redcanary.com Open in urlscan Pro
104.198.136.223  Public Scan

29 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

• https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dredcanary.com%26pId%3d%24UID HTTP 302
• https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dredcanary.com%26pId%3d%24UID HTTP 307
• https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dredcanary.com%2526pId%253d%2524UID HTTP 302
• https://attr.ml-api.io/?domain=redcanary.com&pId=2584481831811034361

Request Chain 40

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1680808250589&url=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1540753%26time%3D1680808250589%26url%3Dhttps%253A%252F%252Fredcanary.com%252Fblog%252Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%252F%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1680808250589&url=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1680808250589&url=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&liSync=true&e_ipv6=AQJQhywr4DXVVQAAAYdX-o_Ac63XlpgHXiUjbowVAaskuH6DcU4a3LogzgHAKGGchD2GvZNT

98 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/	426 KB 71 KB	763ms 234ms	Document text/html	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / WP Engine Resource Hash d26b55ef65195963d121476c77fb370e474afa5fd0442c54f72eae24210ab464 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control max-age=600, must-revalidate content-encoding br content-security-policy upgrade-insecure-requests content-type text/html; charset=UTF-8 date Thu, 06 Apr 2023 19:10:49 GMT feature-policy microphone 'none'; geolocation 'none' link <https://redcanary.com/?p=25867>; rel=shortlink referrer-policy strict-origin-when-cross-origin server nginx strict-transport-security "max-age=63072000; includeSubDomains; preload"; vary Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding x-cache HIT: 2 x-cache-group normal x-cacheable SHORT x-content-type-options nosniff x-frame-options deny x-permitted-cross-domain-policies master-only x-powered-by WP Engine x-xss-protection 1; mode=block
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.6.1/	88 KB 31 KB	134ms 41ms	Script text/javascript	2a00:1450:4001:812::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 16:36:02 GMT content-encoding gzip x-content-type-options nosniff age 9287 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31100 x-xss-protection 0 last-modified Thu, 08 Sep 2022 18:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Fri, 05 Apr 2024 16:36:02 GMT
GET H2	200	forms2.min.js Show response resource.redcanary.com/js/forms2/js/	208 KB 69 KB	422ms 184ms	Script application/x-javascript	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://resource.redcanary.com/js/forms2/js/forms2.min.js Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status REVALIDATED last-modified Thu, 23 Mar 2023 21:46:36 GMT server cloudflare etag "34c0bd9-33e51-5f79835f6a700" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=14400 cf-ray 7b3c554a9fbebb9b-FRA expires Thu, 06 Apr 2023 23:10:50 GMT
GET H2	200	bizible.js Show response cdn.bizible.com/scripts/	67 KB 25 KB	57ms 7ms	Script application/x-javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67D4) / Resource Hash bd5050e9441f369db70ed62e418b38812fbe8127517f11f91e9c885cfa084743 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip last-modified Thu, 30 Mar 2023 23:15:01 GMT server ECS (frb/67D4) age 71551 etag "996bd3735d63d91:0" vary Accept-Encoding x-cache HIT content-type application/x-javascript cache-control max-age=86400 accept-ranges bytes content-length 25479
GET H2	200	9416.js Show response script.crazyegg.com/pages/scripts/0096/	6 KB 2 KB	64ms 20ms	Script text/javascript	2606:4700::6813:9308 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/scripts/0096/9416.js Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc3ecffc203239ac263d86861ab5e5adef96f7c9c77ad81c83b209a68d8e9141 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip cf-cache-status HIT age 1240 cf-polished origSize=6063 ce-version 11.5.60 cf-bgj minify last-modified Thu, 06 Apr 2023 18:50:10 GMT server cloudflare vary Accept-Encoding content-type text/javascript access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 timing-allow-origin * cf-ray 7b3c554c49889978-FRA
GET H2	200	js Show response www.googletagmanager.com/gtag/	235 KB 81 KB	138ms 56ms	Script application/javascript	2a00:1450:4001:809::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-T3K4MTNQJN Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e279331bb93010b33cc212b475abba628cf81b0ba009796f904a1721405505db Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 82285 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 06 Apr 2023 19:10:50 GMT
GET H2	200	qualified.js Show response js.qualified.com/	206 KB 64 KB	425ms 391ms	Script text/javascript	2606:4700::6812:1105 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.qualified.com/qualified.js?token=bAEbi2aHVysBKzuy Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash be4097df35c49775f7f4a63774154aeaeb7d93ad5142006064f89a3ce765a0a8 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip via 1.1 spaces-router (e46a9e002bdb) strict-transport-security max-age=63072000; includeSubDomains cf-cache-status MISS x-content-type-options nosniff x-permitted-cross-domain-policies none x-xss-protection 1; mode=block x-request-id 402efc2e-5c22-67cc-d6e3-e689ccdc0b0f x-runtime 0.016163 referrer-policy strict-origin-when-cross-origin server cloudflare etag W/"702ecfe83eabac1f5740ec9ddf23ac77" x-download-options noopen vary Accept,Accept-Encoding x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control public, max-age=14400 cf-ray 7b3c554c3e3c39d9-FRA expires Thu, 06 Apr 2023 23:10:50 GMT
GET H2	200	highlight.min.js Show response cdnjs.cloudflare.com/ajax/libs/highlight.js/10.6.0/	130 KB 33 KB	71ms 24ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.6.0/highlight.min.js Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d2f545bb226e5bcc1d50af37b345d245dce63bc07aaeba2243e0f1ea87b2dcb9 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:49 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 5585000 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 33250 last-modified Mon, 08 Feb 2021 15:10:43 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "60215473-20801" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WNUq0vuP32%2B%2BUIIOuD7bket8YeAsMlxwLtn00thKeczM%2FwsYNZbPYe%2BkOCdA9HNU%2BUkn01703BuaMWkguvxBipkJwbPEyWS0XEeNGsycLy%2FOyku66uqID0y0l4qemK6hIzzJ7SxYYem%2BS41xA7AkYce%2B"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7b3c554a2d743a94-FRA expires Tue, 26 Mar 2024 19:10:49 GMT
GET H/1.1	200 OK	teknkl-formsplus-1.0.5.js Show response s3-us-west-2.amazonaws.com/s.cdpn.io/250687/	41 KB 41 KB	549ms 190ms	Script application/x-js	52.92.147.184 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s3-us-west-2.amazonaws.com/s.cdpn.io/250687/teknkl-formsplus-1.0.5.js Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.92.147.184 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-west-2.amazonaws.com Software AmazonS3 / Resource Hash 731fcb30d45f2e35aaa139a7a964410a7c2bcdbfbb48a837c9d56dec7cc3732f Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Thu, 06 Apr 2023 19:10:51 GMT x-amz-version-id OjXdZ5iYdmgpgEuq0ftytCBc_PO35ThO Last-Modified Thu, 26 Apr 2018 08:20:46 GMT Server AmazonS3 x-amz-request-id 43CHYMWD385R51EJ ETag "bab0c2b3523f8244564b675fe34db610" Content-Type application/x-js Cache-Control public Accept-Ranges bytes Content-Length 41617 x-amz-id-2 j1S6LGBuqRm5Z3ClDYsXxl0QOReyDm1e3F5HgeGXv52bZZTVvvl4fRnz/XPHxCHQmEFjJWMvEqA=
GET H2	200	autoptimize_b3754f099739b7a18dd79079a3960d33.js Show response redcanary.com/wp-content/cache/autoptimize/js/	299 KB 85 KB	129ms 126ms	Script application/javascript	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/cache/autoptimize/js/autoptimize_b3754f099739b7a18dd79079a3960d33.js Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash dc0162e80b60774efb5d983d2cd902b237a0f1e9a1a839928d888fb10893bae2 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 04 Apr 2023 17:39:55 GMT server nginx etag W/"642c60eb-4ab4e" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/	1 KB 1 KB	475ms 102ms	Script application/x-javascript	23.206.91.189 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin.js Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.206.91.189 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-206-91-189.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Thu, 06 Apr 2023 19:10:50 GMT Content-Encoding gzip Last-Modified Fri, 17 Mar 2023 01:24:48 GMT Server AkamaiNetStorage ETag "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Content-Type application/x-javascript Connection keep-alive Accept-Ranges bytes Content-Length 729
