www.propublica.org Open in urlscan Pro
2606:4700::6812:d026 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Submission: On September 01 via api (September 1st 2019, 5:56:42 pm UTC) from US

Summary HTTP 56 Redirects Links 39 Behaviour Indicators

Summary

This website contacted 16 IPs in 4 countries across 15 domains to perform 56 HTTP transactions. The main IP is 2606:4700::6812:d026, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.propublica.org.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on April 17th 2019. Valid for: a year.

This is the only time www.propublica.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
24	2606:4700::68... 2606:4700::6812:d026	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	13.35.253.6 13.35.253.6	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
2 4	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81a::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1 5	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
2 2	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.12.134 151.101.12.134	54113 (FASTLY) (FASTLY - Fastly)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.64.134 151.101.64.134	54113 (FASTLY) (FASTLY - Fastly)
2	2606:4700::68... 2606:4700::6810:50a6	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2600:9000:205... 2600:9000:2057:1a00:18:1fcd:349:ca21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	35.174.151.106 35.174.151.106	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	18.235.138.12 18.235.138.12	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
56	16

24 2606:4700::6812:d026 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.propublica.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.propublica.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.6 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-6.fra6.r.cloudfront.net

htl.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
staticxx.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:814::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9a (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

propublica.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.64.134 (United States)

ASN54113 (FASTLY - Fastly, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:50a6 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:1a00:18:1fcd:349:ca21 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.174.151.106 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: pi0-lba1-4-ue1.aws.pardot.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.235.138.12 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-235-138-12.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	propublica.org www.propublica.org assets.propublica.org	1 MB
5	google-analytics.com 1 redirects www.google-analytics.com	18 KB
5	facebook.net connect.facebook.net	161 KB
4	facebook.com staticxx.facebook.com www.facebook.com	256 B
4	google.com 2 redirects www.google.com	971 B
2	pardot.com pi.pardot.com	3 KB
2	disquscdn.com c.disquscdn.com Failed	759 B
2	disqus.com propublica.disqus.com disqus.com Failed	22 KB
2	google.de www.google.de	218 B
2	doubleclick.net 2 redirects stats.g.doubleclick.net	319 B
1	chartbeat.net ping.chartbeat.net	168 B
1	chartbeat.com static.chartbeat.com	14 KB
1	gstatic.com www.gstatic.com	92 KB
1	googletagmanager.com www.googletagmanager.com	38 KB
1	htl.bid htl.bid
56	15

	Domain	Requested by
19	assets.propublica.org	www.propublica.org
5	www.google-analytics.com	1 redirects www.googletagmanager.com www.propublica.org
5	connect.facebook.net	www.propublica.org connect.facebook.net
5	www.propublica.org	www.propublica.org
4	www.google.com	2 redirects www.propublica.org www.gstatic.com
3	www.facebook.com	connect.facebook.net www.propublica.org www.googletagmanager.com
2	pi.pardot.com	www.propublica.org pi.pardot.com
2	c.disquscdn.com	propublica.disqus.com
2	www.google.de	www.propublica.org
2	stats.g.doubleclick.net	2 redirects
1	ping.chartbeat.net
1	static.chartbeat.com	www.propublica.org
1	disqus.com	propublica.disqus.com
1	www.gstatic.com	www.google.com
1	propublica.disqus.com	assets.propublica.org
1	staticxx.facebook.com	connect.facebook.net
1	www.googletagmanager.com	www.propublica.org
1	htl.bid	www.propublica.org
56	18

This site contains links to these domains. Also see Links.

Domain
go.propublica.org
twitter.com
www.facebook.com
donate.propublica.org
policies.google.com
www.coveware.com
www.sec.gov
www.usmayors.org
features.propublica.org
www.provendatarecovery.com
www.lloyds.com
www.beazley.com
www.pwc.com
www.stevens.edu
thoughtleadership.aon.com
naic.org
www.nd.gov
theaggerisgroup.com
www.gosolis.com
www.sentinelcrypto.com
www.flashpoint-intel.com
insurance.flcities.com
blog.watchpointdata.com
www.lcfla.com
www.youtube.com
feeds.propublica.org
creativecommons.org
itunes.apple.com
play.google.com
www.propub3r6espa33w.onion

Subject Issuer	Validity	Valid
*.propub3r6espa33w.onion DigiCert SHA2 Extended Validation Server CA	`2019-04-17` - `2020-04-21`	a year	crt.sh
htl.bid Amazon	`2019-04-04` - `2020-05-04`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-08-24` - `2019-10-19`	2 months	crt.sh
www.google.com GTS CA 1O1	`2019-08-13` - `2019-11-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-08-13` - `2019-11-11`	3 months	crt.sh
www.google.de GTS CA 1O1	`2019-08-13` - `2019-11-11`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2018-03-28` - `2020-04-27`	2 years	crt.sh
*.google.com GTS CA 1O1	`2019-08-13` - `2019-11-11`	3 months	crt.sh
ssl565697.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-25` - `2020-03-02`	6 months	crt.sh
*.chartbeat.com Gandi Standard SSL CA 2	`2019-04-10` - `2020-04-10`	a year	crt.sh
*.pardot.com DigiCert SHA2 Secure Server CA	`2019-01-21` - `2020-01-22`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2018-12-20` - `2020-01-01`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Frame ID: ED2B75A65D0927B499FB3BA1D74AA885
Requests: 50 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter.php?version=44
Frame ID: 8B42A1F0358FEE2830896D7A68B48C70
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x&co=aHR0cHM6Ly93d3cucHJvcHVibGljYS5vcmc6NDQz&hl=en&v=v1565591531251&size=invisible&cb=tl2641flwogm
Frame ID: FBB93781833C92A550B1CEBA2ABE7E6C
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 46E46267C46E5B777A0E845BF7031E2C
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=propublica&t_i=166952&t_u=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fthe-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks&t_e=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks&t_d=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks&t_t=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks&s_o=default
Frame ID: 4B26A25C96ACD880AA9635432E8E9DE8
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css
Frame ID: 7DC37D0734323DA82E7A2EF4DD76D47B
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css
Frame ID: 4F5DE690EB55EF811D240DA08C21CBF1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

56
Requests

93 %
HTTPS

69 %
IPv6

15
Domains

18
Subdomains

16
IPs

4
Countries

1715 kB
Transfer

3024 kB
Size

11
Cookies

39 Outgoing links

These are links going to different origins than the main page.

URL: https://go.propublica.org/donate
Title: Donate

Search URL Search Domain Scan URL

URL: https://twitter.com/propublica
Title: Follow us on Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/propublica
Title: Like us on Facebook

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks&text=The%20Extortion%20Economy:%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks
Title:

Search URL Search Domain Scan URL

URL: https://donate.propublica.org/
Title:

Search URL Search Domain Scan URL

URL: https://go.propublica.org/big-story-2019
Title: Big Story

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
Title: report

Search URL Search Domain Scan URL

URL: https://www.coveware.com/blog/global-ransomware-marketplace-report-q3-2018
Title: October

Search URL Search Domain Scan URL

URL: https://www.sec.gov/rules/interp/2018/33-10459.pdf
Title: suggests

Search URL Search Domain Scan URL

URL: https://www.usmayors.org/the-conference/resolutions/?category=a0D4N00000FCb3LUAT&meeting=87th%20Annual%20Meeting
Title: resolution

Search URL Search Domain Scan URL

URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Title: May

Search URL Search Domain Scan URL

URL: https://www.provendatarecovery.com/data-recovery-services/ransomware-data-recovery/
Title: website

