde1a6e883b828255fddc56fa508.js

Domain: disqus.com
URL: https://disqus.com/next/config.js

Verdicts & Comments Add Verdict or Comment

87 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-19 07:42:01	Name: NID Value: 188=Nx_92xMI06xXinEQQsRxsBiRC0k7B6Nxe-sF4GVrTyL02Y-1uqpCfAfsyZ7z6keoG2w1Uk3usT1cxA7dL_RWS6wpi7_on2pOlEWfWBVVhLMuaPFLjSODqKN7ZjgVyUWb9L-PpiC1UitVBz6GIKBHu86sYEY7YzpWQLlQ16SBJQY
.facebook.com/	1970-01-19 05:28:06	Name: fr Value: 07npB0R22MiceqFwE..BdaDRG...1.0.BdaDRG.
.propublica.org/	1970-01-19 05:28:06	Name: _fbp Value: fb.1.1567110214638.82165486
.propublica.org/	1970-01-19 03:19:56	Name: _gid Value: GA1.2.2062341923.1567110214
.propublica.org/	1970-01-19 03:18:30	Name: _dc_gtm_UA-3742720-1 Value: 1
features.propublica.org/	1970-01-19 12:04:06	Name: pp-tracking Value: {"pageCount":0}
.propublica.org/	1970-01-19 20:49:42	Name: _ga Value: GA1.2.1318799313.1567110214
.propublica.org/	1970-01-19 12:04:06	Name: __cfduid Value: de2d7d31cc06d9c74adee963f826d64f61567110213

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.propublica.org/js/public/assets/all.js(Line 645) Message: JQMIGRATE: Logging is active
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019082201.js(Line 1) Message: GPT synchronous rendering is no longer supported, ads will be requested and rendered asynchronously. See https://support.google.com/admanager/answer/9212594 for more details.
console-api	warning	URL: https://www.propublica.org/js/public/assets/all.js(Line 647) Message: JQMIGRATE: jQuery.browser is deprecated
console-api	log	URL: https://www.propublica.org/js/public/assets/all.js(Line 647) Message: console.trace
console-api	warning	URL: https://www.propublica.org/js/public/assets/all.js(Line 647) Message: JQMIGRATE: $(html) HTML strings must start with '<' character
console-api	log	URL: https://www.propublica.org/js/public/assets/all.js(Line 647) Message: console.trace