GET H2	200	gtm.js Show response www.googletagmanager.com/	266 KB 89 KB	211ms 130ms	Script application/javascript	2a00:1450:4001:809::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 861a77fb621e389254d2c8f43b4092887bb6ab69147177c87835c85e438c2af0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 90486 x-xss-protection 0 last-modified Thu, 06 Apr 2023 18:28:38 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 06 Apr 2023 19:10:50 GMT
GET H2	200	6si.min.js Show response j.6sc.co/	33 KB 11 KB	64ms 7ms	Script application/javascript	2.16.187.88 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-187-88.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 12ce92cc3c4eb9d74f48e9a10eb919bdf30bbdc5ccf9843c6543fec302dec54f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 04 Apr 2023 21:13:35 GMT server nginx/1.14.0 (Ubuntu) etag "642c92ff-8319" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 10492 expires Thu, 06 Apr 2023 19:10:50 GMT
GET H2	200	css fonts.googleapis.com/	7 KB 964 B	50ms 48ms	Stylesheet text/css	2a00:1450:4001:812::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,500,700&display=swap Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash b5253e6b511184df4a7de95df9ffbda07792e16b169a5014cbec62daef47e83b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Thu, 06 Apr 2023 19:10:50 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 06 Apr 2023 19:10:50 GMT
GET H2	200	autoptimize_b4a5cda3c8b9ec3f655f01a34a870809.css redcanary.com/wp-content/cache/autoptimize/css/	5 MB 236 KB	242ms 241ms	Stylesheet text/css	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_b4a5cda3c8b9ec3f655f01a34a870809.css Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 6c24a88fb1155d36e3792cadfa0296f35c83b71bd7c8cce3eced428fdeff781c Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 04 Apr 2023 17:39:55 GMT server nginx etag W/"642c60eb-4a1ed1" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type text/css access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	default.min.css cdnjs.cloudflare.com/ajax/libs/highlight.js/10.6.0/styles/	763 B 650 B	26ms 26ms	Stylesheet text/css	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.6.0/styles/default.min.css Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3cc36c64ef86bed21592653daac82fd7e4c364c32c8344336aa13f7dbf52c90 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 5580379 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 271 last-modified Mon, 08 Feb 2021 15:10:43 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "60215473-2fb" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dB2OkQzxwKuFuY1o9GnSu0VTvp9TRf%2BvfD79HWcnXzEwlM2veyEQg8UjCuv1ZCTB%2FaeaGj6iNMKdbs84HNlnxOE5fvXNWSDEaILWqdSBBWt3u9kVtrbrl2Qd196%2BS3pw8DYYU8GiGQjALQ64AKtpgbUK"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7b3c554c08363a94-FRA expires Tue, 26 Mar 2024 19:10:50 GMT
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 01e9a7805342257edb94e384addecd9f728cc7f121693ab7ef9950ebef46e64a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1addb6a43a226a97897f703d73aefe1c5ff67fd6da0e5b6171f4ba2dff81fb07 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c85c8a46abd843bdc274b499ea7716079e6d7a92925e10e94c08b9b71aef124f Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	/ redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/	426 KB 426 KB	328ms 328ms	Image text/html	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / WP Engine Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT x-cache-group normal x-content-type-options nosniff content-security-policy upgrade-insecure-requests x-cacheable SHORT x-permitted-cross-domain-policies master-only strict-transport-security "max-age=63072000; includeSubDomains; preload"; content-encoding br x-powered-by WP Engine x-cache HIT: 3 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin server nginx vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options deny content-type text/html; charset=UTF-8 cache-control max-age=600, must-revalidate feature-policy microphone 'none'; geolocation 'none' link <https://redcanary.com/?p=25867>; rel=shortlink
GET H2	200	source-sans-pro-v21-latin-regular.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	13 KB 13 KB	326ms 326ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/source-sans-pro-v21-latin-regular.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Thu, 02 Jun 2022 17:26:25 GMT server nginx etag "6298f2c1-32ec" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 13036
GET H2	200	source-sans-pro-v21-latin-700.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	13 KB 13 KB	326ms 325ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/source-sans-pro-v21-latin-700.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Thu, 02 Jun 2022 17:26:24 GMT server nginx etag "6298f2c0-327c" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 12924
GET H2	200	source-sans-pro-v21-latin-300.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	13 KB 13 KB	322ms 322ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/source-sans-pro-v21-latin-300.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Thu, 02 Jun 2022 17:26:22 GMT server nginx etag "6298f2be-329c" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 12956
GET H2	200	getForm Show response resource.redcanary.com/index.php/form/	9 KB 2 KB	97ms 97ms	Script application/javascript	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://resource.redcanary.com/index.php/form/getForm?munchkinId=003-YRU-314&form=1034&url=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&callback=jQuery1124002051723678347983_1680808250214&_=1680808250215 Requested by Host: resource.redcanary.com URL: https://resource.redcanary.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a8d97b44344c9df9185d4f229c6bf78397b06fd1adc0639645b873d8d1fb1399 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip server cloudflare cf-ray 7b3c554c8b2cbb9b-FRA cached true vary Accept-Encoding content-type application/javascript; charset=utf-8
GET H2	200	bullet-square.svg redcanary.com/wp-content/themes/redcanary/assets/img/	443 B 616 B	266ms 266ms	Image image/svg+xml	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/bullet-square.svg Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 6217f642930c0d2411329fb00cf9a7e2e138a98f56eece6e82b3a7359f20cb11 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 23 Aug 2021 16:46:07 GMT server nginx etag W/"6123d0cf-1bb" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	source-sans-pro-v21-latin-600.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	13 KB 13 KB	266ms 265ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/source-sans-pro-v21-latin-600.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Thu, 02 Jun 2022 17:26:23 GMT server nginx etag "6298f2bf-32fc" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 13052
GET H2	200	redcanary.com.json Show response script.crazyegg.com/pages/data-scripts/0096/9416/site/	8 KB 2 KB	56ms 27ms	XHR application/json	2606:4700::6813:9308 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/data-scripts/0096/9416/site/redcanary.com.json?t=1 Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0096/9416.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a3816be3dc39028c2a70d9c62a27e6ebc36a825e952f9c6690bcc0d93df70150 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip cf-cache-status HIT age 13998 ce-version 11.5.60 content-length 1952 last-modified Thu, 06 Apr 2023 15:17:32 GMT server cloudflare vary Accept-Encoding content-type application/json access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes timing-allow-origin * cf-ray 7b3c554cfa6e3a5e-FRA
GET H2	200	globe-white-right.png redcanary.com/wp-content/themes/redcanary/assets/img/	259 KB 260 KB	220ms 220ms	Image image/png	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/globe-white-right.png Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash d3d589e680bc49f54cb5721723fc2ec1a68d5e8ce3946db7192fb0d207e9b6cf Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 27 Feb 2019 15:51:11 GMT server nginx etag "5c76b1ef-40da2" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 265634
GET H2	200	48008794f304fe9676cf1cce1f7e28cb.js Show response script.crazyegg.com/pages/versioned/common-scripts/	71 KB 24 KB	22ms 22ms	Script text/javascript	2606:4700::6813:9308 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/versioned/common-scripts/48008794f304fe9676cf1cce1f7e28cb.js Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0096/9416.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 50c95a7083210a924f1e9de3c0b96d712f72b8ef433fd384e122de06716ac825 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip cf-cache-status HIT last-modified Fri, 24 Mar 2023 12:51:41 GMT server cloudflare age 26957 vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000, s-maxage=31536000 accept-ranges bytes timing-allow-origin * cf-ray 7b3c554d2ae89978-FRA content-length 24760