Search URL Search Domain Scan URL

URL: https://www.lloyds.com/about-lloyds/what-is-lloyds/the-lloyds-market
Title: syndicates

Search URL Search Domain Scan URL

URL: https://www.beazley.com/united_kingdom/beazley_at_lloyds.html
Title: Beazley

Search URL Search Domain Scan URL

URL: https://www.lloyds.com/about-lloyds/history/innovation-and-unusual-risks/going-out-on-a-limb
Title: famous

Search URL Search Domain Scan URL

URL: https://www.pwc.com/gx/en/insurance/publications/assets/reaping-dividends-cyber-resilience.pdf
Title: report

Search URL Search Domain Scan URL

URL: https://www.stevens.edu/news/autonomous-vehicles-will-add-us81-billion-new-premiums-auto-insurers-2025-according-accenture-report
Title: estimates

Search URL Search Domain Scan URL

URL: http://thoughtleadership.aon.com/Documents/201906-us-cyber-market-update.pdf
Title: report

Search URL Search Domain Scan URL

URL: https://naic.org/prod_serv/MSR-PB-19.pdf
Title: data

Search URL Search Domain Scan URL

URL: https://www.nd.gov/ndins/meet-commissioner
Title: Commissioner

Search URL Search Domain Scan URL

URL: https://theaggerisgroup.com/our-team/
Title: officials

Search URL Search Domain Scan URL

URL: https://theaggerisgroup.com/ransomware/
Title: website

Search URL Search Domain Scan URL

URL: https://www.gosolis.com/
Title: Solis

Search URL Search Domain Scan URL

URL: http://www.sentinelcrypto.com/
Title: Sentinel

Search URL Search Domain Scan URL

URL: https://www.flashpoint-intel.com/
Title: Flashpoint

Search URL Search Domain Scan URL

URL: https://insurance.flcities.com/home/about-us
Title: 550

Search URL Search Domain Scan URL

URL: https://blog.watchpointdata.com/ransomware-scapegoat
Title: interview

Search URL Search Domain Scan URL

URL: https://www.lcfla.com/community/page/press-release-cyber-attack
Title: release

Search URL Search Domain Scan URL

URL: https://www.facebook.com/propublica/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/propublica
Title: YouTube

Search URL Search Domain Scan URL

URL: http://feeds.propublica.org/propublica/main
Title: RSS

Search URL Search Domain Scan URL

URL: https://creativecommons.org/licenses/by-nc-nd/3.0/
Title: Creative Commons License (CC BY-NC-ND 3.0)

Search URL Search Domain Scan URL

URL: https://twitter.com/propublicail
Title: @ProPublicaIL

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/us/app/propublica/id355298887?mt=8
Title: iOS

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.propublica&hl=en
Title: Android

Search URL Search Domain Scan URL

URL: https://www.propub3r6espa33w.onion/
Title: Browse via Tor

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-3742720-1&cid=473372350.1567360586&jid=1555725242&gjid=382426652&_gid=1275250517.1567360586&_u=YGBAgAAB~&z=1966083710 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=473372350.1567360586&jid=1555725242&_v=j79&z=1966083710 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=473372350.1567360586&jid=1555725242&_v=j79&z=1966083710&slf_rd=1&random=1664693603

Request Chain 30

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1200329263&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fthe-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks&ul=en-us&de=UTF-8&dt=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks%20%E2%80%94%20ProPublica&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=newsletter&ea=view&el=l%2F125411%2F2018-11-01%2F5vd2wz%20%2F%20newsletter-signup-header&_u=YGDACEABB~&jid=103544268&gjid=1276446846&cid=473372350.1567360586&tid=UA-3742720-1&_gid=1275250517.1567360586&_r=1&gtm=2wg8l2M4BNWZ&z=1845791638 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3742720-1&cid=473372350.1567360586&jid=103544268&_gid=1275250517.1567360586&gjid=1276446846&_v=j79&z=1845791638 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=473372350.1567360586&jid=103544268&_v=j79&z=1845791638 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=473372350.1567360586&jid=103544268&_v=j79&z=1845791638&slf_rd=1&random=947927830

56 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks Show response
www.propublica.org/article/ 140 KB
32 KB 320ms
241ms Document
text/html 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

91a806d7145682a7a05fa37bb2071677fd57ed8dbcf5e67eef5ae730d5a45d63

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.propublica.org
:scheme: https
:path: /article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
date: Sun, 01 Sep 2019 17:56:25 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d19f75cdff77432a5182972acd16bd0631567360585; expires=Mon, 31-Aug-20 17:56:25 GMT; path=/; domain=.propublica.org; HttpOnly
pragma: cache
x-frame-options: SAMEORIGIN
charset: utf-8
via: 1.1 varnish 1.1 varnish
age: 8704
x-served-by: cache-iad2146-IAD, cache-hhn4081-HHN
x-cache: HIT, HIT
x-cache-hits: 1, 8
x-timer: S1567360585.221791,VS0,VE3
vary: Accept-Encoding
cache-control: max-age=30, public, must-revalidate
strict-transport-security: max-age=10886400; includeSubDomains; preload
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 50f91ee858eacbc0-VIE
content-encoding: br

GET
H2 200 main.c940c276.css
assets.propublica.org/prod/v3/css/ 180 KB
23 KB 445ms
409ms Stylesheet
text/css 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/css/main.c940c276.css
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14d899c079f4273fee842f25741abf870b58e6e46b2984f111fdc0705cdc94d8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Fri, 23 Aug 2019 19:25:17 GMT
server: cloudflare
x-amz-request-id: 126A144F9C5BB300
etag: W/"33cfe44cd896b77591999daa9ac59615"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
status: 200
cf-polished: origSize=185893
cf-ray: 50f91eea1e6ecbc0-VIE
x-amz-id-2: uVHvu/ifO1zk6dVkOjGCucAzznQjecp3JOmVbnKvvTofsZ+dthuf9cmeUMLDwE4NBgnZ9+/+A00=
cf-bgj: minify

GET
H2 200 all.js Show response
www.propublica.org/js/public/assets/ 244 KB
68 KB 405ms
405ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.propublica.org/js/public/assets/all.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1dd1bb70981fb5553d49ff571ff90c1a342c46f280a0fc06d8ff851fd66ec6be

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: HIT
status: 200
content-encoding: br
x-served-by: cache-hhn4070-HHN
last-modified: Thu, 28 Dec 2017 17:20:10 GMT
server: cloudflare
x-timer: S1567160591.937310,VS0,VE3
etag: W/"b5f6dcb837d91cdfe2ec3754d5a06e3d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
expires: Sun, 01 Sep 2019 18:01:25 GMT
cache-control: public, max-age=300
cf-ray: 50f91ee9ddd2cbc0-VIE
x-cache-hits: 1

GET
H/1.1 403
Forbidden bidder-propublica.js
htl.bid/build/ 0
0 523ms
409ms Script
application/xml 13.35.253.6
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://htl.bid/build/bidder-propublica.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.6 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-6.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 beacons.js Show response
www.propublica.org/js/public/assets/ 3 KB
1 KB 282ms
281ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.propublica.org/js/public/assets/beacons.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffdc5a0a06a4c0b1b5c3c2e4271ae9253dd6cb3a4aecfa1da546c8f323d43db4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: HIT
status: 200
content-encoding: br
x-served-by: cache-hhn4068-HHN
last-modified: Thu, 28 Dec 2017 17:20:10 GMT
server: cloudflare
x-timer: S1567160591.016600,VS0,VE188
etag: W/"ba2ec1bd9c42ad6e9fe5f3903627dc5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
expires: Sun, 01 Sep 2019 18:01:25 GMT
cache-control: public, max-age=300
cf-ray: 50f91ee9edf4cbc0-VIE
x-cache-hits: 1