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.de
assets.propublica.org
c.disquscdn.com
connect.facebook.net
disqus.com
features.propublica.org
pi.pardot.com
ping.chartbeat.net
propublica.disqus.com
securepubads.g.doubleclick.net
static.chartbeat.com
staticxx.facebook.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.propublica.org
c.disquscdn.com
disqus.com
151.101.12.134
151.101.64.134
172.217.16.194
18.232.28.189
2600:9000:2057:f200:18:1fcd:349:ca21
2606:4700::6812:d026
2a00:1450:4001:814::2002
2a00:1450:4001:818::2004
2a00:1450:4001:81a::2008
2a00:1450:4001:81a::200e
2a00:1450:4001:81d::2003
2a00:1450:4001:825::2003
2a00:1450:400c:c00::9a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
35.170.101.163
031d2af0b94a1c28fd91bc638ee6ae7db363881a09f55844c809a2c30984920b
041bc2c17ec015ef806c668b4eb8810687b52e275e4e528a2abad4e2fa9552ee
09c162769cb9779dc01e08dd0cf6e837c72225cef171202eda69ca3b7d9c45f2
0c7a1cf6de1b6a2dcc700576e04c1c906cd7a844e931c0a7bdd839e2fc4b169d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13fa9430e13df4a536095b95424ea02d14aedbef6531ad2d94717a1a42913830
1dd1bb70981fb5553d49ff571ff90c1a342c46f280a0fc06d8ff851fd66ec6be
22e6b300b9258112743e81e8c0bbe13222142f68caa582daab32ed2bcfb25493
260f6e1316aa5561c28543555b58245cf13777ea683623e078249a439f73f043
2860e26b1585c3d2e9819046edccb99c21a9a1ab3cd5db9fc68ea47b54662866
28ad9812c123d3b3bd7264967fd55f3bb1b0a70024623f8c63dc4084a24e2e33
52884ade65fb7f22ad0344dcb656fe4a253cf22d70636c730a6168e1887ec381
52c07848daa5a8b32e27e09e8bebc6c2fa8fb34c9942bf5f05e24e12bcd501c4
56f695c6decbe9bb598526d815e227f61dd8ded0909005b93aff218cc3c069f0
7dad042684ea3d02d9961f8cd4885047c1128ae9f7d5ef9fa2e8568c6514b11b
80c58477dbc87c0b570ebf3fc6f7060656594e018dd395e7f08a361a2305b99c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85480f83cd66d9c8abb804d9b8d05b69cc38070fcc8b761499099e66c003aee0
8b74c864b6b01be0d32b35bb3d8a224e46e3ee9113fc9d8ff1fe629447760d0d
8c032cdcc121e29848b9216cc0af9818e757e66f35f8ab2af042fa15e339ea48
8dcf6056b56eba6e8541d8441d30ea1b08e662ebd2a98addca3493a403cf8ae2
8f977f8c04ed7c72fba02ba47aa4ffa32121a007f2a9f8ac4d4f19fcaf6d0d17
8fe5c6deb18284ea814e0c5e1bfe22916a943a088827d80b9ee2d24643064930
99fd27cd410417b5633d3fc37196751afc4b3f9ffa5853dedb73cfcb3e810d7c
9a1ef035cc0f1a1a7bdf83e6f7e86477b5fe45507e91d12ff4cad24ad5759cbd
a525131e0b21b4d76f0a1c6160b23952e78352433655b692460cb554baedd7cd
a5f64c9209bdf96ebd28f41d42b8e2ca066789b3504905fca079ec179c3dd656
b441df5d5290c417724906029014c7ef42ad077d2e3cd6dfaf2d5428752e49fe
b63dab5652337940f4cd8bbceaef0c8ac28de05b0b43525144cdf80b619851a0
b74ecdf2dd3352da79dd762bcc24c49a1e1793849a028f731d4ad0f69f981867
b85918584d7a87585bd579dd207b246fd6656fe55eb3e5ecf605cfd9e832bb3a
bb474388f28563881762c05c446269d1546dfed4a15a1427e970164d13ec3552
c196c4ccbc9b6153b108b8bac62f144d14fd0ea701438e567a3a370eae026e1a
c6efe45f4a692895ee2e16ad21c0bc523b73511c98ac097d46997a72ee35a335
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d4bf635e4f8bb9e39b0ecaaf7b5989d9a68a4f99e8806039ae686bb23d4934a2
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dd92f6c93e22ac7c4a2d92489ee5cd1e931122b449588453e4366f99d106faed
e37175c872fc53f06ace33890986b1983980812d7130f497a9f0125e78188b7e
e659122a884d2cf1a040ab24242e9bfacbd6059334e6efb79b54580dcdff0434
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
ead5388a789c640a2f820543fcddaaef721b241d7844a5b50a81a4bf149f0995
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f08eef2c53ff913e56a7982a737483937b5350e6abd8ec5cd817c9770f9f5509
f15f778cd39043a166a29f654b1191bc6fbf8043a8cc3477c42764b14b919dec
f6652dacc3641651bf842bb18861c6fbb66581a3dd2c41dde3226764740684b6
f7292610f85a9a18307d505b342c4ee9661f2e84a8b588cd382b16737231b8e9
f8e8baebac4f64ee22208b08a36fa7bb4996b541e95b03f978e7318bf2c8b362
fd5fc4e73e506c00b0b70b80867ce34207e5f443fa24808d33f8c076b8de0bc6
ffdc5a0a06a4c0b1b5c3c2e4271ae9253dd6cb3a4aecfa1da546c8f323d43db4

features.propublica.org Open in urlscan Pro 2606:4700::6812:d026 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

57 Requests

93 %HTTPS

69 %IPv6

15 Domains

21 Subdomains

16 IPs

4 Countries

1782 kBTransfer

3277 kBSize

8 Cookies

22 Outgoing links

Redirected requests

57 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

features.propublica.org Open in urlscan Pro
2606:4700::6812:d026 Public Scan

Screenshot
Live screenshot

Full Image

57
Requests

93 %
HTTPS

69 %
IPv6

15
Domains

21
Subdomains

16
IPs

4
Countries

1782 kB
Transfer

3277 kB
Size

8
Cookies

57 HTTP transactions
7 data transactions