GET H2	200	forms2.css resource.redcanary.com/js/forms2/css/	13 KB 3 KB	659ms 658ms	Stylesheet text/css	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://resource.redcanary.com/js/forms2/css/forms2.css Requested by Host: resource.redcanary.com URL: https://resource.redcanary.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a Security Headers Name Value Strict-Transport-Security max-age=63113904 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:51 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=63113904 last-modified Thu, 23 Mar 2023 21:46:36 GMT server cloudflare cf-cache-status REVALIDATED etag "2fe006e-3437-5f79835f6a700" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 7b3c554d2c7abb9b-FRA content-length 2623 expires Thu, 06 Apr 2023 23:10:51 GMT
GET H2	200	forms2-theme-plain.css resource.redcanary.com/js/forms2/css/	828 B 357 B	187ms 187ms	Stylesheet text/css	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://resource.redcanary.com/js/forms2/css/forms2-theme-plain.css Requested by Host: resource.redcanary.com URL: https://resource.redcanary.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa Security Headers Name Value Strict-Transport-Security max-age=63113904 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=63113904 last-modified Thu, 23 Mar 2023 21:46:36 GMT server cloudflare cf-cache-status REVALIDATED etag "2fe0075-33c-5f79835f6a700" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 7b3c554d3c7dbb9b-FRA content-length 246 expires Thu, 06 Apr 2023 23:10:50 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 243 B	54ms 20ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-T3K4MTNQJN&gtm=45je3430&_p=1553413785&cid=1930044420.1680808250&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1680808250&sct=1&seg=0&dl=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&dt=A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-T3K4MTNQJN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:50 GMT server Golfe2 content-type text/plain access-control-allow-origin https://redcanary.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	38ms 7ms	Script application/javascript	146.75.120.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip last-modified Thu, 27 Oct 2022 16:56:53 GMT etag "32ad004436155ec972bc50e6238b5b67+gzip+gzip" vary Accept-Encoding,Host x-cache HIT, HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15375 x-served-by cache-iad-kjyo7100081-IAD, cache-hhn-etou8220044-HHN
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	13 KB 5 KB	40ms 8ms	Script application/x-javascript	2a02:26f0:3500:16::215:149b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 10 Jan 2023 17:22:56 GMT x-cdn AKAM vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=20836 accept-ranges bytes content-length 4777
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	23 KB 8 KB	33ms 7ms	Script application/javascript	2a04:4e42:600::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish last-modified Mon, 23 Jan 2023 21:56:14 GMT server snooserv nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} etag "03d5db9dfd00a5719bb4c9261e6fa1bb" x-amz-server-side-encryption AES256 vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]} content-type application/javascript cache-control public, max-age=60 accept-ranges bytes content-length 7356
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/759876114/	3 KB 2 KB	166ms 80ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/759876114/?random=1680808250533&cv=11&fst=1680808250533&bg=ffffff&guid=ON&async=1&gtm=45He3430&u_w=1600&u_h=1200&url=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&hn=www.googleadservices.com&frm=0&tiba=A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak&auid=867558066.1680808251&uamb=0&uaw=0&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 0d50cdce272ce7f2ec37a04a99b79b9234949936fceeda6d7b2927cca36c4dde Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:50 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1255 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bat.js Show response bat.bing.com/	40 KB 12 KB	71ms 32ms	Script application/javascript	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash a2137ebfe2b9ff55e1f280dbb1eef301290c50db609c5d6a0494ae8f3c98c253 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Thu, 06 Apr 2023 19:10:50 GMT last-modified Thu, 16 Feb 2023 18:31:53 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: E98D12D07CEB4DB39E0C7779FA881193 Ref B: FRAEDGE1705 Ref C: 2023-04-06T19:10:50Z etag "8072cff03442d91:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 11894
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	107 KB 28 KB	37ms 12ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash dbf060c555e91a539d9cb849f4aa0c656db9b0a1da32c99aafb12d7c508c6849 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff date Thu, 06 Apr 2023 19:10:50 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 27909 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug 2OtUg+K+aJR++bbmxen6XkbLIwUrI8PWVlwj1U41QliR/AV1lCGv7TqRl+g+8uhZ+wlhP1TvDnBgJhXt9BenVw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 2050670934 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ attr.ml-api.io/ Redirect Chain https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dredcanary.com%26pId%3d%24UID https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dredcanary.com%26pId%3d%24UID https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dredcanary.com%2526pId%253d%2524UID https://attr.ml-api.io/?domain=redcanary.com&pId=2584481831811034361	0 234 B	493ms 461ms	Image application/json	2600:9000:2251:2600:12:3734:2a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://attr.ml-api.io/?domain=redcanary.com&pId=2584481831811034361 Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Server 2600:9000:2251:2600:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:51 GMT via 1.1 89f400f550feb1d74a18ecb2070103ac.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P3 x-cache Miss from cloudfront content-type application/json x-amz-cf-id Kht10sMLUFESThG5d6_s55DrUKcbzOCUPFzN_xvxB2K_FELTmhRBYg== content-length 0 apigw-requestid C-DhUiE9oAMEJZw= Redirect headers Date Thu, 06 Apr 2023 19:10:51 GMT P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Connection keep-alive X-Proxy-Origin 185.213.155.171; 185.213.155.171; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com Content-Length 0 X-XSS-Protection 0 Pragma no-cache AN-X-Request-Uuid d97319f0-9862-4b65-b526-9eefccdb51cf Server nginx/1.21.3 Accept-CH Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness Content-Type text/html; charset=utf-8 Access-Control-Allow-Origin * Location https://attr.ml-api.io/?domain=redcanary.com&pId=2584481831811034361 Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	rp.gif alb.reddit.com/	42 B 157 B	131ms 104ms	Image image/gif	151.101.1.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1680808250585&id=t2_5kac730w&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=fe90abd5-f1a7-4f23-8402-b198bd0644f5&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_65e23bc4 Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.1.140 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT via 1.1 varnish server Varnish content-type image/gif cross-origin-resource-policy cross-origin accept-ranges bytes content-length 42 retry-after 0
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/1540753/domain/redcanary.com/	36 B 401 B	70ms 8ms	XHR application/json	2600:9000:20eb:9a00:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/1540753/domain/redcanary.com/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20eb:9a00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89 Request headers Accept * Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 18:40:41 GMT content-encoding gzip via 1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 age 1809 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=3600 x-amz-cf-id EqB6p-nyV_XCTfG7bZY6J_S8yHQvKcWFjkP9B3wiMzWRPwbFt4ZNKw==
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1680808250589&url=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1540753%26time%3D1680808250589%26url%3Dhttps%253A%252F%252Fredcanary.com%252Fblog... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1680808250589&url=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1680808250589&url=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&liSync=true&e_ipv6=AQ...	0 263 B	206ms 179ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1680808250589&url=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&liSync=true&e_ipv6=AQJQhywr4DXVVQAAAYdX-o_Ac63XlpgHXiUjbowVAaskuH6DcU4a3LogzgHAKGGchD2GvZNT Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 5121C53ABE634887BE0A2A1426E7AAA6 Ref B: FRAEDGE1806 Ref C: 2023-04-06T19:10:51Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lor1 x-li-proto http/2 content-length 0 x-li-uuid AAX4r6rHnrDHhRbrz1YijA== Redirect headers date Thu, 06 Apr 2023 19:10:51 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 5B320DC71A6C4B5AB3092C9FB1D33B72 Ref B: FRAEDGE1910 Ref C: 2023-04-06T19:10:51Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lor1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1680808250589&url=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&liSync=true&e_ipv6=AQJQhywr4DXVVQAAAYdX-o_Ac63XlpgHXiUjbowVAaskuH6DcU4a3LogzgHAKGGchD2GvZNT x-li-proto http/2 content-length 0 x-li-uuid AAX4r6rBbCSkkQOaHiJhHw==