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

a66f5b1f9822b3aa3e5010c56166fb3b9b20c808612daede0cec3a51df38a3f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: meVsrUDmlM/xH9YnW13WTw==
status: 200
content-length: 1780
etag: "4c231779c060a861141328e3a13cdb99"
x-fb-debug: ZD8dawcY9NFSzxUOb75DmRaTzaLmdp44D6tC4vlU6Uk963OjUUbSPQDRidRKFJbuwDpevlfZdsnZqAxeaOUgZw==
x-fb-trip-id: 420120009
x-fb-content-md5: 0bc4c2e55032504510754af71388e1e4
x-frame-options: DENY
date: Sun, 01 Sep 2019 17:56:25 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 01 Sep 2019 17:57:54 GMT

GET
H2 200 20190827-ransomware-insurance-b-3x2.jpg
assets.propublica.org/images/articles/_threeTwo1600w/ 237 KB
237 KB 498ms
470ms Image
image/webp 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.propublica.org/images/articles/_threeTwo1600w/20190827-ransomware-insurance-b-3x2.jpg
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc7056e695cbf862a43a344354fa00fdb19064cd3acd6c387fe518491ba152e1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: A0CDA7A8C3B0491B
cf-polished: qual=85, origFmt=jpeg, origSize=333957
status: 200
content-disposition: inline; filename="20190827-ransomware-insurance-b-3x2.webp"
content-length: 242480
x-amz-id-2: rJFdQ7bzT4gROrkSJDaq909fxbzSrgOQ5zass+HyjnRT3bHi3IdrUhOQh4SiHqAVUdc42zVBjvE=
last-modified: Mon, 26 Aug 2019 23:51:01 GMT
server: cloudflare
etag: "e70a7bb73b9f54c7cb2fcd285dd390d2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Sun, 01 Sep 2019 18:16:25 GMT
cache-control: public, max-age=1200
accept-ranges: bytes
cf-ray: 50f91eea1e71cbc0-VIE
cf-bgj: imgq:85

GET
H2 200 20190829-Ransomeware-Series-3000x2000.jpg
assets.propublica.org/images/series/_threeTwo1200w/ 48 KB
49 KB 196ms
195ms Image
image/webp 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.propublica.org/images/series/_threeTwo1200w/20190829-Ransomeware-Series-3000x2000.jpg
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ed40eba9425cac5136b3c28876292d31341baf301cc612b72c84c3252e9d4d1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: EB0DD148C4A33D2F
cf-polished: qual=85, origFmt=jpeg, origSize=88019
status: 200
content-disposition: inline; filename="20190829-Ransomeware-Series-3000x2000.webp"
content-length: 49512
x-amz-id-2: QuhsIcXeTXLM4FDqfMmhv1EzGIkfzzTokpmKuUJ4tznyPfZmptpwKOkEe/3xff+ditgtlfN3SQs=
last-modified: Thu, 29 Aug 2019 17:37:12 GMT
server: cloudflare
etag: "edcbee74f6819685317b47e7e51ee616"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
accept-ranges: bytes
cf-ray: 50f91eeccff0cbc0-VIE
cf-bgj: imgq:85

GET
H2 200 20190515-ransomware-callout-3x2.jpg
assets.propublica.org/images/articles/_threeTwo1200w/ 59 KB
60 KB 180ms
179ms Image
image/webp 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.propublica.org/images/articles/_threeTwo1200w/20190515-ransomware-callout-3x2.jpg
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b7ecca54173978a1b9191d1c2e32ab0343c894fb0d6cef8c1d4981227e0dd94

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: 3C6B83A19E354A1B
cf-polished: qual=85, origFmt=jpeg, origSize=103540
status: 200
content-disposition: inline; filename="20190515-ransomware-callout-3x2.webp"
content-length: 60594
x-amz-id-2: l1uUyaNVJ7I5l3WXGWUsZtx3bf7wqZTn4mj7tf99XfopbtaZbAbXBMXLz87QQtcrhMWMvw6i3r8=
last-modified: Tue, 14 May 2019 23:40:19 GMT
server: cloudflare
etag: "f689032d0809086e641da064f481129f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Sun, 01 Sep 2019 18:16:25 GMT
cache-control: public, max-age=1200
accept-ranges: bytes
cf-ray: 50f91eeccff1cbc0-VIE
cf-bgj: imgq:85

GET
H2 200 20190515-ransomware-3x2.jpg
assets.propublica.org/images/externals/_threeTwo1200w/ 237 KB
238 KB 161ms
160ms Image
image/webp 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.propublica.org/images/externals/_threeTwo1200w/20190515-ransomware-3x2.jpg
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a65dc0d9ed2e7cb7e3f35f8e3a33a822ffff95fd0e10f2dbac8f3ba001576

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: A8116E3AEB7538E1
cf-polished: qual=85, origFmt=jpeg, origSize=376085
status: 200
content-disposition: inline; filename="20190515-ransomware-3x2.webp"
content-length: 242982
x-amz-id-2: i5NJ+I0KuJ05UB+G432QBHWfVxgDAgq69k2o5xOQ6jFDP55ptPuaTkjf8T8Oqe7nKZd5NyEyCBY=
last-modified: Wed, 15 May 2019 09:00:11 GMT
server: cloudflare
etag: "23d66f7cc34ac9915e2016287494da81"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
accept-ranges: bytes
cf-ray: 50f91eeccff2cbc0-VIE
cf-bgj: imgq:85

GET
H2 200 email-decode.min.js Show response
www.propublica.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
794 B 15ms
14ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.propublica.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 28 Aug 2019 16:36:22 GMT
server: cloudflare
etag: W/"5d66ad86-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
cf-ray: 50f91eeccfe9cbc0-VIE
expires: Tue, 03 Sep 2019 17:56:25 GMT

GET
H2 200 20190830-White-Hate-QA-3x2.jpg
assets.propublica.org/images/articles/_threeTwo1200w/ 86 KB
86 KB 189ms
188ms Image
image/webp 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.propublica.org/images/articles/_threeTwo1200w/20190830-White-Hate-QA-3x2.jpg
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 835813d57721542ec502cb861b6b91f96546ce728a96fabda340539219be096b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: 1529443CBE9950C9
cf-polished: qual=85, origFmt=jpeg, origSize=137255
status: 200
content-disposition: inline; filename="20190830-White-Hate-QA-3x2.webp"
content-length: 88194
x-amz-id-2: 0L7KK8ZrqF7lijgB/e/f63D4SCq73/n9zxIOIZ1dMm/I6GTfCk9rg1WORJ4QiDkP9+J49ExjiRU=
last-modified: Fri, 30 Aug 2019 17:01:34 GMT
server: cloudflare
etag: "144c449ba8194e9f507719c8f2320af4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Sun, 01 Sep 2019 18:16:25 GMT
cache-control: public, max-age=1200
accept-ranges: bytes
cf-ray: 50f91eeccff3cbc0-VIE
cf-bgj: imgq:85

GET
H2 200 20190829-illinois-dcfs-burgos-houses-final-3x2.jpg
assets.propublica.org/images/articles/_threeTwo1200w/ 104 KB
104 KB 139ms
139ms Image
image/webp 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.propublica.org/images/articles/_threeTwo1200w/20190829-illinois-dcfs-burgos-houses-final-3x2.jpg
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d3abad89b5608b6eb87798409b33f6db0cfd0e12d52386d39c589c836956168

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: 7587DB3D1D072965
cf-polished: qual=85, origFmt=jpeg, origSize=172660
status: 200
content-disposition: inline; filename="20190829-illinois-dcfs-burgos-houses-final-3x2.webp"
content-length: 106394
x-amz-id-2: J3VaZ8yNjjKzx5BPwgIEtFOGP/8KGEGqUW6GQADK9bGp5J5ie1sPCtwIbsI3ilVRp1hGa1HCRIY=
last-modified: Mon, 26 Aug 2019 15:38:53 GMT
server: cloudflare
etag: "a42ee3ef33f988420bae3821ef169cf8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Sun, 01 Sep 2019 18:16:25 GMT
cache-control: public, max-age=1200
accept-ranges: bytes
cf-ray: 50f91eed191ecbc0-VIE
cf-bgj: imgq:85

GET
H2 200 20190828-NRA-Powell-3x2.jpg
assets.propublica.org/images/articles/_threeTwo1200w/ 108 KB
108 KB 291ms
290ms Image
image/webp 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.propublica.org/images/articles/_threeTwo1200w/20190828-NRA-Powell-3x2.jpg
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3191aad40d6df851bd4cd0fd11e78619960848fb557a986b57e575b5d096af1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:26 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: F77C95581C1889F1
cf-polished: qual=85, origFmt=jpeg, origSize=193152
status: 200
content-disposition: inline; filename="20190828-NRA-Powell-3x2.webp"
content-length: 110548
x-amz-id-2: a0U+XhxYmOikO4DGzzBU6tBCQOKgYWwuX1l/ud1TQy+Gt8lTrnTnmSzRFbDJ8EECcHn5paSssNw=
last-modified: Wed, 28 Aug 2019 21:27:42 GMT
server: cloudflare
etag: "1e6e0a3b6e50a195b7e748a55c000050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Sun, 01 Sep 2019 18:16:26 GMT
cache-control: public, max-age=1200
accept-ranges: bytes
cf-ray: 50f91eed1924cbc0-VIE
cf-bgj: imgq:85

GET
H2 200 main.c93e90f8.js Show response
assets.propublica.org/prod/v3/js/ 40 KB
13 KB 172ms
171ms Script
application/javascript 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/js/main.c93e90f8.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e1b61267618ecd60fe6c8d3061856e2024c05c49680733465a0bc6df152d3de

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 15 Aug 2019 21:46:14 GMT
server: cloudflare
x-amz-request-id: A3066F6722351A13
etag: W/"55a9d1e60c429dc6d28778f02d3f9f30"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cf-ray: 50f91eeccfeecbc0-VIE
x-amz-id-2: 7rRzO4LJwXQKQqsD85/dPRhuH73Od3Q4oUNY8poxelvM4qpvIiegVzhGzotZQfFjF0eaSxdZbmI=

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 871 B
590 B 30ms
29ms Script
text/javascript 2a00:1450:4001:81d::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=grecaptchaLoaded&render=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

80c58477dbc87c0b570ebf3fc6f7060656594e018dd395e7f08a361a2305b99c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 495
x-xss-protection: 1; mode=block
expires: Sun, 01 Sep 2019 17:56:25 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 88 KB
23 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/js/public/assets/beacons.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

f15f778cd39043a166a29f654b1191bc6fbf8043a8cc3477c42764b14b919dec

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 23404
x-xss-protection: 0
pragma: public
x-fb-debug: TD82s9yvzjbBMpCx7rN+7aIT/PvuUV2eGxRf+rQowWIhb+DiaQKge+PVxniMIldE2Hkdo24ELYCLr/r1/Ffw7g==
x-fb-trip-id: 420120009
x-frame-options: DENY
date: Sun, 01 Sep 2019 17:56:25 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 184 KB
38 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:81a::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M4BNWZ

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/js/public/assets/beacons.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

041bc2c17ec015ef806c668b4eb8810687b52e275e4e528a2abad4e2fa9552ee

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
content-encoding: br
last-modified: Sun, 01 Sep 2019 15:00:00 GMT
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 39247
x-xss-protection: 0
expires: Sun, 01 Sep 2019 17:56:25 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 192 KB
57 KB 8ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=2c952e1342c31f5e377cb70f281d9cbb&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

73c8999d7154f0826d6cf16acda1fe0768dfba39fe2a6b7b0bc808a1b047363b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Origin: https://www.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: qKuPUJfdCsoAu5lCtLw42w==
status: 200
content-length: 58024
etag: "b5a2737e26c5ba91182bbb76c2d59cba"
x-fb-debug: Q0+RraUuJmgbkjW/y1IbEHJ3gaGmkXAONnqmH46psBVFraSqO1beqjYdrZeFPxx4q4P+U4ZDlp+sOdZHvIEftA==
x-fb-trip-id: 420120009
x-fb-content-md5: 994e7ca45c0f092215d85e99daab9754
x-frame-options: DENY
date: Sun, 01 Sep 2019 17:56:25 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Mon, 31 Aug 2020 17:55:29 GMT

GET
H2 200 Graphik-Bold-Web.woff2
assets.propublica.org/prod/v3/fonts/ 34 KB
35 KB 223ms
188ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/fonts/Graphik-Bold-Web.woff2
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c032cdcc121e29848b9216cc0af9818e757e66f35f8ab2af042fa15e339ea48

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.propublica.org/prod/v3/css/main.c940c276.css
Origin: https://www.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 799
status: 200
content-length: 34721
x-amz-request-id: 8917F94FA57129DE
x-amz-id-2: tIihKGBuw5QularpHcaSHhWuuLI/irC1sHaVsyYdXnCjxC5xLm21A83vdqA2AKBsq2nEDVqf0yo=
last-modified: Wed, 31 Jul 2019 16:46:36 GMT
server: cloudflare
etag: "ebc0597eaf0597b8de30b939ddf6b11c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 50f91eed1c39cb98-VIE
expires: Mon, 31 Aug 2020 17:56:25 GMT

GET
H2 200 TiemposHeadlineWeb-Black.woff2
assets.propublica.org/prod/v3/fonts/ 35 KB
36 KB 597ms
563ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/fonts/TiemposHeadlineWeb-Black.woff2
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85480f83cd66d9c8abb804d9b8d05b69cc38070fcc8b761499099e66c003aee0

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.propublica.org/prod/v3/css/main.c940c276.css
Origin: https://www.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:26 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 2012
status: 200
content-length: 36125
x-amz-request-id: 561D24FDBDAB45CE
x-amz-id-2: /yY4jRSK/NxAYyw15umz05CULKNB+sxeUQUrZjFiJIEZ1DcQ/pZdIIAxfnAigbaKI9uMhH1MbbM=
last-modified: Fri, 16 Aug 2019 14:45:13 GMT
server: cloudflare
etag: "1e547434d515975d10fc9bb1f7d270bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 50f91eed1c3ccb98-VIE
expires: Mon, 31 Aug 2020 17:56:26 GMT

GET
H2 200 Graphik-Regular-Web.woff2
assets.propublica.org/prod/v3/fonts/ 30 KB
31 KB 1602ms
1567ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/fonts/Graphik-Regular-Web.woff2
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09c162769cb9779dc01e08dd0cf6e837c72225cef171202eda69ca3b7d9c45f2

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.propublica.org/prod/v3/css/main.c940c276.css
Origin: https://www.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:27 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 2012
status: 200
content-length: 30953
x-amz-request-id: AC9502794D1AD5B3
x-amz-id-2: JhUqLk+bYKeNpYvfUpb5l0CSVcfKH4D75c4mSaBs6jix7rJ8VBAYFCn0J9tpT5hTMu+FvO171yw=
last-modified: Wed, 31 Jul 2019 16:46:36 GMT
server: cloudflare
etag: "1f3881c410d658f75566379cd744c4af"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 50f91eed1c3ecb98-VIE
expires: Mon, 31 Aug 2020 17:56:27 GMT