GET H2	200	adsct t.co/i/	43 B 377 B	140ms 115ms	Image image/gif	104.244.42.5 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?bci=3&eci=2&event_id=96834dc1-11fd-4c54-8ad5-824133b54fc4&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a3bd31ea-09ed-4cfe-9f0f-458282e7e19c&tw_document_href=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o015g&type=javascript&version=2.3.29 Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.5 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers x-response-time 108 date Thu, 06 Apr 2023 19:10:50 GMT strict-transport-security max-age=0 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id 6554b30e9546e404 cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash ee01af50074f3400e142e7c224a3529578116f47d620bc44307dcf86f3a1edf6 content-length 43
GET H2	200	adsct analytics.twitter.com/i/	43 B 394 B	153ms 116ms	Image image/gif	104.244.42.195 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=96834dc1-11fd-4c54-8ad5-824133b54fc4&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a3bd31ea-09ed-4cfe-9f0f-458282e7e19c&tw_document_href=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o015g&type=javascript&version=2.3.29 Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.195 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers x-response-time 109 date Thu, 06 Apr 2023 19:10:49 GMT strict-transport-security max-age=631138519 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id 6d7d2d5b7ba46149 cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash a403f05fc87ff4e3e98221252d3aede5dd828522882bee4d3311857abee7d0ae content-length 43
GET H2	200	1042590016249604 Show response connect.facebook.net/signals/config/	377 KB 108 KB	15ms 14ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1042590016249604?v=2.9.100&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash c79c109dcd612d0ff1668216c23f66059b8fdaf929afb1eca2e4b4b924f55363 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Thu, 06 Apr 2023 19:10:50 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 110273 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug wWXcbYElqw3hc8xqS/AtqmoC1T+0X9et3Q9Zc3ek1VlGw2a72KT6CRUmwfUnfC+9dTjQNiJYHzqmFktgHVwP/Q== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 2050670934 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	redcanary.com.json Show response script.crazyegg.com/pages/data-scripts/0096/9416/sampling/	159 B 239 B	25ms 25ms	XHR application/json	2606:4700::6813:9308 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/data-scripts/0096/9416/sampling/redcanary.com.json?t=466891 Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/48008794f304fe9676cf1cce1f7e28cb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 363eeb201dd2dd03addc28f2a45ce8c89a0b84207a6d58f6893d04c06ac7829e Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip cf-cache-status HIT age 13996 ce-version 11.5.60 content-length 146 last-modified Thu, 06 Apr 2023 15:17:33 GMT server cloudflare vary Accept-Encoding content-type application/json access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes timing-allow-origin * cf-ray 7b3c554efdac3a5e-FRA
GET H2	200	ipv cdn.bizible.com/m/	43 B 304 B	8ms 7ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=3c5e0c5a74c3409bfd17bf67f1d50878&_biz_s=826a9c&_biz_l=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&_biz_t=1680808250369&_biz_i=A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak&_biz_n=0&a=redcanary.com&rnd=788833&cdn_o=a&_biz_z=1680808250718 Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6760) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:50 GMT last-modified Wed, 05 Apr 2023 14:12:17 GMT server ECS (frb/6760) age 104313 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type Image/GIF cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	200	u cdn.bizibly.com/	43 B 203 B	20ms 7ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizibly.com/u?_biz_u=3c5e0c5a74c3409bfd17bf67f1d50878&_biz_s=826a9c&_biz_l=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&_biz_t=1680808250721&_biz_i=A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak&a=redcanary.com&rnd=950049&cdn_o=a&_biz_z=1680808250721 Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6752) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:50 GMT last-modified Sun, 02 Apr 2023 02:44:03 GMT server ECS (frb/6752) age 404807 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type Image/GIF cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	204	56383426.js Show response bat.bing.com/p/action/	0 117 B	111ms 110ms	Script text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/56383426.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 date Thu, 06 Apr 2023 19:10:50 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 8B708F5B6B6848EF93A267D387518E32 Ref B: FRAEDGE1705 Ref C: 2023-04-06T19:10:50Z x-cache CONFIG_NOCACHE
GET H2	204	0 bat.bing.com/action/	0 285 B	32ms 31ms	Image text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=56383426&tm=gtm002&Ver=2&mid=e7d322a0-7e53-4286-a759-c8dc63f4bd03&sid=becd63e0d4ae11edb5b23da863e109ed&vid=becd61b0d4ae11ed8766336b31acc8ba&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak&p=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&r=&lt=1875&evt=pageLoad&sv=1&rn=754744 Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 06 Apr 2023 19:10:50 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 5C147022F2AE450E9FFF0D5A1E341374 Ref B: FRAEDGE1705 Ref C: 2023-04-06T19:10:50Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	healthcheck Show response pagestates-tracking.crazyegg.com/ Frame 4EDD	19 B 461 B	47ms 10ms	XHR application/json	13.32.27.24 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://pagestates-tracking.crazyegg.com/healthcheck Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/48008794f304fe9676cf1cce1f7e28cb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.27.24 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-27-24.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Mon, 23 Jan 2023 11:43:55 GMT via 1.1 13140684c599ca32163cf7ec1871cebc.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-C2 age 6334017 x-cache Hit from cloudfront content-length 19 last-modified Fri, 08 Jul 2022 22:25:51 GMT server AmazonS3 etag "d06f04fccf68d0b228a5923187ce1afd" access-control-max-age 31536000 access-control-allow-methods GET, HEAD content-type application/json access-control-allow-origin * access-control-expose-headers Access-Control-Allow-Origin accept-ranges bytes x-amz-cf-id LxOdDQQNCmi_KnINa3XMq0rmEaO3D_Liklqw7A7XTfTkJKp9DS2Rrw==
GET H2	200	healthcheck Show response assets-tracking.crazyegg.com/ Frame 4EDD	19 B 461 B	83ms 18ms	XHR application/json	108.156.2.22 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets-tracking.crazyegg.com/healthcheck Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/48008794f304fe9676cf1cce1f7e28cb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.156.2.22 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-156-2-22.mxp63.r.cloudfront.net Software AmazonS3 / Resource Hash 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Mon, 11 Jul 2022 15:01:20 GMT via 1.1 e882d138875209e9bfd183c71dc12234.cloudfront.net (CloudFront) x-amz-cf-pop MXP63-P4 age 23256572 x-cache Hit from cloudfront content-length 19 last-modified Fri, 08 Jul 2022 22:25:51 GMT server AmazonS3 etag "d06f04fccf68d0b228a5923187ce1afd" access-control-max-age 31536000 access-control-allow-methods GET, HEAD content-type application/json access-control-allow-origin * access-control-expose-headers Access-Control-Allow-Origin accept-ranges bytes x-amz-cf-id AcqXv95o-bC-_8fc9e-Kw_puu8OQ-tC_qPdkWQoIuRnINqe1-otMUw==
GET H2	200	/ Show response c.6sc.co/	7 B 200 B	66ms 9ms	XHR text/html	2.16.187.88 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-187-88.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:51 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://redcanary.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	20 B 307 B	63ms 8ms	XHR text/html	2a02:26f0:6c00::210:bb9b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:6c00::210:bb9b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash b2e3fc362f86c882c8655f7d26cc8dde4c201cd22be17745cbff4357b2b8677d Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:51 GMT vary Origin content-type text/html access-control-allow-origin https://redcanary.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a03:1b20:6:f011::5e server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="466891_34651031_119853426_21_753_6_0";dur=1 content-length 20 expires Thu, 06 Apr 2023 19:10:51 GMT