GET
H2 200 Graphik-RegularItalic-Web.woff2
assets.propublica.org/prod/v3/fonts/ 33 KB
33 KB 1093ms
1058ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/fonts/Graphik-RegularItalic-Web.woff2
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 245a63d4531e6a57a59b542bab7468b771eb3b47081be2e8caa976920816f69d

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.propublica.org/prod/v3/css/main.c940c276.css
Origin: https://www.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:26 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 339
status: 200
content-length: 33425
x-amz-request-id: A5F5712E2097C9FB
x-amz-id-2: 5FKDqZqWhP7rz0ZanStZGvCi6YKVS3lrR7k0MRa0C+LxREbExUDg7Erfg9btG0TfgaoueVwkTRw=
last-modified: Wed, 31 Jul 2019 16:46:36 GMT
server: cloudflare
etag: "78a18ea2a6c8ac92917d337e91eb39b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 50f91eed1c41cb98-VIE
expires: Mon, 31 Aug 2020 17:56:26 GMT

GET
H2 200 TiemposTextWeb-RegularItalic.woff2
assets.propublica.org/prod/v3/fonts/ 56 KB
57 KB 334ms
300ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/fonts/TiemposTextWeb-RegularItalic.woff2
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd92f6c93e22ac7c4a2d92489ee5cd1e931122b449588453e4366f99d106faed

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.propublica.org/prod/v3/css/main.c940c276.css
Origin: https://www.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:26 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 801
status: 200
content-length: 57835
x-amz-request-id: E6D37EF7C081D296
x-amz-id-2: z2RApwmSUXtQQQJLGTwyNGgtT0+IIXP7ZeLBR0mVFGts8G7A/V3dQuqxOWsHDd5zNjT48oGqn+w=
last-modified: Wed, 31 Jul 2019 16:46:36 GMT
server: cloudflare
etag: "45bb942d00ebc3ebcdeb77b6e2e0ad88"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 50f91eed1c46cb98-VIE
expires: Mon, 31 Aug 2020 17:56:26 GMT

GET
H2 200 TiemposTextWeb-Regular.woff2
assets.propublica.org/prod/v3/fonts/ 55 KB
55 KB 250ms
216ms Font
application/octet-stream 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/prod/v3/fonts/TiemposTextWeb-Regular.woff2
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b85918584d7a87585bd579dd207b246fd6656fe55eb3e5ecf605cfd9e832bb3a

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.propublica.org/prod/v3/css/main.c940c276.css
Origin: https://www.propublica.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 800
status: 200
content-length: 56044
x-amz-request-id: E698B4C34709A841
x-amz-id-2: 9G34zpFVs3Fzz4cn3wwW4Y8nyrapcJZVfhTk0Si37hHWZfxW+QO94UDvQp6TgC0cwA29K2QSKI0=
last-modified: Wed, 31 Jul 2019 16:46:36 GMT
server: cloudflare
etag: "b6de382e69480b30c00cafae11a32d17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 50f91eed1c45cb98-VIE
expires: Mon, 31 Aug 2020 17:56:25 GMT

GET
H2 200 132868157351935 Show response
connect.facebook.net/signals/config/ 307 KB
78 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/132868157351935?v=2.9.4&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

d4bf635e4f8bb9e39b0ecaaf7b5989d9a68a4f99e8806039ae686bb23d4934a2

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 79753
x-xss-protection: 0
pragma: public
x-fb-debug: hPbkwymhH2dW1lstLZmbi0YHnAFlv6N861Tauuv7hqE5R/hl1NslGN/XG+SX5uyMcbZ6CviBPG3Rqmgd9BAMFw==
x-fb-trip-id: 420120009
x-frame-options: DENY
date: Sun, 01 Sep 2019 17:56:25 GMT
vary: Origin, Accept-Encoding
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M4BNWZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 1828
date: Sun, 01 Sep 2019 17:25:57 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 17803
expires: Sun, 01 Sep 2019 19:25:57 GMT

GET
H2 200 xd_arbiter.php
staticxx.facebook.com/connect/ Frame 8B42 0
0 6ms
6ms Document
text/html 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://staticxx.facebook.com/connect/xd_arbiter.php?version=44

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=2c952e1342c31f5e377cb70f281d9cbb&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: staticxx.facebook.com
:scheme: https
:path: /connect/xd_arbiter.php?version=44
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Response headers

status: 200
content-type: text/html; charset=utf-8
expires: Sat, 29 Aug 2020 21:02:02 GMT
strict-transport-security: max-age=15552000; preload
content-encoding: br
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: public,max-age=31536000,immutable
x-fb-debug: xQOxi3omo9uxxxdtXRjLdZQlNEPaYsXvfRkTy3ipRhsfRdUvLSM/sTI/cL2YQDgQR4zthYu59ZUrUi78bpuz6Q==
content-length: 11735
x-fb-trip-id: 420120009
date: Sun, 01 Sep 2019 17:56:25 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 99ms
99ms Fetch
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=229862657130557&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fthe-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks&sdk=joey&wants_cookie_data=true

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=2c952e1342c31f5e377cb70f281d9cbb&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.propublica.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
x-fb-debug: ohcVVanOxtbKZa8qfNKLgqvgkeCOIzHFRYqRIKyi91rCiyZ3cp5NcoXBhG8UefaC8tDfTd5E448XUpmfuM0nKQ==
fb-s: unknown
status: 200
x-frame-options: DENY
date: Sun, 01 Sep 2019 17:56:25 GMT
strict-transport-security: max-age=15552000; preload
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.propublica.org
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 0
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
99 B 7ms
6ms Image
image/gif 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1200329263&t=pageview&_s=1&dl=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fthe-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks&ul=en-us&de=UTF-8&dt=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks%20%E2%80%94%20ProPublica&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YGBAgAAB~&jid=1555725242&gjid=382426652&cid=473372350.1567360586&tid=UA-3742720-1&_gid=1275250517.1567360586&gtm=2wg8l2M4BNWZ&cg1=Ransomware%20Enablers&cd1=Item&cd2=Article&cd3=Renee%20Dudley&cd4=Ransomware%20Enablers&cd5=August%2027%2C%202019%2005%3A00%3A00&cd6=National&cd7=&cd8=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks&cd9=site&cd10=en&cd11=166952&z=1280756689

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Aug 2019 08:58:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 637094
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-3742720-1&cid=473372350.1567360586&jid=1555725242&gjid=382426652&_gid=1275250517.1567360586&_u=YGBAgAAB~&z=1966083710
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=473372350.1567360586&jid=1555725242&_v=j79&z=1966083710
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=473372350.1567360586&jid=1555725242&_v=j79&z=1966083710&slf_rd=1&random=1664693603

42 B
109 B

30ms
30ms

Image
image/gif

2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=473372350.1567360586&jid=1555725242&_v=j79&z=1966083710&slf_rd=1&random=1664693603

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Sep 2019 17:56:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 01 Sep 2019 17:56:25 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=473372350.1567360586&jid=1555725242&_v=j79&z=1966083710&slf_rd=1&random=1664693603
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1200329263&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fthe-extortion-economy-how-insurance-companies-are-fueling-a-rise...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3742720-1&cid=473372350.1567360586&jid=103544268&_gid=1275250517.1567360586&gjid=1276446846&_v=j79&z=1845791638
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=473372350.1567360586&jid=103544268&_v=j79&z=1845791638
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=473372350.1567360586&jid=103544268&_v=j79&z=1845791638&slf_rd=1&random=947927830