GET H2	200	/ Show response c.6sc.co/	7 B 200 B	56ms 9ms	XHR text/html	2.16.187.88 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-187-88.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:51 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://redcanary.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	20 B 307 B	53ms 7ms	XHR text/html	2a02:26f0:6c00::210:bb9b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:6c00::210:bb9b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash b2e3fc362f86c882c8655f7d26cc8dde4c201cd22be17745cbff4357b2b8677d Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:51 GMT vary Origin content-type text/html access-control-allow-origin https://redcanary.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a03:1b20:6:f011::5e server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="466891_34651031_119853427_22_750_6_0";dur=1 content-length 20 expires Thu, 06 Apr 2023 19:10:51 GMT
GET H2	200	xdc.js Show response cdn.bizible.com/	116 B 524 B	119ms 118ms	Script text/javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/xdc.js?_biz_u=3c5e0c5a74c3409bfd17bf67f1d50878&_biz_h=-1906410348&cdn_o=a&jsVer=4.23.03.30&a=redcanary.com Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6711) / Resource Hash efb69a498023cde805982aa39b7cad8b054ddfb95e59c9dde5ccbb8ffda0868a Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:50 GMT content-encoding gzip server ECS (frb/6711) etag D28BFE7E vary Accept-Encoding p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type text/javascript; charset=utf-8 cache-control private, must-revalidate, max-age=21600 content-length 219
GET BLOB	200 OK	16855ae9-dbfa-4398-9dd2-5ab1de6cfdaa https://redcanary.com/	45 B 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://redcanary.com/16855ae9-dbfa-4398-9dd2-5ab1de6cfdaa Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Length 45 Content-Type text/javascript
GET H2	200	FW_CTA.png redcanary.com/wp-content/uploads/2021/12/	10 KB 10 KB	229ms 228ms	Image image/png	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2021/12/FW_CTA.png Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 189ad7a7020dd6c9ea981356dd3984efa36851e4eead327f5c94110e139d08c2 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:51 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 21 Dec 2021 02:58:51 GMT server nginx etag "61c142eb-286e" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 10350
GET H2	200	cta-background.jpg redcanary.com/wp-content/uploads/2018/12/	7 KB 7 KB	118ms 117ms	Image image/jpeg	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2018/12/cta-background.jpg Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash ecf6782eee74878f85da64d073a0707c4965f712d7eec6926ea4c9151228e100 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:51 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 09 Nov 2020 21:51:33 GMT server nginx etag "5fa9b9e5-1a18" vary Accept-Encoding content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 6680
GET H2	200	RCIntel_975x975.jpg redcanary.com/wp-content/uploads/2020/05/	55 KB 56 KB	116ms 116ms	Image image/jpeg	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2020/05/RCIntel_975x975.jpg Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 7b4505eb80a192fb8609e68dc20a3c5dd3da14f034345008e2126f9283cdfe72 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:51 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 09 Nov 2020 21:22:21 GMT server nginx etag "5fa9b30d-dcd4" vary Accept-Encoding content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 56532
GET H2	200	/ www.google.com/pagead/1p-user-list/759876114/	42 B 455 B	139ms 53ms	Image image/gif	2a00:1450:4001:806::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/759876114/?random=1680808250533&cv=11&fst=1680807600000&bg=ffffff&guid=ON&async=1&gtm=45He3430&u_w=1600&u_h=1200&url=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&frm=0&tiba=A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak&fmt=3&is_vtc=1&random=3168021676&rmt_tld=0&ipr=y Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:51 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/759876114/	42 B 455 B	140ms 49ms	Image image/gif	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/759876114/?random=1680808250533&cv=11&fst=1680807600000&bg=ffffff&guid=ON&async=1&gtm=45He3430&u_w=1600&u_h=1200&url=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&frm=0&tiba=A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak&fmt=3&is_vtc=1&random=3168021676&rmt_tld=1&ipr=y Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:51 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	0 185 B	50ms 8ms	Image text/plain	2a03:2880:f176:84:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1042590016249604&ev=PageView&dl=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&rl=&if=false&ts=1680808251098&sw=1600&sh=1200&v=2.9.100&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1680808251097.783134094&it=1680808250679&coo=false&rqm=GET Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Thu, 06 Apr 2023 19:10:51 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/163/	11 KB 5 KB	122ms 122ms	Script application/x-javascript	23.206.91.189 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/163/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.206.91.189 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-206-91-189.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Thu, 06 Apr 2023 19:10:51 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 02:26:40 GMT Server AkamaiNetStorage ETag "ea7826f34518d7c2295738f39c7640fa:1672972000.238769" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Content-Type application/x-javascript Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Length 4741 Expires Sat, 15 Jul 2023 19:10:51 GMT
GET H2	200	clock Show response tracking.crazyegg.com/ Frame 4EDD	31 B 138 B	110ms 41ms	XHR text/plain	34.246.65.158 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tracking.crazyegg.com/clock?t=1680808251236&tk=40ea43635c9a9388c5f9f97df894a565&s=360154&p=%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&u=969416&v=5873ab1e6f3135a39d7c1cd249dd9e40379b64fb&f=redcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak&ul=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/48008794f304fe9676cf1cce1f7e28cb.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.246.65.158 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-246-65-158.eu-west-1.compute.amazonaws.com Software awselb/2.0 / Resource Hash e60e0f64f7d4eb93a3d9d41da22b934aee3a195b895d1928574c94d43473d745 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers access-control-allow-origin * date Thu, 06 Apr 2023 19:10:51 GMT cache-control no-store server awselb/2.0 content-length 31 content-type text/plain
GET H2	200	search-btn.svg redcanary.com/wp-content/themes/redcanary/assets/img/	161 B 435 B	119ms 118ms	Image image/svg+xml	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/search-btn.svg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_b4a5cda3c8b9ec3f655f01a34a870809.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 0f57969cdf0d61b86fc25ded8a8c5058a5edd346d1845b232610a54f08d0fcb8 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_b4a5cda3c8b9ec3f655f01a34a870809.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:51 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 08 Sep 2021 23:08:04 GMT server nginx etag W/"61394254-a1" vary Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	button-right-arrow-white.svg redcanary.com/wp-content/themes/redcanary/assets/img/	350 B 581 B	116ms 116ms	Image image/svg+xml	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/button-right-arrow-white.svg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_b4a5cda3c8b9ec3f655f01a34a870809.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 8edbf02936f4bbda931a228bd84f7b668522af07f3dfc33b5caee429e7febb85 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_b4a5cda3c8b9ec3f655f01a34a870809.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:51 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 27 Feb 2019 15:51:05 GMT server nginx etag W/"5c76b1e9-15e" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
POST H/1.1	200 OK	visitWebPage 003-yru-314.mktoresp.com/webevents/	2 B 318 B	732ms 160ms	Ping text/plain	192.28.147.68 OMNITURE
General Check archive.org Show headers Download Go to Full URL https://003-yru-314.mktoresp.com/webevents/visitWebPage?_mchNc=1680808251620&_mchCn=&_mchId=003-YRU-314&_mchTk=_mch-redcanary.com-1680808251619-95515&_mchHo=redcanary.com&_mchPo=&_mchRu=%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/163/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.28.147.68 , United States, ASN15224 (OMNITURE, US), Reverse DNS Software nginx/1.20.1 / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Thu, 06 Apr 2023 19:10:52 GMT Content-Encoding gzip Server nginx/1.20.1 Transfer-Encoding chunked Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin * Connection keep-alive X-Request-Id de1ee5bb-bb33-4c22-be00-02005a8da338
GET BLOB	200 OK	6514e4ae-6039-4e6a-98cd-e65ddff5619e https://redcanary.com/	241 B 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://redcanary.com/6514e4ae-6039-4e6a-98cd-e65ddff5619e Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 74a21fb47063ec00ce0deacafdfdf2b1d7104eaad5cba62f1e47ebb07b2ccf73 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Content-Length 241 Content-Type text/javascript
GET H2	200	XDFrame Show response resource.redcanary.com/index.php/form/ Frame 5318	2 KB 868 B	183ms 182ms	Document text/html	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://resource.redcanary.com/index.php/form/XDFrame Requested by Host: resource.redcanary.com URL: https://resource.redcanary.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1b12ee272c79786bc266207f27c98ed219d2090d0d605e9c7a9e71f2add176fa Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://redcanary.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control max-age=3600 cf-cache-status DYNAMIC cf-ray 7b3c5554b9afbb9b-FRA content-encoding gzip content-type text/html; charset=utf-8 date Thu, 06 Apr 2023 19:10:51 GMT server cloudflare vary Accept-Encoding x-content-type-options nosniff
POST H2	200	admin-ajax.php Show response redcanary.com/wp-admin/	0 665 B	950ms 950ms	XHR text/html	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-admin/admin-ajax.php Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / WP Engine Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; X-Content-Type-Options nosniff, nosniff X-Frame-Options SAMEORIGIN, deny X-Xss-Protection 1; mode=block Request headers Accept */* Referer https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Thu, 06 Apr 2023 19:10:52 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff, nosniff strict-transport-security "max-age=63072000; includeSubDomains; preload"; content-encoding br x-permitted-cross-domain-policies master-only x-powered-by WP Engine x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin, strict-origin-when-cross-origin server nginx vary Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN, deny content-type text/html; charset=UTF-8 access-control-allow-origin https://redcanary.com cache-control no-cache, must-revalidate, max-age=0, no-store access-control-allow-credentials true feature-policy microphone 'none'; geolocation 'none' x-robots-tag noindex expires Wed, 11 Jan 1984 05:00:00 GMT
POST H2	200	/ Show response www.facebook.com/tr/ Frame FCE5	0 47 B	10ms 9ms	Document text/plain	2a03:2880:f176:84:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Content-Type application/x-www-form-urlencoded Origin https://redcanary.com Referer https://redcanary.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials true access-control-allow-origin https://redcanary.com alt-svc h3=":443"; ma=86400 content-length 0 content-type text/plain cross-origin-resource-policy cross-origin date Thu, 06 Apr 2023 19:10:51 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains
GET H/1.1	200 OK	messenger Show response app.qualified.com/w/1/bAEbi2aHVysBKzuy/ Frame A83D	6 KB 3 KB	375ms 141ms	Document text/html	3.93.106.129 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=347909b1-ad4e-4f9a-84aa-68b25cde6abc Requested by Host: js.qualified.com URL: https://js.qualified.com/qualified.js?token=bAEbi2aHVysBKzuy Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.93.106.129 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-93-106-129.compute-1.amazonaws.com Software nginx / Resource Hash 858688e13b1f279d29ca35c944eea016551d625c94739e55e5b9eacc12c2a339 Security Headers Name Value Content-Security-Policy Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://redcanary.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control max-age=0, private, must-revalidate Content-Encoding gzip Content-Length 1768 Content-Security-Policy Content-Type text/html; charset=utf-8 Date Thu, 06 Apr 2023 19:10:52 GMT Etag W/"858688e13b1f279d29ca35c944eea016" Link <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-84a66aeb.chunk.css>; rel=preload; as=style; nopush Referrer-Policy strict-origin-when-cross-origin Server nginx Strict-Transport-Security max-age=63072000; includeSubDomains Vary Accept-Encoding Via 1.1 spaces-router (e46a9e002bdb) X-Content-Type-Options nosniff X-Download-Options noopen X-Permitted-Cross-Domain-Policies none X-Request-Id 24de5fce-0289-e25a-ba0b-711a096533a9 X-Runtime 0.028110 X-Xss-Protection 1; mode=block
GET H2	200	forms2.min.js Show response resource.redcanary.com/js/forms2/js/ Frame 5318	208 KB 69 KB	22ms 21ms	Script application/x-javascript	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://resource.redcanary.com/js/forms2/js/forms2.min.js Requested by Host: resource.redcanary.com URL: https://resource.redcanary.com/index.php/form/XDFrame Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://resource.redcanary.com/index.php/form/XDFrame User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:51 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Thu, 23 Mar 2023 21:46:36 GMT server cloudflare age 1 etag "34c0bd9-33e51-5f79835f6a700" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=14400 cf-ray 7b3c5555fbd9bb9b-FRA expires Thu, 06 Apr 2023 23:10:51 GMT
GET H2	200	messenger-94e6eccc.chunk.css assets.qualified.com/packs/css/vendors~widget/sandboxed/ Frame A83D	35 KB 7 KB	28ms 17ms	Stylesheet text/css	2606:4700::6812:1105 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611 Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:52 GMT x-amz-version-id daLXmdTd7lSSwyN3TtNTe8fuzDY4LP3Y content-encoding gzip cf-cache-status HIT last-modified Wed, 01 Feb 2023 01:20:28 GMT server cloudflare x-amz-request-id E501B33MWCQ7P46M age 3462 etag W/"a788ecf510f83ee517cbaf79306145dd" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 cf-ray 7b3c5558383a39d9-FRA x-amz-id-2 uGsUgexNCF/Jz+89nmMYNIMfcSSSNQrQ+lpld4pD/7xQlFIVTyM6X2G3A+8k7y8WmNRxtMbqOF0= expires Thu, 06 Apr 2023 23:10:52 GMT
GET H2	200	messenger-84a66aeb.chunk.css assets.qualified.com/packs/css/widget/sandboxed/ Frame A83D	5 KB 1 KB	31ms 20ms	Stylesheet text/css	2606:4700::6812:1105 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/css/widget/sandboxed/messenger-84a66aeb.chunk.css Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:52 GMT x-amz-version-id h1OM1Tm.kldHLtIFZUG_vp2AqRsLHO9B content-encoding gzip cf-cache-status HIT x-amz-request-id BXD9ENMKGR8YXA40 age 797 x-amz-server-side-encryption AES256 x-amz-id-2 jUAydiSv5d3RWiwYF5AYeLmzPG0HFYic+gE4nfO4yPPMmUZn9Kl0GpDEejlPQ2kEga766PZ4HLw= last-modified Sat, 25 Mar 2023 03:51:18 GMT server cloudflare etag W/"22d5f23e695250d3c5a5b1e76a015c5e" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 cf-ray 7b3c5558383d39d9-FRA expires Thu, 06 Apr 2023 23:10:52 GMT
GET H2	200	messenger~runtime-b1299bc11f7faaa4aefd.js Show response assets.qualified.com/packs/js/widget/sandboxed/ Frame A83D	2 KB 2 KB	22ms 19ms	Script application/javascript	2606:4700::6812:1105 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/js/widget/sandboxed/messenger~runtime-b1299bc11f7faaa4aefd.js Requested by Host: app.qualified.com URL: https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=347909b1-ad4e-4f9a-84aa-68b25cde6abc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0a5f769b4b49c9c1cf9b687c989033738a5085b7a608ce41564fba572fc3a710 Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:52 GMT x-amz-version-id s6e2Qxtqfdj7R9sBCPHPPfHdqiQusMKl content-encoding gzip cf-cache-status HIT x-amz-request-id RB82STWZ942A2GKB age 1573 x-amz-server-side-encryption AES256 x-amz-id-2 phSezP7UAQ1BtnOcEggJDnSkerAqQ7P4FFc7H9OvyFWykdEHYsfCam1oBCsWpsDS3Qo7FslFWB8= last-modified Thu, 06 Apr 2023 12:40:33 GMT server cloudflare etag W/"d6678c3128438458444de2ba87e7e22a" vary Accept-Encoding content-type application/javascript cache-control public, max-age=14400 cf-ray 7b3c5558383f39d9-FRA expires Thu, 06 Apr 2023 23:10:52 GMT
GET H2	200	messenger-94028acdd10ff01b23ab.chunk.js Show response assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/ Frame A83D	1 MB 342 KB	24ms 21ms	Script application/javascript	2606:4700::6812:1105 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-94028acdd10ff01b23ab.chunk.js Requested by Host: app.qualified.com URL: https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=347909b1-ad4e-4f9a-84aa-68b25cde6abc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a7c4506c80ccc3ecaf69ae12ad785b47bc48eefd1612ac05b2367ec729fc450a Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:52 GMT x-amz-version-id 54O931.s4f1iiehlxH.igRJ3L_lxgCHi content-encoding gzip cf-cache-status HIT x-amz-request-id 63RVEX72RMFNS49M age 6792 x-amz-server-side-encryption AES256 x-amz-id-2 ZKluXVN3687FZ+dARWzMi1uYrqPFh9vmRUxtbKj3R01Xhk0f0PzhHbAkppUjk5MMW5YbKsTZXzE= last-modified Tue, 04 Apr 2023 01:06:00 GMT server cloudflare etag W/"d45cd758b7fddd9b8b053fccfeb408b3" vary Accept-Encoding content-type application/javascript cache-control public, max-age=14400 cf-ray 7b3c5558383e39d9-FRA expires Thu, 06 Apr 2023 23:10:52 GMT