42 B
109 B

30ms
30ms

Image
image/gif

2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=473372350.1567360586&jid=103544268&_v=j79&z=1845791638&slf_rd=1&random=947927830

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Sep 2019 17:56:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 01 Sep 2019 17:56:25 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3742720-1&cid=473372350.1567360586&jid=103544268&_v=j79&z=1845791638&slf_rd=1&random=947927830
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
105 B 7ms
6ms Image
image/gif 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1200329263&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fthe-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks&ul=en-us&de=UTF-8&dt=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks%20%E2%80%94%20ProPublica&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=newsletter&ea=view&el=BigStory%20-%20Right%20Rail%20%2F%20newsletter-signup-follow-main&_u=YGDACEABB~&jid=&gjid=&cid=473372350.1567360586&tid=UA-3742720-1&_gid=1275250517.1567360586&gtm=2wg8l2M4BNWZ&z=1017952762

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Aug 2019 08:58:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 637094
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
99 B 7ms
7ms Image
image/gif 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1200329263&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fthe-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks&ul=en-us&de=UTF-8&dt=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks%20%E2%80%94%20ProPublica&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=donation&ea=view&el=action-nav&_u=YGDACEABB~&jid=&gjid=&cid=473372350.1567360586&tid=UA-3742720-1&_gid=1275250517.1567360586&gtm=2wg8l2M4BNWZ&z=384792281

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Aug 2019 08:58:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 637094
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 inferredEvents.js Show response
connect.facebook.net/signals/plugins/ 1 KB
914 B 8ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.9.4

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 772
x-xss-protection: 0
pragma: public
x-fb-debug: xqMhMq7YG//vUD8TXTPdSKolcVlVu16llsxxkSqJCJ/iktlOzAVl9TCjOlYwoi0boaLRX+nSvzI2AL9hqL1dgg==
x-fb-trip-id: 420120009
x-frame-options: DENY
date: Sun, 01 Sep 2019 17:56:25 GMT
vary: Origin, Accept-Encoding
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
256 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=132868157351935&ev=PageView&dl=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fthe-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks&rl=&if=false&ts=1567360585869&sw=1600&sh=1200&v=2.9.4&r=stable&ec=0&o=30&fbp=fb.1.1567360585868.1066994873&it=1567360585771&coo=false&rqm=GET

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:25 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Sun, 01 Sep 2019 17:56:25 GMT

GET
H/1.1 200
OK embed.js Show response
propublica.disqus.com/ 65 KB
22 KB 384ms
297ms Script
application/javascript 151.101.12.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://propublica.disqus.com/embed.js

Requested by

Host: assets.propublica.org
URL: https://assets.propublica.org/prod/v3/js/main.c93e90f8.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

openresty /

Resource Hash

eae0eb2220b52090d88eb75b5b8f15caa0c3f23aa3645cd90f059cc76e92653d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 01 Sep 2019 17:56:26 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 21862

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/api2/v1565591531251/ 263 KB
92 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:809::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/api2/v1565591531251/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=grecaptchaLoaded&render=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e37175c872fc53f06ace33890986b1983980812d7130f497a9f0125e78188b7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 25 Aug 2019 03:43:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 12 Aug 2019 17:15:00 GMT
server: sffe
age: 655962
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 93780
x-xss-protection: 0
expires: Mon, 24 Aug 2020 03:43:43 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame FBB9 0
0 38ms
37ms Document
text/html 2a00:1450:4001:81d::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x&co=aHR0cHM6Ly93d3cucHJvcHVibGljYS5vcmc6NDQz&hl=en&v=v1565591531251&size=invisible&cb=tl2641flwogm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/api2/v1565591531251/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-so+3ZHXeieuIKlEIG4yXKw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x&co=aHR0cHM6Ly93d3cucHJvcHVibGljYS5vcmc6NDQz&hl=en&v=v1565591531251&size=invisible&cb=tl2641flwogm
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 01 Sep 2019 17:56:26 GMT
content-security-policy: script-src 'report-sample' 'nonce-so+3ZHXeieuIKlEIG4yXKw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9081
server: GSE
alt-svc: quic=":443"; ma=2592000; v="46,43,39"

GET lounge.c46a5b3df6acec9d5cde6bf8b61aaf6e.css
c.disquscdn.com/next/embed/styles/ 0
0

GET common.bundle.57d935b03ca64a8fc2ae95b8d550f132.js
c.disquscdn.com/next/embed/ 0
0

GET lounge.bundle.10adfde1a6e883b828255fddc56fa508.js
c.disquscdn.com/next/embed/ 0
0

GET config.js
disqus.com/next/ 0
0

POST
H2 200 /
www.facebook.com/tr/ Frame 46E4 0
0 11ms
11ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M4BNWZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 24023
pragma: no-cache
cache-control: no-cache
origin: https://www.propublica.org
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
accept-encoding: gzip, deflate, br
cookie: fr=0Edj9FDMrErWrq9py..BdbAZJ...1.0.BdbAZJ.
Origin: https://www.propublica.org
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Response headers

status: 200
content-type: text/plain
access-control-allow-origin: https://www.propublica.org
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 0
server: proxygen-bolt
date: Sun, 01 Sep 2019 17:56:26 GMT

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame 4B26 0
0 311ms
262ms Document
text/html 151.101.64.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=propublica&t_i=166952&t_u=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fthe-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks&t_e=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks&t_d=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks&t_t=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks&s_o=default

Requested by

Host: propublica.disqus.com
URL: https://propublica.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Response headers

Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 01 Sep 2019 09:40:15 GMT
ETag: W/"lounge:view:7606278614.4aafd08ca1e482078e5b491178b91967.2"
Content-Encoding: gzip
Content-Length: 12485
Date: Sun, 01 Sep 2019 17:56:26 GMT
Age: 0
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 realtime.af77184dec69e96e69aff958ae2bb738.css
c.disquscdn.com/next/embed/styles/ Frame 7DC3 337 B
310 B 27ms
27ms Stylesheet
text/css 2606:4700::6810:50a6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css

Requested by

Host: propublica.disqus.com
URL: https://propublica.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16424287
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 244
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Fri, 02 Nov 2018 00:21:20 GMT
server: cloudflare
fastly-debug-digest: ddbb547324842fbef412f9cb6a75e494efb72ac30deb102492dc2845863dccf3
etag: "5bdb9880-f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
cf-ray: 50f91ef66d07cb9c-VIE
expires: Fri, 08 Nov 2019 10:18:08 GMT

GET
H2 200 realtime.af77184dec69e96e69aff958ae2bb738.css
c.disquscdn.com/next/embed/styles/ Frame 4F5D 337 B
449 B 19ms
18ms Stylesheet
text/css 2606:4700::6810:50a6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css

Requested by

Host: propublica.disqus.com
URL: https://propublica.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16424287
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 244
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Fri, 02 Nov 2018 00:21:20 GMT
server: cloudflare
fastly-debug-digest: ddbb547324842fbef412f9cb6a75e494efb72ac30deb102492dc2845863dccf3
etag: "5bdb9880-f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
cf-ray: 50f91ef67d1fcb9c-VIE
expires: Fri, 08 Nov 2019 10:18:08 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 35 KB
14 KB 20ms
7ms Script
application/x-javascript 2600:9000:2057:1a00:18:1fcd:349:ca21
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/js/public/assets/beacons.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:1a00:18:1fcd:349:ca21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 99fd27cd410417b5633d3fc37196751afc4b3f9ffa5853dedb73cfcb3e810d7c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 16:01:00 GMT
content-encoding: gzip
last-modified: Thu, 01 Aug 2019 01:56:46 GMT
server: nginx
age: 6927
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=7200
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: xlX7_p3_5cS48W1qXRqgqLC4379movRnCScM_xWgvPDPzewTt2JdiQ==
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
expires: Sun, 01 Sep 2019 18:01:00 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 410ms
102ms Script
application/javascript 35.174.151.106
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/js/public/assets/beacons.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: f6652dacc3641651bf842bb18861c6fbb66581a3dd2c41dde3226764740684b6

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 01 Sep 2019 17:56:27 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Mon, 29 Oct 2018 18:54:56 GMT
Server: PardotServer
ETag: "13e7-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1817
Expires: Tue, 31 Aug 2021 17:56:27 GMT

GET
H2 200 / Show response
www.propublica.org/readnext/ 6 KB
1 KB 140ms
140ms XHR
application/json 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.propublica.org/readnext/?url=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fthe-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/js/public/assets/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

98ab4b0483ede6c05e827f3b439aa5fd842e5961a2869262bda1e4575951d2a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload

Request headers

Accept: */*
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 01 Sep 2019 17:56:27 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
age: 26430
x-cache: HIT, HIT
status: 200
content-encoding: br
x-served-by: cache-iad2126-IAD, cache-hhn4065-HHN
server: cloudflare
x-timer: S1567360587.451714,VS0,VE16
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=10886400; includeSubDomains; preload
content-type: application/json
cache-control: max-age=300, public, must-revalidate
cf-ray: 50f91ef6ea45cbc0-VIE
x-cache-hits: 1, 1

GET
H2 200 ping
ping.chartbeat.net/ 43 B
168 B 100ms
99ms Image
image/gif 18.235.138.12
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=propublica.org&p=%2Farticle%2Fthe-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks&u=B7zTP4CImxZFBM5BBz&d=propublica.org&g=1577&g0=Ransomware%20Enablers&g1=Renee%20Dudley&n=1&f=00001&c=0&x=0&m=0&y=16441&o=1585&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=2413&t=DB_ybUC2DmqRExbkcBu3RMJsjPJk&V=116&i=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks%20%E2%80%94%20ProPublica&tz=-120&sn=1&sv=Co__O1bjKYPCCyGerBGOHvNDsaXc&sd=1&im=067b2fff&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.138.12 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-18-235-138-12.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Sun, 01 Sep 2019 17:56:27 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 20190515-ransomware-1x1.jpg
assets.propublica.org/images/articles/_oneOne300w/ 31 KB
32 KB 214ms
213ms Image
image/webp 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.propublica.org/images/articles/_oneOne300w/20190515-ransomware-1x1.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d418d54e8638525764515f2a096d966c87a7ad1801f1a5850274ce18238d1668

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:27 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: 014AA7280E36DF65
cf-polished: qual=85, origFmt=jpeg, origSize=47959
status: 200
content-disposition: inline; filename="20190515-ransomware-1x1.webp"
content-length: 32200
x-amz-id-2: i7xyd72ytOM3WiuZ3cPVrlXAhoZ1LfAbt2xAwfyMF5QEP9/8oEU521kZLeFS8j6PO7lm/ZlXC7Q=
last-modified: Mon, 24 Jun 2019 15:13:56 GMT
server: cloudflare
etag: "7b15862fdbb73cc165454d5a1e1c33e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Sun, 01 Sep 2019 18:16:27 GMT
cache-control: public, max-age=1200
accept-ranges: bytes
cf-ray: 50f91ef7dd12cbc0-VIE
cf-bgj: imgq:85

GET
H2 200 20190515-ransomware-1x1.jpg
assets.propublica.org/images/externals/_oneOne300w/ 31 KB
32 KB 263ms
262ms Image
image/webp 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.propublica.org/images/externals/_oneOne300w/20190515-ransomware-1x1.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d418d54e8638525764515f2a096d966c87a7ad1801f1a5850274ce18238d1668

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:27 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: 210FCA416F528139
cf-polished: qual=85, origFmt=jpeg, origSize=47959
status: 200
content-disposition: inline; filename="20190515-ransomware-1x1.webp"
content-length: 32200
x-amz-id-2: bugFoM8AYTEVmZJXWB7FVulg7vEBmzBUz8CWIQWVpMZyKe6DsQQFec/t2iosxPLvk/lUx4BdqP4=
last-modified: Mon, 01 Jul 2019 17:12:01 GMT
server: cloudflare
etag: "7b15862fdbb73cc165454d5a1e1c33e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
accept-ranges: bytes
cf-ray: 50f91ef7dd16cbc0-VIE
cf-bgj: imgq:85

GET
H2 200 20190515-ransomware-callout-1x1.jpg
assets.propublica.org/images/articles/_oneOne300w/ 13 KB
13 KB 186ms
185ms Image
image/webp 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.propublica.org/images/articles/_oneOne300w/20190515-ransomware-callout-1x1.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74640e552f38b5e61a8b20faa93afbadae892790b45d633184fda5851b6378e8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:27 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: E165600C2DAC6C68
cf-polished: qual=85, origFmt=jpeg, origSize=19858
status: 200
content-disposition: inline; filename="20190515-ransomware-callout-1x1.webp"
content-length: 13160
x-amz-id-2: cRzcMh1kdwV0Mtx0OlQ1RtNxQ981Q2iNY55Salu72okDuqwQgwbIRjxnMu/pmwKwmilsdiXv2ew=
last-modified: Mon, 01 Jul 2019 17:12:00 GMT
server: cloudflare
etag: "298b34f70ba9169adab9dae766082995"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Sun, 01 Sep 2019 18:16:27 GMT
cache-control: public, max-age=1200
accept-ranges: bytes
cf-ray: 50f91ef7dd18cbc0-VIE
cf-bgj: imgq:85

GET
H2 200 20190830-White-Hate-QA-1x1.jpg
assets.propublica.org/images/articles/_oneOne300w/ 20 KB
21 KB 164ms
163ms Image
image/webp 2606:4700::6812:d026
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.propublica.org/images/articles/_oneOne300w/20190830-White-Hate-QA-1x1.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d026 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 163c24f71c40d65240b0f5d86df493a420fc1e013820e51076a90af69f4ed470

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Sep 2019 17:56:27 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: FC536DDBB32AA02A
cf-polished: qual=85, origFmt=jpeg, origSize=27080
status: 200
content-disposition: inline; filename="20190830-White-Hate-QA-1x1.webp"
content-length: 20820
x-amz-id-2: mx511pmzRqmzoXlKdgUMsokhv8cHsuhsbGsZKsbV2tnXLNsSmps6gukx6e5QEu101bhhQHC2Drs=
last-modified: Fri, 30 Aug 2019 17:06:24 GMT
server: cloudflare
etag: "d2967a8ade978237885c383cd1863295"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Sun, 01 Sep 2019 18:16:27 GMT
cache-control: public, max-age=1200
accept-ranges: bytes
cf-ray: 50f91ef7dd1ccbc0-VIE
cf-bgj: imgq:85

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 1 KB
1 KB 140ms
139ms Script
text/javascript 35.174.151.106
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&pi_opt_in=&campaign_id=1035&account_id=126411&title=The%20Extortion%20Economy%3A%20How%20Insurance%20Companies%20Are%20Fueling%20a%20Rise%20in%20Ransomware%20Attacks%20%E2%80%94%20ProPublica&url=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fthe-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b63dab5652337940f4cd8bbceaef0c8ac28de05b0b43525144cdf80b619851a0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 01 Sep 2019 17:56:27 GMT
Content-Encoding: gzip
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 16/1/75
Vary: Accept-Encoding,User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 649
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.c46a5b3df6acec9d5cde6bf8b61aaf6e.css

Domain: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.57d935b03ca64a8fc2ae95b8d550f132.js

Domain: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.10adfde1a6e883b828255fddc56fa508.js

Domain: disqus.com
URL: https://disqus.com/next/config.js

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-19 07:46:11	Name: NID Value: 188=dXJNb4Uq5kz3SI7ECri-7cK4p8Ce4ZIaB4gaH-AjqkUa0TDAGa1ePJvaMTvqGLJiQgzkyv2EcBCxgs6qTqgjdA0W_ccm-1WNl1xiHLv_erLdcpb4vNOj12iGcFqITMeCNCVQtQEVY32F_4HZnqmOCEFJ9KRSK_unQFHhXPlNqg4
.propublica.org/	1970-01-19 12:08:16	Name: pp_page_count Value: 1
.propublica.org/	1970-01-19 05:32:16	Name: _fbp Value: fb.1.1567360585868.1066994873
.propublica.org/	1970-01-19 03:22:40	Name: _gat_UA-3742720-1 Value: 1
.propublica.org/	1970-01-19 03:22:40	Name: _dc_gtm_UA-3742720-1 Value: 1
.propublica.org/	1970-01-19 03:24:06	Name: _gid Value: GA1.2.1275250517.1567360586
.facebook.com/	1970-01-19 05:32:16	Name: fr Value: 0Edj9FDMrErWrq9py..BdbAZJ...1.0.BdbAZJ.
www.propublica.org/	1970-01-19 12:08:16	Name: pp-tracking Value: {"pageCount":0}
.propublica.org/	1970-01-19 12:08:16	Name: pp_newsletter_roadblock_display Value: true
.propublica.org/	1970-01-19 20:53:52	Name: _ga Value: GA1.2.473372350.1567360586
.propublica.org/	1970-01-19 12:08:16	Name: __cfduid Value: d19f75cdff77432a5182972acd16bd0631567360585

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.propublica.org/js/public/assets/all.js(Line 645) Message: JQMIGRATE: Logging is active
console-api	warning	URL: https://www.propublica.org/js/public/assets/all.js(Line 647) Message: JQMIGRATE: jQuery.browser is deprecated
console-api	log	URL: https://www.propublica.org/js/public/assets/all.js(Line 647) Message: console.trace
console-api	log	(Line 1) Message: WARNING: disqus_config also set in Google Tag Manager, tag name CHTML - Disqus GTM Callback. Concatenating functions and executing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.propublica.org
c.disquscdn.com
connect.facebook.net
disqus.com
htl.bid
pi.pardot.com
ping.chartbeat.net
propublica.disqus.com
static.chartbeat.com
staticxx.facebook.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.propublica.org
c.disquscdn.com
disqus.com
13.35.253.6
151.101.12.134
151.101.64.134
18.235.138.12
2600:9000:2057:1a00:18:1fcd:349:ca21
2606:4700::6810:50a6
2606:4700::6812:d026
2a00:1450:4001:809::2003
2a00:1450:4001:814::200e
2a00:1450:4001:81a::2008
2a00:1450:4001:81d::2003
2a00:1450:4001:81d::2004
2a00:1450:400c:c00::9a
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
35.174.151.106
041bc2c17ec015ef806c668b4eb8810687b52e275e4e528a2abad4e2fa9552ee
09c162769cb9779dc01e08dd0cf6e837c72225cef171202eda69ca3b7d9c45f2
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14d899c079f4273fee842f25741abf870b58e6e46b2984f111fdc0705cdc94d8
163c24f71c40d65240b0f5d86df493a420fc1e013820e51076a90af69f4ed470
1b7ecca54173978a1b9191d1c2e32ab0343c894fb0d6cef8c1d4981227e0dd94
1d3abad89b5608b6eb87798409b33f6db0cfd0e12d52386d39c589c836956168
1dd1bb70981fb5553d49ff571ff90c1a342c46f280a0fc06d8ff851fd66ec6be
245a63d4531e6a57a59b542bab7468b771eb3b47081be2e8caa976920816f69d
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
470a65dc0d9ed2e7cb7e3f35f8e3a33a822ffff95fd0e10f2dbac8f3ba001576
5ed40eba9425cac5136b3c28876292d31341baf301cc612b72c84c3252e9d4d1
73c8999d7154f0826d6cf16acda1fe0768dfba39fe2a6b7b0bc808a1b047363b
74640e552f38b5e61a8b20faa93afbadae892790b45d633184fda5851b6378e8
7e1b61267618ecd60fe6c8d3061856e2024c05c49680733465a0bc6df152d3de
80c58477dbc87c0b570ebf3fc6f7060656594e018dd395e7f08a361a2305b99c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
835813d57721542ec502cb861b6b91f96546ce728a96fabda340539219be096b
85480f83cd66d9c8abb804d9b8d05b69cc38070fcc8b761499099e66c003aee0
8c032cdcc121e29848b9216cc0af9818e757e66f35f8ab2af042fa15e339ea48
91a806d7145682a7a05fa37bb2071677fd57ed8dbcf5e67eef5ae730d5a45d63
98ab4b0483ede6c05e827f3b439aa5fd842e5961a2869262bda1e4575951d2a5
99fd27cd410417b5633d3fc37196751afc4b3f9ffa5853dedb73cfcb3e810d7c
a66f5b1f9822b3aa3e5010c56166fb3b9b20c808612daede0cec3a51df38a3f9
b63dab5652337940f4cd8bbceaef0c8ac28de05b0b43525144cdf80b619851a0
b85918584d7a87585bd579dd207b246fd6656fe55eb3e5ecf605cfd9e832bb3a
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d3191aad40d6df851bd4cd0fd11e78619960848fb557a986b57e575b5d096af1
d418d54e8638525764515f2a096d966c87a7ad1801f1a5850274ce18238d1668
d4bf635e4f8bb9e39b0ecaaf7b5989d9a68a4f99e8806039ae686bb23d4934a2
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dd92f6c93e22ac7c4a2d92489ee5cd1e931122b449588453e4366f99d106faed
e37175c872fc53f06ace33890986b1983980812d7130f497a9f0125e78188b7e
eae0eb2220b52090d88eb75b5b8f15caa0c3f23aa3645cd90f059cc76e92653d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f15f778cd39043a166a29f654b1191bc6fbf8043a8cc3477c42764b14b919dec
f6652dacc3641651bf842bb18861c6fbb66581a3dd2c41dde3226764740684b6
fc7056e695cbf862a43a344354fa00fdb19064cd3acd6c387fe518491ba152e1
ffdc5a0a06a4c0b1b5c3c2e4271ae9253dd6cb3a4aecfa1da546c8f323d43db4

www.propublica.org Open in urlscan Pro 2606:4700::6812:d026 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

56 Requests

93 %HTTPS

69 %IPv6

15 Domains

18 Subdomains

16 IPs

4 Countries

1715 kBTransfer

3024 kBSize

11 Cookies

39 Outgoing links

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.propublica.org Open in urlscan Pro
2606:4700::6812:d026 Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

93 %
HTTPS

69 %
IPv6

15
Domains

18
Subdomains

16
IPs

4
Countries

1715 kB
Transfer

3024 kB
Size

11
Cookies

56 HTTP transactions
0 data transactions