GET H2	200	messenger-75a11fd44770bd3148b4.chunk.js Show response assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame A83D	553 KB 148 KB	21ms 21ms	Script application/javascript	2606:4700::6812:1105 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-75a11fd44770bd3148b4.chunk.js Requested by Host: app.qualified.com URL: https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=347909b1-ad4e-4f9a-84aa-68b25cde6abc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 860eebe66f0e799212a74f08737f7222466924723596ca7766336785b491447e Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:52 GMT x-amz-version-id 2i.PaVB3KqMKgS3OVa344vN9XhjEwaB7 content-encoding gzip cf-cache-status HIT x-amz-request-id RB8D9W8YNZEN1EME age 1573 x-amz-server-side-encryption AES256 x-amz-id-2 NaAPW3Gidq5KAJkJ5C2zCkQbKFNg/AGjBnTpk1gNBGMmVkKYpHUwdTpvUZjxoL1PTOQr39DDI2w= last-modified Thu, 06 Apr 2023 12:40:34 GMT server cloudflare etag W/"35f41019b6fe5e0c34aebc2b3abe90cc" vary Accept-Encoding content-type application/javascript cache-control public, max-age=14400 cf-ray 7b3c5558587439d9-FRA expires Thu, 06 Apr 2023 23:10:52 GMT
GET H2	200	Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2 assets.qualified.com/packs/media/fonts/inter/ Frame A83D	97 KB 97 KB	50ms 23ms	Font font/woff2	2606:4700::6812:1105 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/media/fonts/inter/Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2 Requested by Host: app.qualified.com URL: https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=347909b1-ad4e-4f9a-84aa-68b25cde6abc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6 Request headers Referer https://app.qualified.com/ Origin https://app.qualified.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:52 GMT x-amz-version-id jXsqttV3jbo_lpRq7eMHDLizApyErvrw cf-cache-status HIT x-amz-request-id 0E5FV3VFDS7EZCD8 age 8010037 content-length 98868 x-amz-id-2 dDmi9Fn6O9l4/pM+5qBITuYIwsKCYO1q068fOvCtxUkLyCW+bb5YveaJ1juQKriLnf+k2BZgRYU= last-modified Tue, 03 Jan 2023 23:04:40 GMT server cloudflare etag "dc131113894217b5031000575d9de002" access-control-max-age 3600 access-control-allow-methods GET content-type font/woff2 access-control-allow-origin * vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding cache-control public, max-age=31557600 accept-ranges bytes cf-ray 7b3c55585c0d2c42-FRA expires Sat, 06 Apr 2024 01:10:52 GMT
GET H2	200	Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2 assets.qualified.com/packs/media/fonts/inter/ Frame A83D	103 KB 104 KB	41ms 14ms	Font font/woff2	2606:4700::6812:1105 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/media/fonts/inter/Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2 Requested by Host: app.qualified.com URL: https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=347909b1-ad4e-4f9a-84aa-68b25cde6abc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5 Request headers Referer https://app.qualified.com/ Origin https://app.qualified.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:52 GMT x-amz-version-id jLsKP2myAiRxE9JQfLanII2ELZNkCTbI cf-cache-status HIT x-amz-request-id 0E5BTWQDQJHXFPC5 age 8010036 content-length 105804 x-amz-id-2 uAl5uA9DvNORZB9IFn4Yawt71MQinE4Uht450uhi6TEneKStvS9v5kU4DzqNvCM1iAKGmzFYTII= last-modified Tue, 03 Jan 2023 23:04:39 GMT server cloudflare etag "007ad31a53f4ab3f58ee74f2308482ce" access-control-max-age 3600 access-control-allow-methods GET content-type font/woff2 access-control-allow-origin * vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding cache-control public, max-age=31557600 accept-ranges bytes cf-ray 7b3c55585c112c42-FRA expires Sat, 06 Apr 2024 01:10:52 GMT
POST H/1.1	200 OK	/ Show response sentry.io/api/1332833/envelope/ Frame A83D	2 B 442 B	472ms 114ms	Fetch application/json	35.188.42.15 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://sentry.io/api/1332833/envelope/?sentry_key=b5158ee3382d49b28a864fb2b91bcaaf&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.11.1 Requested by Host: assets.qualified.com URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-94028acdd10ff01b23ab.chunk.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 35.188.42.15 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 15.42.188.35.bc.googleusercontent.com Software nginx / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.qualified.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Thu, 06 Apr 2023 19:10:52 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload Server nginx vary origin,access-control-request-method,access-control-request-headers Content-Type application/json access-control-allow-origin * access-control-expose-headers x-sentry-error,x-sentry-rate-limits,retry-after x-envoy-upstream-service-time 0 Connection keep-alive Content-Length 2
GET H2	200	/ Show response c.6sc.co/	7 B 200 B	8ms 7ms	XHR text/html	2.16.187.88 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-187-88.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:52 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://redcanary.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	20 B 308 B	10ms 9ms	XHR text/html	2a02:26f0:6c00::210:bb9b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:6c00::210:bb9b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash b2e3fc362f86c882c8655f7d26cc8dde4c201cd22be17745cbff4357b2b8677d Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:52 GMT vary Origin content-type text/html access-control-allow-origin https://redcanary.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a03:1b20:6:f011::5e server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="466891_34651031_119855696_16_1046_6_0";dur=1 content-length 20 expires Thu, 06 Apr 2023 19:10:52 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 492 B	218ms 208ms	Image image/gif	2.16.187.88 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=c95f0bb5-6018-4f40-80d7-78041356c2dd&session=0a85040e-d8f0-4daf-839b-08a78eb98104&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2006%20Apr%202023%2019%3A10%3A50%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2006%20Apr%202023%2019%3A10%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22565ffb1efc5e75f417d1fe1c2134f835%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2006%20Apr%202023%2019%3A10%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2006%20Apr%202023%2019%3A10%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20recently%20helped%20stop%20a%20Ryuk%20ransomware%20infection%20at%20a%20hospital.%20Here%20are%20the%20ten%20behaviors%20we%20detected%20to%20prevent%20this%20threat.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&pageViewId=fb8069fe-4a6e-41a7-812d-539bfaab5805 Requested by Host: redcanary.com URL: https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-187-88.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:52 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	optimize.js Show response www.google-analytics.com/gtm/	113 KB 44 KB	137ms 48ms	Script application/javascript	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/gtm/optimize.js?id=GTM-KJTKFT3 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 6f14e8c709314b8595c9cb360cb4cbdb407d57bbedde5340aedcd608f9bec3c0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:52 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 45082 x-xss-protection 0 last-modified Thu, 06 Apr 2023 18:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 06 Apr 2023 19:10:52 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 493 B	203ms 203ms	Image image/gif	2.16.187.88 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=c95f0bb5-6018-4f40-80d7-78041356c2dd&session=0a85040e-d8f0-4daf-839b-08a78eb98104&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3A6%3Af011%3A%3A5e%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20recently%20helped%20stop%20a%20Ryuk%20ransomware%20infection%20at%20a%20hospital.%20Here%20are%20the%20ten%20behaviors%20we%20detected%20to%20prevent%20this%20threat.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&pageViewId=fb8069fe-4a6e-41a7-812d-539bfaab5805 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-187-88.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:52 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	details Show response epsilon.6sense.com/v3/company/	746 B 582 B	27ms 11ms	XHR application/json	3.71.130.53 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://epsilon.6sense.com/v3/company/details Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.71.130.53 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-71-130-53.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 9b2dc2a6592abd91e0dee577ef85461138e643d96bf3f3756f7c6d856d8d5e8b Request headers Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 Authorization Token 5056c3929c3198270386ced81b434006bcef81be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:52 GMT content-encoding gzip server nginx vary Accept-Encoding content-type application/json access-control-allow-origin https://redcanary.com access-control-allow-credentials true content-length 399
OPTIONS H2	200	details epsilon.6sense.com/v3/company/ Frame	0 0	40ms 9ms	Preflight	3.71.130.53 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://epsilon.6sense.com/v3/company/details Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.71.130.53 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-71-130-53.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization Access-Control-Request-Method GET Origin https://redcanary.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers authorization access-control-allow-methods OPTIONS,GET access-control-allow-origin https://redcanary.com access-control-max-age 1800 date Thu, 06 Apr 2023 19:10:52 GMT server nginx
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	39ms 38ms	Script text/javascript	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Thu, 06 Apr 2023 18:05:12 GMT last-modified Tue, 10 Jan 2023 21:29:14 GMT server Golfe2 age 3940 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20085 expires Thu, 06 Apr 2023 20:05:12 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	4 B 180 B	43ms 43ms	XHR text/plain	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1553413785&t=pageview&_s=1&dl=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&ul=en-us&de=UTF-8&dt=A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABQAAAACAAI~&jid=401571486&gjid=193046654&cid=1930044420.1680808250&tid=UA-52702906-1&_gid=700561275.1680808253&_r=1&_slc=1&gtm=45He3430n81PXWC8JW&cd18=null&z=1888791520 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:52 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://redcanary.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 347 B	56ms 18ms	XHR text/plain	2a00:1450:400c:c0d::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-52702906-1&cid=1930044420.1680808250&jid=401571486&gjid=193046654&_gid=700561275.1680808253&_u=YADAAEAAQAAAACAAI~&z=1262464174 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0d::9c Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Thu, 06 Apr 2023 19:10:52 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://redcanary.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.com/ads/	42 B 107 B	76ms 75ms	Image image/gif	2a00:1450:4001:806::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-52702906-1&cid=1930044420.1680808250&jid=401571486&_u=YADAAEAAQAAAACAAI~&z=113130929 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:52 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 107 B	78ms 78ms	Image image/gif	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-52702906-1&cid=1930044420.1680808250&jid=401571486&_u=YADAAEAAQAAAACAAI~&z=113130929 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers pragma no-cache date Thu, 06 Apr 2023 19:10:52 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	d23c0c4e194430380ef64982f7fd6ecf318cd5881017bc61dec0ef8955cc0079.png qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame A83D	13 KB 13 KB	385ms 117ms	Image image/png	54.231.171.34 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://qualified-production.s3.us-east-1.amazonaws.com/uploads/d23c0c4e194430380ef64982f7fd6ecf318cd5881017bc61dec0ef8955cc0079.png Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.231.171.34 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-east-1-r-w.amazonaws.com Software AmazonS3 / Resource Hash 9a586f0b3e8add35ad17a2eec2cee97cbe175f48d7c47e34492dd973aa0f8381 Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Thu, 06 Apr 2023 19:10:54 GMT Last-Modified Thu, 20 Oct 2022 23:47:27 GMT Server AmazonS3 x-amz-request-id XX2HXQD1PCBAVPY3 ETag "fd481ec600c1b3fad6f9e29aa732a946" x-amz-server-side-encryption AES256 Content-Type image/png Cache-Control Cache-Control: public, max-age=31536000 Accept-Ranges bytes Content-Length 12932 x-amz-id-2 Mk8GvCrr4nTocAB7okogXXGeUSsJPzmxQz/inpRiSM2Oe9oKCwm32bDm/XudLx2NeruQ9//DVQ4=
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 493 B	198ms 197ms	Image image/gif	2.16.187.88 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=c95f0bb5-6018-4f40-80d7-78041356c2dd&session=0a85040e-d8f0-4daf-839b-08a78eb98104&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2006%20Apr%202023%2019%3A10%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2006%20Apr%202023%2019%3A10%3A50%20GMT%22%2C%22timeSpent%22%3A%223124%22%2C%22totalTimeSpent%22%3A%223124%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20recently%20helped%20stop%20a%20Ryuk%20ransomware%20infection%20at%20a%20hospital.%20Here%20are%20the%20ten%20behaviors%20we%20detected%20to%20prevent%20this%20threat.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&pageViewId=fb8069fe-4a6e-41a7-812d-539bfaab5805 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-187-88.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:53 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H/1.1	200 OK	b34302d7d25df402909dab75f43c994eaa9697d42e982abeee77e1d6cb8e2697.png qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame A83D	13 KB 13 KB	110ms 110ms	Image image/png	54.231.171.34 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://qualified-production.s3.us-east-1.amazonaws.com/uploads/b34302d7d25df402909dab75f43c994eaa9697d42e982abeee77e1d6cb8e2697.png Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.231.171.34 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-east-1-r-w.amazonaws.com Software AmazonS3 / Resource Hash 00bbc66153e493c73e6ee4448a25fac555d74e1fd957f6f804754ff27bb9884f Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Thu, 06 Apr 2023 19:10:54 GMT Last-Modified Thu, 20 Oct 2022 23:48:08 GMT Server AmazonS3 x-amz-request-id XX2WVZ8MTM55YDMB ETag "7797b96a7f999ac42de528bede3329af" x-amz-server-side-encryption AES256 Content-Type image/png Cache-Control Cache-Control: public, max-age=31536000 Accept-Ranges bytes Content-Length 13099 x-amz-id-2 ZYQl2+XFyf2hGpd+I5v8UjFzDCH6bbXBUlLLOJYBZrRnlCWNGFTDocOWCgpAJNeF+X1OQcFlMvI=
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 494 B	209ms 209ms	Image image/gif	2.16.187.88 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=c95f0bb5-6018-4f40-80d7-78041356c2dd&session=0a85040e-d8f0-4daf-839b-08a78eb98104&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2006%20Apr%202023%2019%3A10%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2006%20Apr%202023%2019%3A10%3A53%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224125%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20recently%20helped%20stop%20a%20Ryuk%20ransomware%20infection%20at%20a%20hospital.%20Here%20are%20the%20ten%20behaviors%20we%20detected%20to%20prevent%20this%20threat.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&pageViewId=fb8069fe-4a6e-41a7-812d-539bfaab5805 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-187-88.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:54 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 494 B	210ms 209ms	Image image/gif	2.16.187.88 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=c95f0bb5-6018-4f40-80d7-78041356c2dd&session=0a85040e-d8f0-4daf-839b-08a78eb98104&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2006%20Apr%202023%2019%3A10%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2006%20Apr%202023%2019%3A10%3A54%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225126%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20recently%20helped%20stop%20a%20Ryuk%20ransomware%20infection%20at%20a%20hospital.%20Here%20are%20the%20ten%20behaviors%20we%20detected%20to%20prevent%20this%20threat.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&pageViewId=fb8069fe-4a6e-41a7-812d-539bfaab5805 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-187-88.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:55 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 493 B	209ms 208ms	Image image/gif	2.16.187.88 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=c95f0bb5-6018-4f40-80d7-78041356c2dd&session=0a85040e-d8f0-4daf-839b-08a78eb98104&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2006%20Apr%202023%2019%3A10%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2006%20Apr%202023%2019%3A10%3A55%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%226126%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20recently%20helped%20stop%20a%20Ryuk%20ransomware%20infection%20at%20a%20hospital.%20Here%20are%20the%20ten%20behaviors%20we%20detected%20to%20prevent%20this%20threat.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Bazar%20start%3A%20How%20one%20hospital%20thwarted%20a%20Ryuk%20ransomware%20outbreak%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fblog%2Fhow-one-hospital-thwarted-a-ryuk-ransomware-outbreak%2F&pageViewId=fb8069fe-4a6e-41a7-812d-539bfaab5805 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-187-88.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Thu, 06 Apr 2023 19:10:56 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT