www.wsj.com Open in urlscan Pro
2600:9000:211a:8800:3:4b0:de80:93a1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://sl.cloudplatformonline.com/t/101147/c/ad02a705-56d3-4fa2-bd2b-dbd38a5ca669/NB2HI4DTHIXS653XO4XHO43KFZRW63JPMFZHI2LDNRSXGL3J...
Effective URL:
https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Submission: On February 02 via manual (February 2nd 2023, 10:00:23 am UTC) from GB — Scanned from GB

Summary HTTP 184 Redirects Links 76 Behaviour Indicators

Summary

This website contacted 37 IPs in 7 countries across 25 domains to perform 184 HTTP transactions. The main IP is 2600:9000:211a:8800:3:4b0:de80:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.wsj.com. The Cisco Umbrella rank of the primary domain is 10759.
TLS certificate: Issued by Amazon on October 2nd 2022. Valid for: a year.

This is the only time www.wsj.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.54.44.30 52.54.44.30	14618 (AMAZON-AES) (AMAZON-AES)
1 1	3.124.93.199 3.124.93.199	16509 (AMAZON-02) (AMAZON-02)
25	2600:9000:211... 2600:9000:211a:8800:3:4b0:de80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	63.33.156.146 63.33.156.146	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	13.32.110.36 13.32.110.36	16509 (AMAZON-02) (AMAZON-02)
2	23.35.237.151 23.35.237.151	16625 (AKAMAI-AS) (AKAMAI-AS)
3	13.32.28.197 13.32.28.197	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400d:80c::200d	15169 (GOOGLE) (GOOGLE)
1 9	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	13.227.219.105 13.227.219.105	16509 (AMAZON-02) (AMAZON-02)
1	52.216.205.125 52.216.205.125	16509 (AMAZON-02) (AMAZON-02)
29	2600:9000:206... 2600:9000:206f:0:1a:635e:8fc0:93a1	16509 (AMAZON-02) (AMAZON-02)
19	2600:9000:214... 2600:9000:214f:bc00:e:b675:f600:93a1	16509 (AMAZON-02) (AMAZON-02)
1	13.32.27.119 13.32.27.119	16509 (AMAZON-02) (AMAZON-02)
16	99.86.4.102 99.86.4.102	16509 (AMAZON-02) (AMAZON-02)
6	13.227.219.28 13.227.219.28	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:211... 2600:9000:211a:1600:f:5016:900:93a1	16509 (AMAZON-02) (AMAZON-02)
2	99.86.3.236 99.86.3.236	16509 (AMAZON-02) (AMAZON-02)
1	34.241.144.75 34.241.144.75	16509 (AMAZON-02) (AMAZON-02)
2	13.42.74.150 13.42.74.150	16509 (AMAZON-02) (AMAZON-02)
3	65.9.66.17 65.9.66.17	16509 (AMAZON-02) (AMAZON-02)
4	2a02:26f0:11a... 2a02:26f0:11a:391::268b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2600:9000:211... 2600:9000:211a:5c00:6:60db:a3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
6	13.227.219.41 13.227.219.41	16509 (AMAZON-02) (AMAZON-02)
3	147.75.83.64 147.75.83.64	54825 (PACKET) (PACKET)
1 3	54.216.3.241 54.216.3.241	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400d:807::200a	15169 (GOOGLE) (GOOGLE)
5	147.75.85.120 147.75.85.120	54825 (PACKET) (PACKET)
1	2600:9000:214... 2600:9000:214f:3200:19:3d3:51c0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	52.215.109.101 52.215.109.101	16509 (AMAZON-02) (AMAZON-02)
1	15.236.117.205 15.236.117.205	16509 (AMAZON-02) (AMAZON-02)
1 1	54.229.62.148 54.229.62.148	16509 (AMAZON-02) (AMAZON-02)
10	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
2	3.218.191.213 3.218.191.213	14618 (AMAZON-AES) (AMAZON-AES)
3	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
184	37

1 52.54.44.30 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-44-30.compute-1.amazonaws.com

sl.cloudplatformonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.124.93.199 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-93-199.eu-central-1.compute.amazonaws.com

app.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2600:9000:211a:8800:3:4b0:de80:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.wsj.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.33.156.146 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-156-146.eu-west-1.compute.amazonaws.com

segment-data.zqtk.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.110.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-36.vie50.r.cloudfront.net

us.tags.newscgp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.237.151 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-151.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.28.197 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-28-197.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80c::200d (Ireland)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:830::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

news.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.219.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-105.ams54.r.cloudfront.net

sts3.wsj.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.205.125 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2600:9000:206f:0:1a:635e:8fc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

asset.barrons.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2600:9000:214f:bc00:e:b675:f600:93a1 (United States)

ASN16509 (AMAZON-02, US)

images.wsj.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-119.fra56.r.cloudfront.net

ats-wrapper.privacymanager.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 99.86.4.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-102.fra6.r.cloudfront.net

cdn.privacy-mgmt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.227.219.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-28.ams54.r.cloudfront.net

video-api.wsj.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211a:1600:f:5016:900:93a1 (United States)

ASN16509 (AMAZON-02, US)

accounts.wsj.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.3.236 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-236.fra6.r.cloudfront.net

aax-dtb-cf.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.241.144.75 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-144-75.eu-west-1.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.42.74.150 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-42-74-150.eu-west-2.compute.amazonaws.com

geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.66.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-17.fra56.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:11a:391::268b (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

cdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:211a:5c00:6:60db:a3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

video-api.shdsvc.dowjones.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.227.219.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-41.ams54.r.cloudfront.net

m.wsj.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 147.75.83.64 (Schiphol, Netherlands)

ASN54825 (PACKET, US)

p1cluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
comcluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.216.3.241 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-3-241.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:807::200a (Ireland)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 147.75.85.120 (Schiphol, Netherlands)

ASN54825 (PACKET, US)

api.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:3200:19:3d3:51c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.wsj.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.109.101 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

dowjones.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.236.117.205 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-117-205.eu-west-3.compute.amazonaws.com

oms.dowjoneson.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.229.62.148 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-62-148.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.218.191.213 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-218-191-213.compute-1.amazonaws.com

wsjstream.wsj.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.247.241.14 (Lake Oswego, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	wsj.com www.wsj.com — Cisco Umbrella Rank: 10759 video-api.wsj.com — Cisco Umbrella Rank: 13974 accounts.wsj.com — Cisco Umbrella Rank: 22421	1 MB
29	barrons.com asset.barrons.com — Cisco Umbrella Rank: 30052	916 KB
29	wsj.net sts3.wsj.net — Cisco Umbrella Rank: 14287 images.wsj.net — Cisco Umbrella Rank: 14899 m.wsj.net — Cisco Umbrella Rank: 17610 s.wsj.net — Cisco Umbrella Rank: 18014 wsjstream.wsj.net — Cisco Umbrella Rank: 12847	2 MB
17	google.com 1 redirects accounts.google.com — Cisco Umbrella Rank: 75 news.google.com — Cisco Umbrella Rank: 5696 play.google.com — Cisco Umbrella Rank: 16	159 KB
16	privacy-mgmt.com cdn.privacy-mgmt.com — Cisco Umbrella Rank: 4857	305 KB
12	cxense.com cdn.cxense.com — Cisco Umbrella Rank: 4746 p1cluster.cxense.com — Cisco Umbrella Rank: 8155 api.cxense.com — Cisco Umbrella Rank: 8911 comcluster.cxense.com — Cisco Umbrella Rank: 5764 id.cxense.com — Cisco Umbrella Rank: 10944	98 KB
10	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 314	26 KB
7	gstatic.com www.gstatic.com	159 KB
5	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 291 aax-dtb-cf.amazon-adsystem.com — Cisco Umbrella Rank: 488	52 KB
5	moatads.com z.moatads.com — Cisco Umbrella Rank: 428 mb.moatads.com — Cisco Umbrella Rank: 722 geo.moatads.com — Cisco Umbrella Rank: 747	106 KB
4	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 197 dowjones.demdex.net — Cisco Umbrella Rank: 16224	6 KB
3	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 208	1 KB
3	dowjones.io video-api.shdsvc.dowjones.io — Cisco Umbrella Rank: 15901	4 KB
3	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 1725	64 KB
3	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190	158 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1000	517 B
1	dowjoneson.com oms.dowjoneson.com — Cisco Umbrella Rank: 13972	458 B
1	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 432	123 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 198	6 KB
1	privacymanager.io ats-wrapper.privacymanager.io — Cisco Umbrella Rank: 3789	44 KB
1	amazonaws.com s3.amazonaws.com	657 B
1	newscgp.com us.tags.newscgp.com — Cisco Umbrella Rank: 8055	157 KB
1	zqtk.net segment-data.zqtk.net — Cisco Umbrella Rank: 9612	336 B
1	salesloft.com 1 redirects app.salesloft.com — Cisco Umbrella Rank: 33958	575 B
1	cloudplatformonline.com 1 redirects sl.cloudplatformonline.com	349 B
184	25

	Domain	Requested by
29	asset.barrons.com	www.wsj.com asset.barrons.com
25	www.wsj.com	www.wsj.com
19	images.wsj.net	www.wsj.com
16	cdn.privacy-mgmt.com	www.wsj.com cdn.privacy-mgmt.com
10	js-agent.newrelic.com	www.wsj.com
9	news.google.com	1 redirects www.wsj.com news.google.com www.gstatic.com
7	play.google.com	www.gstatic.com
7	www.gstatic.com	news.google.com www.gstatic.com
6	m.wsj.net	www.wsj.com
6	video-api.wsj.com	www.wsj.com
5	api.cxense.com	www.wsj.com
4	cdn.cxense.com	www.wsj.com cdn.cxense.com
3	bam.nr-data.net	www.wsj.com
3	dpm.demdex.net	1 redirects www.wsj.com
3	video-api.shdsvc.dowjones.io	www.wsj.com
3	tagan.adlightning.com	www.wsj.com
3	c.amazon-adsystem.com	www.wsj.com
3	securepubads.g.doubleclick.net	www.wsj.com
2	wsjstream.wsj.net	www.wsj.com
2	geo.moatads.com	z.moatads.com
2	aax-dtb-cf.amazon-adsystem.com	www.wsj.com
2	z.moatads.com	www.wsj.com
1	cm.everesttech.net	1 redirects
1	oms.dowjoneson.com	www.wsj.com
1	dowjones.demdex.net	www.wsj.com
1	id.cxense.com	www.wsj.com
1	comcluster.cxense.com	cdn.cxense.com
1	s.wsj.net	www.wsj.com
1	imasdk.googleapis.com	www.wsj.com
1	p1cluster.cxense.com	cdn.cxense.com
1	mb.moatads.com	z.moatads.com
1	accounts.wsj.com	www.wsj.com
1	cdnjs.cloudflare.com	www.wsj.com
1	ats-wrapper.privacymanager.io	www.wsj.com
1	s3.amazonaws.com	www.wsj.com
1	sts3.wsj.net	www.wsj.com
1	accounts.google.com	www.wsj.com
1	us.tags.newscgp.com	www.wsj.com
1	segment-data.zqtk.net	www.wsj.com
1	app.salesloft.com	1 redirects
1	sl.cloudplatformonline.com	1 redirects
184	41

This site contains links to these domains. Also see Links.

Domain
www.barrons.com
bigcharts.marketwatch.com
newscorp.com
www.dowjones.com
global.factiva.com
www.fnlondon.com
www.mansionglobal.com
www.marketwatch.com
www.getnewsmart.com
newsplus.wsj.com
djlogin.dowjones.com
conferences.wsj.com
www.avail.co
www.theaustralian.com.au
www.harpercollins.com
housing.com
www.makaan.com
nypost.com
www.rea-group.com
www.realtor.com
storyful.com
www.thesun.co.uk
www.thetimes.co.uk
store.wsj.com
accounts.wsj.com
www.wsjplus.com
wsjshop.com
www.wsjwine.com
blogs.wsj.com
subscribe.wsj.com
subscription.wsj.com
corporate.wsj.com
education.wsj.com
highschool.wsj.com
publiclibrary.wsj.com
commercialpartnerships.wsj.com
customercenter.wsj.com
www.wsjmediakit.com
classifieds.wsj.com
wsjbg-adsmanager.com
wsj.com
wsj.jobs
www.djreprints.com
www.facebook.com
twitter.com
www.instagram.com
www.youtube.com
www.snapchat.com
play.google.com
apps.apple.com
mansionglobal.com
wsjpro.com
dowjones.com

Subject Issuer	Validity	Valid
www.wsj.com Amazon	`2022-10-02` - `2023-11-01`	a year	crt.sh
*.zqtk.net Amazon	`2022-07-18` - `2023-08-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
us.tags.newscgp.com Amazon	`2022-04-06` - `2023-05-04`	a year	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
accounts.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.news.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
sts3.wsj.net Amazon	`2022-10-04` - `2023-11-03`	a year	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2022-12-06` - `2023-12-05`	a year	crt.sh
asset.barrons.com Amazon	`2022-10-02` - `2023-11-01`	a year	crt.sh
images.wsj.net Amazon	`2022-10-09` - `2023-11-06`	a year	crt.sh
*.privacymanager.io Amazon	`2022-08-26` - `2023-09-24`	a year	crt.sh
*.privacy-mgmt.com Amazon RSA 2048 M02	`2022-11-07` - `2023-12-06`	a year	crt.sh
video-api.wsj.com Amazon RSA 2048 M02	`2022-10-13` - `2023-11-11`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
accounts.dowjones.com Amazon	`2022-03-09` - `2023-04-07`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon	`2022-06-15` - `2023-06-15`	a year	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-05`	a year	crt.sh
*.adlightning.com Amazon	`2022-06-09` - `2023-07-07`	a year	crt.sh
*.cxense.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-17` - `2023-04-17`	a year	crt.sh
video-api.shdsvc.dowjones.io Amazon	`2022-03-31` - `2023-04-29`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
m.wsj.net Amazon	`2022-09-22` - `2023-10-20`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
s.wsj.net Amazon	`2022-10-02` - `2023-11-01`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
oms.dowjoneson.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-10` - `2024-01-10`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-07-10` - `2023-08-11`	a year	crt.sh
bluegrass.mktdata.dowjones.io Amazon	`2022-07-27` - `2023-08-25`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Frame ID: 9F7C3F13288CB7BEC21C88F3E644A3D4
Requests: 154 HTTP requests in this frame

Frame: https://z.moatads.com/hd09824092/iframe.html
Frame ID: ADD2AF7F8F554F62678480C32FC87E39
Requests: 1 HTTP requests in this frame

Frame: https://news.google.com/swg/ui/v1/serviceiframe?_=465370&publicationId=wsj.com
Frame ID: 37F0C129504CAB30B4C08D1418A1364C
Requests: 14 HTTP requests in this frame

Frame: https://cdn.cxense.com/sp1.html
Frame ID: E5267E1D49909B1FF023B8DB37E5DE16
Requests: 4 HTTP requests in this frame

Frame: https://cdn.privacy-mgmt.com/index.html?message_id=718122&consentUUID=null&requestUUID=1155df93-7ad1-497a-90f5-a221953f7d91&preload_message=true&hasCsp=true&version=v1&consentLanguage=en
Frame ID: 8FF3CBFF0315460DEB7E989FE8C7E070
Requests: 8 HTTP requests in this frame

Frame: https://dowjones.demdex.net/dest5.html?d_nsid=0
Frame ID: 1421450BF8C4580EA8452A7D1D4156B5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Inside a Ransomware Hit at Nordic Choice Hotels - WSJCloseClosePlaySound OnShareClosed Captions Inactive

Page URL History Show full URLs

https://sl.cloudplatformonline.com/t/101147/c/ad02a705-56d3-4fa2-bd2b-dbd38a5ca669/NB2HI4DTHIXS653XO4XHO43KFZRW... HTTP 302
https://app.salesloft.com/t/101147/c/ad02a705-56d3-4fa2-bd2b-dbd38a5ca669/NB2HI4DTHIXS653XO4XHO43KFZRW... HTTP 302
https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406 Page URL

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

<meta[^>]*google-signin-client_id
accounts\.google\.com/gsi/client

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Page Statistics

184
Requests

98 %
HTTPS

36 %
IPv6

25
Domains

41
Subdomains

37
IPs

7
Countries

6029 kB
Transfer

14361 kB
Size

23
Cookies

76 Outgoing links

These are links going to different origins than the main page.

URL: https://www.barrons.com/
Title: Barron's

Search URL Search Domain Scan URL

URL: https://bigcharts.marketwatch.com/
Title: BigCharts

Search URL Search Domain Scan URL

URL: https://newscorp.com/business/dow-jones/
Title: Dow Jones Businesses

Search URL Search Domain Scan URL

URL: https://www.dowjones.com/
Title: Dow Jones Newswires

Search URL Search Domain Scan URL

URL: https://global.factiva.com/factivalogin/login.asp?productname=global
Title: Factiva

Search URL Search Domain Scan URL

URL: https://www.fnlondon.com/
Title: Financial News

Search URL Search Domain Scan URL

URL: https://www.mansionglobal.com/
Title: Mansion Global

Search URL Search Domain Scan URL

URL: https://www.marketwatch.com/
Title: MarketWatch

Search URL Search Domain Scan URL

URL: https://www.getnewsmart.com/
Title: Newsmart

Search URL Search Domain Scan URL

URL: https://newsplus.wsj.com/
Title: NewsPlus

Search URL Search Domain Scan URL

URL: https://djlogin.dowjones.com/login.asp?productname=rnc
Title: Risk & Compliance

Search URL Search Domain Scan URL

URL: https://conferences.wsj.com/
Title: WSJ Live

Search URL Search Domain Scan URL

URL: https://www.avail.co/
Title: Avail

Search URL Search Domain Scan URL

URL: https://www.theaustralian.com.au/business
Title: Business Spectator

Search URL Search Domain Scan URL

URL: https://www.harpercollins.com/
Title: HarperCollins Publishers

Search URL Search Domain Scan URL

URL: https://housing.com/
Title: Housing

Search URL Search Domain Scan URL

URL: https://www.makaan.com/
Title: Makaan

Search URL Search Domain Scan URL

URL: https://nypost.com/
Title: New York Post

Search URL Search Domain Scan URL

URL: https://www.rea-group.com/
Title: REA

Search URL Search Domain Scan URL

URL: https://www.realtor.com/
Title: realtor.com

Search URL Search Domain Scan URL

URL: https://storyful.com/
Title: Storyful

Search URL Search Domain Scan URL

URL: https://www.theaustralian.com.au/
Title: The Australian

Search URL Search Domain Scan URL

URL: https://www.thesun.co.uk/
Title: The Sun

Search URL Search Domain Scan URL

URL: https://www.thetimes.co.uk/
Title: The Times

Search URL Search Domain Scan URL

URL: https://store.wsj.com/shop/emea/wsjaoemea23/?inttrackingCode=aaqyhdia&icid=WSJ_ON_ALL_ACQ_NA&cx_campaign=WSJEMEAFSFY23&navSource=subscribeTextLink
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://accounts.wsj.com/login?target=https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Title: Sign In

Search URL Search Domain Scan URL

URL: https://store.wsj.com/shop/emea/wsjaoemea23/?inttrackingCode=aaqyhdia&icid=WSJ_ON_ALL_ACQ_NA&cx_campaign=WSJEMEAFSFY23
Title: Special Offer

Search URL Search Domain Scan URL

URL: https://www.wsjplus.com/?mod=wsjheader
Title: WSJ+

Search URL Search Domain Scan URL

URL: https://wsjshop.com/?mod=wsjheader
Title: WSJ Shop

Search URL Search Domain Scan URL

URL: https://www.wsjwine.com/?mod=wsjheader&utm_source=WSJ&utm_medium=Website&utm_campaign=Navigation&utm_content=More_Menu
Title: WSJwine

Search URL Search Domain Scan URL

URL: https://blogs.wsj.com/washwire/?mod=nav_top_subsection
Title: Washington Wire

Search URL Search Domain Scan URL

URL: https://subscribe.wsj.com/hpfooterlink
Title: Subscribe Now

Search URL Search Domain Scan URL

URL: https://www.wsjplus.com/?mod=wsjfooter
Title: WSJ+ Membership Benefits

Search URL Search Domain Scan URL

URL: https://subscribe.wsj.com/membership
Title: Subscription Options

Search URL Search Domain Scan URL

URL: https://subscription.wsj.com/wsj-com-wall-street-journal/?mod=wsjfooter
Title: Why Subscribe?

Search URL Search Domain Scan URL

URL: https://corporate.wsj.com/?mod=djm_wsjfooter_44670&LS=Website&utm_source=Website&utm_campaign=wsjfooter
Title: Corporate Subscriptions

Search URL Search Domain Scan URL

URL: https://education.wsj.com/?mod=wsjfooter
Title: Professor Journal

Search URL Search Domain Scan URL

URL: https://education.wsj.com/students/?mod=wsjfooter
Title: Student Journal

Search URL Search Domain Scan URL

URL: https://highschool.wsj.com/?mod=wsjfooter
Title: WSJ High School Program

Search URL Search Domain Scan URL

URL: https://publiclibrary.wsj.com/?mod=wsjfooter
Title: Public Library Program

Search URL Search Domain Scan URL

URL: https://conferences.wsj.com/?mod=wsjfooter
Title: WSJ Live

Search URL Search Domain Scan URL

URL: https://commercialpartnerships.wsj.com/?mod=CP_PRT_BRD_FTR
Title: Commercial Partnerships

Search URL Search Domain Scan URL

URL: https://customercenter.wsj.com/home
Title: Customer Center

Search URL Search Domain Scan URL

URL: https://customercenter.wsj.com/contact
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://customercenter.wsj.com/subscription-cancel?subtype=wsj
Title: Cancel My Subscription

Search URL Search Domain Scan URL

URL: https://www.wsjmediakit.com/
Title: Advertise

Search URL Search Domain Scan URL

URL: https://classifieds.wsj.com/advertise/real-estate-commercial/
Title: Commercial Real Estate Ads

Search URL Search Domain Scan URL

URL: https://classifieds.wsj.com/
Title: Place a Classified Ad

Search URL Search Domain Scan URL

URL: https://classifieds.wsj.com/ad/Business-For-Sale-Ads
Title: Sell Your Business

Search URL Search Domain Scan URL

URL: https://classifieds.wsj.com/advertise/real-estate-residential/
Title: Sell Your Home

Search URL Search Domain Scan URL

URL: https://classifieds.wsj.com/advertise/careers/
Title: Recruitment & Career Ads

Search URL Search Domain Scan URL

URL: https://wsjbg-adsmanager.com/?action=login
Title: Digital Self Service

Search URL Search Domain Scan URL

URL: https://wsj.com/partner
Title: Content Partnerships

Search URL Search Domain Scan URL

URL: https://wsj.jobs/
Title: Jobs at WSJ

Search URL Search Domain Scan URL

URL: https://customercenter.wsj.com/register
Title: Register for Free

Search URL Search Domain Scan URL

URL: https://www.djreprints.com/
Title: Reprints & Licensing

Search URL Search Domain Scan URL

URL: https://wsjshop.com/?mod=wsjfooter
Title: Buy Issues

Search URL Search Domain Scan URL

URL: https://wsjshop.com/collections/clothing?mod=wsjfooter
Title: WSJ Shop

Search URL Search Domain Scan URL

URL: https://www.facebook.com/wsj
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/WSJ
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/wsj/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/WSJDigitalNetwork
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.snapchat.com/discover/Wall-Street-Journal/4806310285
Title: Snapchat

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=wsj.reader_sp
Title: Google Play

Search URL Search Domain Scan URL

URL: https://apps.apple.com/us/app/the-wall-street-journal/id364387007?mt=8
Title: App Store

Search URL Search Domain Scan URL

URL: http://bigcharts.marketwatch.com/
Title: BigCharts

Search URL Search Domain Scan URL

URL: https://www.dowjones.com/professional/newswires/
Title: Dow Jones Newswires

Search URL Search Domain Scan URL

URL: https://www.dowjones.com/professional/factiva/
Title: Factiva

Search URL Search Domain Scan URL

URL: https://mansionglobal.com/
Title: Mansion Global

Search URL Search Domain Scan URL

URL: https://www.dowjones.com/professional/risk/
Title: Risk & Compliance

Search URL Search Domain Scan URL

URL: https://wsjpro.com/?mod=djm_wsjfooter_5-4-2022&LS=Website&utm_source=Website&utm_campaign=wsjfooter
Title: WSJ Pro

Search URL Search Domain Scan URL

URL: https://www.wsjwine.com/
Title: WSJ Wine

Search URL Search Domain Scan URL

URL: https://www.dowjones.com/privacy-notice/?mod=WSJ
Title: Privacy Notice

Search URL Search Domain Scan URL

URL: https://www.dowjones.com/cookie-notice/?mod=WSJ
Title: Cookie Notice

Search URL Search Domain Scan URL

URL: https://dowjones.com/cookie-notice?mod=WSJ#cookies-advertising
Title: Your Ad Choices

Search URL Search Domain Scan URL

URL: https://www.dowjones.com/accessibility-statement/?mod=WSJ
Title: Accessibility

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://sl.cloudplatformonline.com/t/101147/c/ad02a705-56d3-4fa2-bd2b-dbd38a5ca669/NB2HI4DTHIXS653XO4XHO43KFZRW63JPMFZHI2LDNRSXGL3JNZZWSZDFFVQS24TBNZZW63LXMFZGKLLINF2C2YLUFVXG64TENFRS2Y3IN5UWGZJNNBXXIZLMOMWTCMJWGQYTSOBTGQYDM===/www-wsj-com-articles-inside-a-ransomware-hit-at-nordic-choice-hotels-116419 HTTP 302
https://app.salesloft.com/t/101147/c/ad02a705-56d3-4fa2-bd2b-dbd38a5ca669/NB2HI4DTHIXS653XO4XHO43KFZRW63JPMFZHI2LDNRSXGL3JNZZWSZDFFVQS24TBNZZW63LXMFZGKLLINF2C2YLUFVXG64TENFRS2Y3IN5UWGZJNNBXXIZLMOMWTCMJWGQYTSOBTGQYDM===/www-wsj-com-articles-inside-a-ransomware-hit-at-nordic-choice-hotels-116419 HTTP 302
https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 91

https://news.google.com/swg/_/ui/v1/serviceiframe?_=465370&publicationId=wsj.com HTTP 301
https://news.google.com/swg/ui/v1/serviceiframe?_=465370&publicationId=wsj.com

Request Chain 138

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=CB68E4BA55144CAA0A4C98A5%40AdobeOrg&d_nsid=0&ts=1675332017053 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=CB68E4BA55144CAA0A4C98A5%40AdobeOrg&d_nsid=0&ts=1675332017053

Request Chain 161

https://cm.everesttech.net/cm/dd?d_uuid=45249182604141731521327860668428469654 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y9uJsQAAAI0MswOJ

184 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406 Show response
www.wsj.com/articles/
Redirect Chain

https://sl.cloudplatformonline.com/t/101147/c/ad02a705-56d3-4fa2-bd2b-dbd38a5ca669/NB2HI4DTHIXS653XO4XHO43KFZRW63JPMFZHI2LDNRSXGL3JNZZWSZDFFVQS24TBNZZW63LXMFZGKLLINF2C2YLUFVXG64TENFRS2Y3IN5UWGZJNNB...
https://app.salesloft.com/t/101147/c/ad02a705-56d3-4fa2-bd2b-dbd38a5ca669/NB2HI4DTHIXS653XO4XHO43KFZRW63JPMFZHI2LDNRSXGL3JNZZWSZDFFVQS24TBNZZW63LXMFZGKLLINF2C2YLUFVXG64TENFRS2Y3IN5UWGZJNNBXXIZLMOMW...
https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

847 KB
176 KB

558ms
373ms

Document
text/html

2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

03fc9d8b1f7a378ac294ed96d860ab1573a1a1ff112b55592842fed86e7010a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 10:00:14 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-id: BuVxxTgqX_TDyjec0NwF2dOdqQgetTRcPgkob6NYZ95rG4tZAO6f2g==
x-amz-cf-pop: VIE50-C2
x-article-template: full
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-info-template: wsj_resp_article_16u
x-powered-by: Express
x-proxy-cache: MISS
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block

Redirect headers

Cache-Control: no-cache
Connection: keep-alive
Content-Length: 154
Content-Type: text/html; charset=utf-8
Date: Thu, 02 Feb 2023 10:00:14 GMT
Location: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: cd552f80a3a380d04d56da335be97f34
X-Runtime: 0.046919
X-XSS-Protection: 1; mode=block

GET
H2 200 ace.min.js Show response
www.wsj.com/asset/ace/ 80 KB
18 KB 163ms
158ms Script
application/javascript 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/asset/ace/ace.min.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 564ce4916aaf2dbd2cca7bd64e173d2696d270dde860ef0c9f8cc27813800fb3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:54 GMT
x-amz-version-id: 2.CFugfgloSBfz0yxCK_zGcBfNNAb3qw
content-encoding: br
last-modified: Wed, 01 Feb 2023 17:53:45 GMT
server: AmazonS3
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
etag: W/"5dc0b1fd0ef60308008f2160c6d52d4c"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
age: 57562
x-amz-replication-status: COMPLETED
x-amz-cf-id: 27GQGNq0bIvST1gtaWGDh6MN4l7c2Y7LvmQ442I6K1d-0r9WmQIU9A==

GET
H/1.1 200
OK dowjones-d8s23j Show response
segment-data.zqtk.net/ 29 B
336 B 194ms
61ms Script
application/javascript 63.33.156.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://segment-data.zqtk.net/dowjones-d8s23j?url=https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.156.146 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-156-146.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 23f681e5ca4fc39b86bee60aecb0919bd4127c5b13e2bf8a5eed17191c66a95c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 10:00:15 GMT
Last-Modified: Wed, 01 Feb 2023 21:56:26 GMT
Server: nginx
Content-Type: application/javascript; charset=UTF-8
X-Result-Id: FzuC5m5qReT
Cache-Control: max-age=30
Connection: keep-alive
Content-Length: 29
Expires: Thu, 02 Feb 2023 10:00:45 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 358ms
157ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265f4ffccda6159d041b826083c50aea10eb57f5a2762bc8022f96d35dfdb153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27556
x-xss-protection: 0
server: sffe
etag: "1470 / 21 of 1000 / last-modified: 1675292875"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 02 Feb 2023 10:00:15 GMT

GET
H/1.1 200
OK pb.js Show response
us.tags.newscgp.com/prod/prebid/wsj/ 592 KB
157 KB 373ms
172ms Script
application/javascript 13.32.110.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://us.tags.newscgp.com/prod/prebid/wsj/pb.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-36.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 21e8f5ea8ac99024c3700a48a4a6b28ea29b8951d319c3df760c997c3ea54965

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 09:37:27 GMT
Content-Encoding: gzip
Via: 1.1 c8710a117c1dfdaea4e9dfc4d41970d2.cloudfront.net (CloudFront)
Last-Modified: Thu, 26 Jan 2023 01:40:40 GMT
Server: AmazonS3
X-Amz-Cf-Pop: VIE50-C2
Age: 1375
ETag: W/"fac5b7b492d08b6a90b84d01a3f6ab45"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
X-Cache: Hit from cloudfront
Cache-Control: max-age=3600
Connection: keep-alive
X-Amz-Cf-Id: xlH7AID7pUMQCBdsQJK5SsF5bxrQROuB1GgehQTCiv62KkCYfOL_Yw==

GET
H2 200 moatheader.js Show response
z.moatads.com/dowjonesheader64568365681/ 296 KB
103 KB 188ms
54ms Script
application/x-javascript 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/dowjonesheader64568365681/moatheader.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: d9f489ed019d27d3d089bd3b9f4f1acabb16dac8655088257110ee344ad27c12

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:15 GMT
content-encoding: gzip
last-modified: Wed, 01 Feb 2023 22:19:06 GMT
server: AmazonS3
x-amz-request-id: TAJZ6F1X00TSWVSM
etag: "2facd2eb5374297354f632d21658b315"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=22682
accept-ranges: bytes
content-length: 105053
x-amz-id-2: oPV4zmBUy9EEUIIfPMQXdjrmQDmViHXg+RsM6DvdK2CnMvM+f1MoRi9Pe+DRhym3pGwVfFo24Zw=

GET
H2 200 uac.min.1.0.50.js Show response
www.wsj.com/asset/ace/ 41 KB
11 KB 178ms
173ms Script
application/javascript 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/asset/ace/uac.min.1.0.50.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a692ca1c7938f75d637cd0d38dbef6cf015e67efac48585823a4dbcf4487b4e8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:54 GMT
x-amz-version-id: u4wEpDNpxpkAs2KyvJpwe4MI4_j.axb0
content-encoding: br
last-modified: Mon, 23 Jan 2023 20:01:04 GMT
server: AmazonS3
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
etag: W/"62706ddae8000415223fc0d024ef972c"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
age: 57562
x-amz-replication-status: COMPLETED
x-amz-cf-id: Z_zm_M-aS-C5Vyd4z5muJ_OE22KT1_lt8R4SXrqYAefA-P5X8fGldw==

GET
H2 200 djcmp.min.1.0.39.js Show response
www.wsj.com/asset/ace/ 44 KB
14 KB 181ms
176ms Script
application/javascript 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/asset/ace/djcmp.min.1.0.39.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 272ef6004bffdd8a6a55dc4e0f1bc3f57def96e5063de6538c9788a2d3fc9c75

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:54 GMT
x-amz-version-id: RRuSF.MP4C0Y33QMzEiFyZt1Fg_SNrtm
content-encoding: br
last-modified: Mon, 30 Jan 2023 20:25:13 GMT
server: AmazonS3
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
etag: W/"3b0f5eadf74732038903102ac218329f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
age: 57562
x-amz-replication-status: COMPLETED
x-amz-cf-id: OItqUcZK26jXxctne7QkrNKn3K033MtFbs3nWiQ1qGtWDU0XaO8hvw==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 193 KB
47 KB 197ms
62ms Script
application/javascript 13.32.28.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.28.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-28-197.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cc063466fc42fe1b789888a932cc7f3a8bdde1c2d70a8a04b4d9896975620da7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 09:28:43 GMT
content-encoding: gzip
via: 1.1 91353a8aba9ab05d79e9678e004043bc.cloudfront.net (CloudFront), 1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 21:25:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-C2
age: 1893
x-amz-server-side-encryption: AES256
etag: W/"a32dad266af898d87dd85cf65ca93536"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: jD9lQ-AoLtvXs9oCpP5UaEkor5dT0Tvqb2yZhTrLtvS48LLoHOmiEA==

GET
H2 200 Retina-Book.woff2
www.wsj.com/fonts/woffs/retina/ 46 KB
47 KB 180ms
175ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/retina/Retina-Book.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f991604789d1e2850a2fa69278386e36cce9e05a2b90c1c71abcd29c931c2373

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:57 GMT
x-amz-version-id: g3W_IpQE6sKSx_EddGfXodehav_T96.J
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57559
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 47100
last-modified: Fri, 08 Jul 2022 15:09:11 GMT
server: AmazonS3
etag: "7033b8f58054f0180c90a32395faf73c"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: eNKgCPlG1uZh2AM74rqLtXemu3oWoEUfhVecsw1vBRdVqNhLdZr2bA==

GET
H2 200 Retina-Light.woff2
www.wsj.com/fonts/woffs/retina/ 46 KB
47 KB 185ms
180ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/retina/Retina-Light.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 51547de25ed0756832e259e8eac96c8b4b999c54b85f5a4cc40b2ab7e0f33043

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:57 GMT
x-amz-version-id: lE2vt.P.Rg04lOgFKwehEAhEEOGcOIA9
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57559
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 47072
last-modified: Fri, 08 Jul 2022 15:09:12 GMT
server: AmazonS3
etag: "1e6c88800c670f9ee8bf0e2edb9b873f"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: e06UOHov4EYHW5VrKt9I2mQzWj3MhIF2eihxF_Pslz-2c4FKHzsXaA==

GET
H2 200 Retina-Medium.woff2
www.wsj.com/fonts/woffs/retina/ 46 KB
47 KB 176ms
171ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/retina/Retina-Medium.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27fd73dee5596813bbd6282a821926ae6cd1281f9736d98943a1deb6955608ee

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:57 GMT
x-amz-version-id: BVEudz4BbP4W9lM8wyzVegBUvAL0FxqM
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57559
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 47552
last-modified: Fri, 08 Jul 2022 15:09:12 GMT
server: AmazonS3
etag: "87ae136546f1829642c68aa7d5bca0d4"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: J3NL7NfS_pdGmbwp9pBsVwW2Ff4GCvLIT3i7jeEDBgqo-_14IcVT9g==

GET
H2 200 RetinaNarr-Light.woff2
www.wsj.com/fonts/woffs/retina/ 46 KB
46 KB 181ms
177ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/retina/RetinaNarr-Light.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2ad4a9b9e1d7bda32834af951eadbe33f30183272a09c596febf458d07cfa916

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:57 GMT
x-amz-version-id: hGcOgrGdD7hv0AOSijT0KIHavqbpcTxw
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57559
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 46896
last-modified: Fri, 08 Jul 2022 15:09:12 GMT
server: AmazonS3
etag: "24c68ac27c209da5c83d10b3038c17af"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: R4bthfMW5wmo-aE7WUDTi7d83OxeTWbvExiFSKmgR25p3074obcimA==

GET
H2 200 RetinaNarr-Book.woff2
www.wsj.com/fonts/woffs/retina/ 47 KB
47 KB 176ms
172ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/retina/RetinaNarr-Book.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 497f169256ff4f0af835f665a2d105f02e0f12bf078572d12dcbaf6d25328b8d

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:57 GMT
x-amz-version-id: ZXrXbWNLKgOnEv5Jkl6Kd7zMvXvfkDj9
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57559
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 47636
last-modified: Fri, 08 Jul 2022 15:09:12 GMT
server: AmazonS3
etag: "0606fb011eb4f71a05f334a661a66c71"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: gnB7k9oUUFnOC4V4v3E_xJHSjJ7lsDY8LAFa4sLImb9qQv4ZL8l8YQ==

GET
H2 200 RetinaNarr-Medium.woff2
www.wsj.com/fonts/woffs/retina/ 46 KB
47 KB 183ms
179ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/retina/RetinaNarr-Medium.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d415c84ae3caeab1ef04300f0e9358fde343c99c434645337c0bde0d143d65c

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:57 GMT
x-amz-version-id: kdgc7H7_02Y8Gt3HMUE5IeBZzE_U15Ae
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57559
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 47236
last-modified: Fri, 08 Jul 2022 15:09:12 GMT
server: AmazonS3
etag: "e08c459a519315fcc6b4a26d2b6c8a4a"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: vdpUVLXZ2_stLgdLeHPRk6_ZmB1ew-mv_mofzMo36XfqI4fYc8YtVQ==

GET
H2 200 RetinaNarr-MediumItalic.woff2
www.wsj.com/fonts/woffs/retina/ 47 KB
48 KB 185ms
182ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/retina/RetinaNarr-MediumItalic.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8c337f9794d78976b5880cd58f4d0c0970d605ed10dc881ee332fc6ddc1a26a1

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:57 GMT
x-amz-version-id: SCDpSa.fA_M_qj9rU.XfC9vr.U5CL2Mi
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57559
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 48600
last-modified: Fri, 08 Jul 2022 15:09:12 GMT
server: AmazonS3
etag: "c9d644bf4a30571ca7736aca3f99d570"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: _SbqAPg5paaSMyZ6eD2JFMOZ981Xa1LeB6jWEtNhVjVkScVSh4LHMA==

GET
H2 200 RetinaNarr-Bold.woff2
www.wsj.com/fonts/woffs/retina/ 48 KB
48 KB 383ms
380ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/retina/RetinaNarr-Bold.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b79b2cf11707054066850ee05de2f625d9914558836d3065c20e7f9776440ff6

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:57 GMT
x-amz-version-id: uNeKIgO0a5_gWPe6jReNXy8qE18C2O2s
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57559
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 48832
last-modified: Fri, 08 Jul 2022 15:09:12 GMT
server: AmazonS3
etag: "1e2cba1400e0fea01e7634dc03f91399"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: aRcWrNLBzSabnmD_sco5ZBG3PqOijJvVYzshbR_kxqeJZW_lrAeBPw==

GET
H2 200 RetinaWideLight.woff2
www.wsj.com/fonts/woffs/retina/ 28 KB
29 KB 383ms
380ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/retina/RetinaWideLight.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5a58836a49ebe0506fa0b0e06dc47085eeff922c34aa9be92c2312ed64c14b99

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:01:01 GMT
x-amz-version-id: v2DAnyweSyMQREWP2HocOVxQY3OgLxjx
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57555
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 28616
last-modified: Fri, 08 Jul 2022 15:09:12 GMT
server: AmazonS3
etag: "21174c7f2ca8a724ecc9cf3b6f8a5ea7"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: 13z6kBRiMCLlo5vraj9X0cSK7GvFaWeSXqroHm0NtvV5nJEJSsgbmQ==

GET
H2 200 Escrow+Display+Condensed+Bold.woff2
www.wsj.com/fonts/woffs/escrow/ 26 KB
27 KB 383ms
380ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/escrow/Escrow+Display+Condensed+Bold.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 38a583de4c9a85114ea0d3811417028bd25ca29b2eed3f84372822c527d01ca6

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:58 GMT
x-amz-version-id: fdey1THC4w1uqzE3Boh8sfWOxcz8W5DE
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57558
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 26844
last-modified: Fri, 08 Jul 2022 15:09:11 GMT
server: AmazonS3
etag: "7c442e963b2fb63c4cb6fcad8abde902"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: mTqeMCrZSXDo_5n2yS5yvLWZZGc2hS6QI8p_57SnPPNS1d3I7A_ypQ==

GET
H2 200 Escrow+Display+Condensed+Roman.woff2
www.wsj.com/fonts/woffs/escrow/ 25 KB
26 KB 386ms
383ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/escrow/Escrow+Display+Condensed+Roman.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 30f50c27fb65c2f79bda64a7f209fd8af7abace857ade7dc29e9539587ace1a2

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:58 GMT
x-amz-version-id: 99fbtvn2kvouKq0udPt20UIn9uuZctdu
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57558
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 25736
last-modified: Fri, 08 Jul 2022 15:09:11 GMT
server: AmazonS3
etag: "10ea31224c1480796a64d3dc474588d8"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: DAmANmUn5sIFeyCPKvrnlY157jScH-EdzuMpxMDYnc4tczy90g4h-g==

GET
H2 200 Escrow+Display+Condensed+Italic.woff2
www.wsj.com/fonts/woffs/escrow/ 25 KB
26 KB 381ms
378ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/escrow/Escrow+Display+Condensed+Italic.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0bfda38967e02f468abcb39f9ee8c1a0eab48b2a2be819e76fd313c71e1cc94c

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:58 GMT
x-amz-version-id: KSD_kRAeZ6RU2rB7dBWgY3dik2Btb6lF
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57558
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 25824
last-modified: Fri, 08 Jul 2022 15:09:11 GMT
server: AmazonS3
etag: "f8b4dab12479d584ff82a1bdeeee1d1b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: 8jDSOU_cebMdrQVMd5nI_ifrkZz9PAhUTGwJhnKJT16647nkLBCLOg==

GET
H2 200 Exchange-Book.woff2
www.wsj.com/fonts/woffs/exchange/ 62 KB
63 KB 385ms
383ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/exchange/Exchange-Book.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3a760ad2462e5115efb1336e598dd00a47072606dedbdb0bb0f75747529228f7

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:57 GMT
x-amz-version-id: 4IXYpQ_GAstDa8XhIBnzDcKcp9.ta2.a
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57558
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 63957
last-modified: Fri, 08 Jul 2022 15:09:11 GMT
server: AmazonS3
etag: "0c40a7ae21908c50dab61ba01d106deb"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: XJUTVM1RiYvcsXVa241IihIYvX2sPbuZiYGUI9WflYJqIUgld4HAYQ==

GET
H2 200 Exchange-BookItalic.woff2
www.wsj.com/fonts/woffs/exchange/ 65 KB
66 KB 386ms
384ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/exchange/Exchange-BookItalic.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ec5aef56172acb4f9cc7a533d8846bd6f4c12a8bb635321299d375c3a986095d

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:57 GMT
x-amz-version-id: k3TI_Ay3bpa_YAstkhwOmz4wFkX07Zt0
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57558
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 66893
last-modified: Fri, 08 Jul 2022 15:09:12 GMT
server: AmazonS3
etag: "f5141e1492b8d073c44e43cc202d6ffe"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: AZ_akOwHG1PQLqwZHaSYn5n13GXRNEwBfLZmCi5StBDwW4lg_V9ufA==

GET
H2 200 Exchange-Medium.woff2
www.wsj.com/fonts/woffs/exchange/ 64 KB
65 KB 417ms
415ms Font
font/woff2 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/fonts/woffs/exchange/Exchange-Medium.woff2
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5b3dafb879aa963cc146639ed50803bb8496968027f35dba28d1e39d0b5ed17d

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:57 GMT
x-amz-version-id: 4ilGstd2rYrDABPtfReh6KM.vNu6WsFW
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57558
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 65365
last-modified: Fri, 08 Jul 2022 15:09:11 GMT
server: AmazonS3
etag: "a2f3390fa1439393209fdbf0864bfbfb"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: fWgEcEx36aocwS8TW5wp9u751oC7pqAyiIijbKpBRASmvqzAKBlh4A==

GET
H2 200 client Show response
accounts.google.com/gsi/ 192 KB
76 KB 387ms
124ms Script
application/javascript 2a00:1450:400d:80c::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200d , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

530752728a396ddcdd46e2a062834d6fdd475ad5199b9beab914088203fb1fac

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-NfCXv3qy9RskjZeEK2tDew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:15 GMT
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-NfCXv3qy9RskjZeEK2tDew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Thu, 02 Feb 2023 10:00:15 GMT

GET
H2 200 swg.js Show response
news.google.com/swg/js/v1/ 160 KB
49 KB 287ms
54ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg.js

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566adb623a1723b23ca4f800a75a4af52d6daeb3750afba98498f832180319c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 09:55:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 265
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49880
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 18:18:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Thu, 02 Feb 2023 10:45:50 GMT

GET
H2 200 swg-gaa.js Show response
news.google.com/swg/js/v1/ 62 KB
18 KB 388ms
156ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-gaa.js

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a47082ca3f007526784fb484648f2da29b01fb1da23dc331df7dfa54e43e591d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 09:17:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2567
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18231
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 18:18:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Thu, 02 Feb 2023 10:07:28 GMT

GET
H2 200 cxense-candy.js Show response
sts3.wsj.net/iweb/static_html_files/ 55 KB
17 KB 267ms
49ms Script
application/javascript 13.227.219.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sts3.wsj.net/iweb/static_html_files/cxense-candy.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-105.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 16d567f01f02daf8501abad813698b8c947be6741cab03902742bb518ff6d031

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 16:15:46 GMT
x-amz-version-id: Vx9jXtUc4I7GLqunzX2LyA1taRYBSS_o
content-encoding: br
last-modified: Tue, 31 Jan 2023 16:14:34 GMT
server: AmazonS3
via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
etag: W/"aeb0e100eddb34003fb45e316ce20467"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
age: 150270
x-amz-replication-status: REPLICA
x-amz-cf-id: snZTcYgAXll1Q2aZfow9N0wNhMrxCWXBOD69_OoAqXE0NnduH-KlIg==

GET
H/1.1 200
OK evi.js Show response
s3.amazonaws.com/ki.js/46075/ 297 B
657 B 504ms
138ms Script
application/ecmascript 52.216.205.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/ki.js/46075/evi.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.205.125 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6ddc691783c58242f2e240f5b49641ee197af74ce3e1686ee7b578566d7a83ce

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 10:00:16 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Sep 2022 05:17:37 GMT
Server: AmazonS3
x-amz-request-id: BXAMAJ4QBXHQNM0Y
ETag: "58073b117b3b8bb906898996da733f42"
Content-Type: application/ecmascript
Cache-Control: s-maxage=3600, max-age=0
Accept-Ranges: bytes
Content-Length: 223
x-amz-id-2: JFW6RzlFLGt9wUU+GawbGCXtp/Ke7tVxSP29vtrsiZZDcxHT6kAgNvZ32uspGQ6hGHcCOMZhApA=

GET
H2 200 wsj-logo-big-black.165e51ccda3d.svg
asset.barrons.com/article/public/img/ 7 KB
3 KB 344ms
113ms Image
image/svg+xml 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://asset.barrons.com/article/public/img/wsj-logo-big-black.165e51ccda3d.svg
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cd6e1b047c6ff55df32853dc017dfc0d353027c8b5f564f8b06584bff654642a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 02:36:20 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Tue, 16 Mar 2021 02:37:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4865036
etag: W/"165e51ccda3da1ace8ad7d40e81a7485"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-id: HpG1Dp4g5xi8pnryRsKoEJnsEdJDpv0A4FNeCQZny_nifLkkQDOqvw==

GET
H2 200 im-465145
images.wsj.net/ 111 KB
112 KB 327ms
129ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-465145?width=860&size=1.5

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

c42ad3174f68eef87d27c513c1084a5c0b8ca1d09aab07e6e7d2897f35f47727

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:21:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 81547
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-465145,nrtools.im.prod.im-465145_860x573
x-cache: Hit from cloudfront
phis: imu-20220110205333546
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: V-wJIJQJfKUwqUZ9eU-zWxwle9u1aURTbVfHT_0Ola8aGCZ8dXAm_Q==

GET
H2 200 im-465147
images.wsj.net/ 10 KB
11 KB 233ms
73ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-465147?width=300&size=1.5

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

cbe4e3a615ab6fd297c51d0f136bd4c729bf8bc38a282f469916eb055040a9c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:21:08 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 81547
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-465147,nrtools.im.prod.im-465147_300x200
x-cache: Hit from cloudfront
phis: imu-20220110205629373
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: 5gFPMEGaU_WL9EvLQo8KmlxB2yvSDwCOJ4EZBxbnr_995dKhBny5Cg==

GET
H2 200 im-465135
images.wsj.net/ 12 KB
13 KB 269ms
110ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-465135?width=300&size=1.5

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

1de6ab9f52cc04aa989d383f0b081316586f13443cd9e906151b91d27bc34071

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 11:57:17 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 252178
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-465135,nrtools.im.prod.im-465135_300x200
x-cache: Hit from cloudfront
phis: imu-20220110204533802
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: BMUglOZhQauKiloscLHiYqIAix_nx9D1Kw22SYk3PewVXN-ZH8jCGg==

GET
H2 200 im-465617
images.wsj.net/ 14 KB
15 KB 277ms
119ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-465617?width=300&size=1.5

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

ce6e5bcf942138e7eed1a8476f4460f5532db0272ac5fb318f0a2222b9058461

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 11:57:17 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 252178
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-465617,nrtools.im.prod.im-465617_300x200
x-cache: Hit from cloudfront
phis: imu-20220111162300968
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: duy5LsJrwbPkdI35Jtew0xbtrsyCN8qf-00O_JOBFk0d8Ot2x2A9qg==

GET
H2 200 ats.js Show response
ats-wrapper.privacymanager.io/ats-modules/a2d2f543-7d16-413e-b7c0-7fc163090b73/ 125 KB
44 KB 212ms
62ms Script
application/javascript 13.32.27.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ats-wrapper.privacymanager.io/ats-modules/a2d2f543-7d16-413e-b7c0-7fc163090b73/ats.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-119.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 850e6e33ad9aaf7cb11581029fedf08a1d855814d569f2afcea6a9764e8e0c83

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: HQ9304j9RdAzXRfbWPuOe9ISqZCfy4jq
content-encoding: gzip
via: 1.1 fd3cce3e0bafd8b312277d0ad9f4762e.cloudfront.net (CloudFront)
date: Thu, 02 Feb 2023 09:51:52 GMT
last-modified: Mon, 11 Jul 2022 19:47:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
age: 503
x-amz-server-side-encryption: AES256
etag: W/"fa727e3dff728be847831c8875acf48a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: must-revalidate,public,max-age=3600
x-amz-cf-id: mTTiAD-V-YiOnHXs4O8MXdl0R6LPgsDWuRcRKChGYAQJbbyRc7yYJA==

GET
H2 200 wrapperMessagingWithoutDetection.js
cdn.privacy-mgmt.com/unified/ 0
35 KB 254ms
112ms Other
text/javascript 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.privacy-mgmt.com/unified/wrapperMessagingWithoutDetection.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-102.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 09:11:06 GMT
content-encoding: br
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
last-modified: Thu, 12 Jan 2023 16:13:08 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 2950
etag: W/"edc84ad8e167e279d31e9dfbf70f2080"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=3600
x-amz-cf-id: _Atou3mWNE3unPTp56Mi1Cg8prYB_R7OvzWSJEIzkaKYyjpO1G4UWQ==

GET
H2 200 wrapperMessagingWithoutDetection.js Show response
cdn.privacy-mgmt.com/unified/ 120 KB
35 KB 205ms
62ms Script
text/javascript 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.privacy-mgmt.com/unified/wrapperMessagingWithoutDetection.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-102.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d2dee4d08a598d7777c8c5f70bab11cda670f35407a912749bfd62fdd4e76ef9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 09:11:06 GMT
content-encoding: br
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
last-modified: Thu, 12 Jan 2023 16:13:08 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 2950
etag: W/"edc84ad8e167e279d31e9dfbf70f2080"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=3600
x-amz-cf-id: QomfD163GKgVHjaristwbv-JPMCz5MkrOT6tmooMeF7Gh2VaRizFQQ==

GET
H2 200 im-715562
images.wsj.net/ 3 KB
3 KB 57ms
55ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-715562?width=111&height=62

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

1777af98bf43da9daa115ade572c973984469995f334fd3fbc253fcb1f210d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 02:44:18 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 26157
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-715562,nrtools.im.prod.im-715562_111x62
x-cache: Hit from cloudfront
phis: 86760225
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: cf0AYYjPNnsU1nAXeb7C4XXgD-E4j3o8QyeNStFTAIZjkC6CEEqFRg==

GET
H2 200 im-713870
images.wsj.net/ 3 KB
3 KB 58ms
57ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-713870?width=111&height=62

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

b797f6ef1a3ebacf2c60e874b6f86104dfe0ba4c93770cded22bad2cdf42a8f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 15:54:41 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 65134
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-713870,nrtools.im.prod.im-713870_111x62
x-cache: Hit from cloudfront
phis: imu-20230131164339419
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: lKGhHkRMKNalE-_X4jrtRM8QwUM4ygawSEZRRWyOfKZNNhY4OhmyvQ==

GET
H2 200 im-714367
images.wsj.net/ 6 KB
6 KB 62ms
61ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-714367?width=111&height=62

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Image Pipeline

Resource Hash

27c22d1e6eaac08bea280246cac9eda13c4fbeab8792c7f7d8438a11d6e1fba0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:24:32 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
imagepipeline: 20230131-222941-b961b4f2-b71c-4e7b-919b-a46290cf97df-wsj
x-amz-cf-pop: FRA53-C1
age: 48943
x-powered-by: Image Pipeline
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-714367,nrtools.im.prod.im-714367_111x62
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: v0vS-fcomj4NiXV2aBu7d7rBuxqgf9us-2G5bWKdTftE_WMy92F33Q==

GET
H2 200 im-714682
images.wsj.net/ 3 KB
3 KB 64ms
63ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-714682?width=111&height=62

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

cf6eecdb9b03afa0696f0f651715608b0ca1f8581399e0d7c52ad93e80b2f553

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 16:56:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 61443
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-714682,nrtools.im.prod.im-714682_111x62
x-cache: Hit from cloudfront
phis: 86364897
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: hIE29WUaZwtGTNRMIDWDf-b398Uwh7L8Efo1dLVKVS8FwT9MaLSzmA==

GET
H2 200 im-714420
images.wsj.net/ 1 KB
2 KB 193ms
192ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-714420?width=111&height=62

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

1d252df4fe40425d3e2389831f73d1b6e19ccbba652ca7b9a0b0ec7c8e230e03

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 05:39:41 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 15634
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-714420,nrtools.im.prod.im-714420_111x62
x-cache: Hit from cloudfront
phis: 86740000
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: hq-dD00U_tY6catyxNdkFcxWnf0wrhtRswE2cd9xE-pX8NS8sGSzCQ==

GET
H2 200 im-714421
images.wsj.net/ 2 KB
3 KB 194ms
193ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-714421?width=111&height=62

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

ed71bae44def20c7d8dfaf58dd78bf49859837fac0d8e8cd88132878b61fe71f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 23:53:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 122797
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-714421,nrtools.im.prod.im-714421_111x62
x-cache: Hit from cloudfront
phis: 86225058
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: LQyMyySSQx-jWtGHCymHdC_3pv6XII4XwM8dQUqs8vxNJvl1CJB8Mw==

GET
H2 200 im-714422
images.wsj.net/ 3 KB
4 KB 195ms
194ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-714422?width=111&height=62

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

6b23a75ff4727af6d80f78e4e56bb9159ab4fbcb1e9fe5ac19532ce94465ab8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 23:53:39 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 122796
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-714422,nrtools.im.prod.im-714422_111x62
x-cache: Hit from cloudfront
phis: 84519238
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: 8X3Gg2bx6_Xm0mrBwvn0HHaYFdQelhrMA3DndTVnQn3lGy-LFFzrEA==

GET
H2 200 im-713962
images.wsj.net/ 2 KB
3 KB 196ms
194ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-713962?width=111&height=62

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

ec6aa88ff7746526a4616a8099c1473b39c9f4078442e80dec81ab2a5827ef18

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 14:25:52 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 70463
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-713962,nrtools.im.prod.im-713962_111x62
x-cache: Hit from cloudfront
phis: 86742958
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: 6sRECk044Iy8Ts0O-KPLGydU2RQy0x3zgoatLlCxHgNMDtd4wC5mSA==

GET
H2 200 im-713928
images.wsj.net/ 3 KB
3 KB 198ms
197ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-713928?width=111&height=62

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

38585bfc7440ca36abe08a94e6cc4d089b005f9b97e35049c6e10c06d330e04c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 15:40:39 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 65976
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-713928,nrtools.im.prod.im-713928_111x62
x-cache: Hit from cloudfront
phis: 81549245
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: 27etvT4f0KZRjI6bNF-D6wwHAvEn1h6iQv4CyS-l3__bMEbODOSnzA==

GET
H2 200 im-714431
images.wsj.net/ 3 KB
3 KB 197ms
196ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-714431?width=111&height=62

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

f07d202cd0aa53e34934caa94ab1b1c9efde735e93303c0cd9722f781252dde7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 23:53:39 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 122796
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-714431,nrtools.im.prod.im-714431_111x62
x-cache: Hit from cloudfront
phis: 85363772
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: x6CnU36h7MKTB4RGpZpzaL-PVSWX_oZGM-BaFXF0CFrOJaSCYGgg1Q==

GET
H2 200 im-715237
images.wsj.net/ 7 KB
7 KB 201ms
200ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-715237?width=167&height=94

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

a6c268cfcdcdf9c6442bdecb28ba3dc26080d19d3df293d8a47e80311900bed7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:27:19 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 48776
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-715237,nrtools.im.prod.im-715237_167x94
x-cache: Hit from cloudfront
phis: imu-20230201202550431
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: k64WqKP_bYL3TFDRb50qGFMAEW79ycjbnOaNDD39GtQUiKmT5T8nwQ==

GET
H2 200 im-714193
images.wsj.net/ 5 KB
5 KB 204ms
202ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-714193?width=167&height=94

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

ca35dc64a5d6c6e8f63c8bb89d75b883b3006426a0d9c968db7249500faa1d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:38:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 84125
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-714193,nrtools.im.prod.im-714193_167x94
x-cache: Hit from cloudfront
phis: imu-20230131205635851
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: fcApmdhVW9SWgP6opuh58qG98z2gzj3fQT0Y0Cy2fPRoTB2ztIOTig==

GET
H2 200 im-710659
images.wsj.net/ 37 KB
37 KB 209ms
208ms Image
image/png 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-710659?width=167&height=94

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Image Pipeline

Resource Hash

72f50874e4c6eed0603d24fbdc9c187b4ccb9554677422d4ce1563c7f594bd4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 13:46:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
imagepipeline: 20230126-113051-55c5334b-a55c-47be-ad41-e43daefedb17-wsj
x-amz-cf-pop: FRA53-C1
age: 591245
x-powered-by: Image Pipeline
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-710659,nrtools.im.prod.im-710659_167x94
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: MOyjEi-iL5zNOleI-3PCC30JBIyoLbmQ6bMP6t6Ydy-eb4jjkwnOGg==

GET
H2 200 im-714616
images.wsj.net/ 5 KB
6 KB 218ms
217ms Image
image/jpeg 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-714616?width=167&height=94

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ PHIS

Resource Hash

879e5d31dc230d18b8e997f825c613eb751d85f88ff8695c20a6a131a2e7f9ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:52:32 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 79663
x-powered-by: PHIS
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-714616,nrtools.im.prod.im-714616_167x94
x-cache: Hit from cloudfront
phis: imu-20230201111235522
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: XdPNiKCfaWyqVPo4dMx83Q7E81UVMUFmCKz5vaib1Vlmi4Q05Wt0GQ==

GET
H2 200 im-712489
images.wsj.net/ 37 KB
38 KB 223ms
222ms Image
image/png 2600:9000:214f:bc00:e:b675:f600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.wsj.net/im-712489?width=167&height=94

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:bc00:e:b675:f600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Image Pipeline

Resource Hash

2d960a7a2823586149d04372efbe64482e8193181c268e509a4b834614facb47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 02:30:43 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
imagepipeline: 20230128-010547-f118c055-aa40-488b-abd0-a4dddb79613d-wsj
x-amz-cf-pop: FRA53-C1
age: 458972
x-powered-by: Image Pipeline
x-dns-prefetch-control: off
edge-cache-tag: nrtools.im.prod.im-712489,nrtools.im.prod.im-712489_167x94
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=6048800
x-amz-cf-id: denBktR46fNx6AIwMoEGo6CTf506F5vgMDI6BWDGYx-jUJroSbXCcg==

GET
H/1.1 200
OK video.min.js Show response
video-api.wsj.com/api-video/player/v3/js/ 689 KB
177 KB 189ms
56ms Script
application/javascript 13.227.219.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://video-api.wsj.com/api-video/player/v3/js/video.min.js

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.28 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-28.ams54.r.cloudfront.net

Software

CloudFront /

Resource Hash

42a22b8d21a7b062a188dde6f75356ed051db1712961c5722adced8fbf1e9baf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: Prvv_zpCca.C.24gFo9y5Uv57BHvGXQv
Content-Encoding: br
X-Content-Type-Options: nosniff
Date: Thu, 02 Feb 2023 09:10:10 GMT
Via: 1.1 df4167ab0949b4d2c15466bdfdc05f94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
Age: 3006
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 01 Dec 2022 16:38:03 GMT
Server: CloudFront
ETag: W/"8c2d2eb7aa97b1d5b81fe69baa2d5729"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3600
X-Amz-Cf-Id: uf3VCY1EnwA7UxkZGSWmC0SU-mDjX7ljW4J0zmyBRdRviyqKhAsO_Q==

GET
H/1.1 200
OK video.min.css
video-api.wsj.com/api-video/player/v3/css/ 39 KB
9 KB 184ms
51ms Stylesheet
text/css 13.227.219.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://video-api.wsj.com/api-video/player/v3/css/video.min.css

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.28 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-28.ams54.r.cloudfront.net

Software

CloudFront /

Resource Hash

b75024c35f8e6624deea361ca7092af8e4f71674eab7d3d410d10faad5cd82c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: UL_YkiiyJEK6KWyjn2IXemEX7cc_XBjE
Content-Encoding: br
X-Content-Type-Options: nosniff
Date: Thu, 02 Feb 2023 09:05:42 GMT
Via: 1.1 2e0227ef3f0af98f7b4e1f8452f59f84.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
Age: 3283
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 01 Dec 2022 16:37:57 GMT
Server: CloudFront
ETag: W/"b583427ba467fe16cacd4c930621e732"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=3600
X-Amz-Cf-Id: fXnjhycby8tqIi29wE6ESruueD6Lnv3mwpXIkNIWAyS2kOY9MTa5CA==

GET
H2 200 video.08ce09b69d3c.js Show response
asset.barrons.com/article/public/ 102 KB
35 KB 157ms
62ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/video.08ce09b69d3c.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 976c6dfb82ff818cda688ca43c6c49bcbf285e2652a45f94315154a16036baaa

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 08:44:12 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Mon, 10 Oct 2022 13:14:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 9767764
etag: W/"4334febac7f46e56b1f11d9f5de13e80"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: 0gJh4wXLlaXIDHJ37c6gKaPPjo0tJocG-DdxLcgs3KBK_zOvnzmlXA==

GET
H2 200 wsj_resp_article_16u.async.7811fea848e2.css
asset.barrons.com/article/public/ 59 KB
19 KB 63ms
62ms Stylesheet
text/css 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/wsj_resp_article_16u.async.7811fea848e2.css
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7039bb19c75f1c0f7aae5b8d62e7e867c2ed768d453ce30381646afb2e1ecc90

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:51:41 GMT
content-encoding: br
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Mon, 12 Dec 2022 15:20:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4378115
etag: W/"665da3db983d4d8e0044f6129808c04b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 2cyRmVwNfVVZ95oBWvDtf40eEaUvtShVGkJ3ujIJeG7A1WH-mC80TQ==

GET
H2 200 require.min.js Show response
cdnjs.cloudflare.com/ajax/libs/require.js/2.1.14/ 15 KB
6 KB 141ms
50ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/require.js/2.1.14/require.min.js

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f28aad5e4303e98d21626c1044e8afcba3e8dce789e9c6245084bfc83082503e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 17191300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5569
last-modified: Mon, 04 May 2020 16:15:59 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fbf-3b73"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9DUo0R4feRGciq3Okd8I6qCzNftsVqrlE5LjohYDINwUD9CT1ZwClGNC5LxAY%2FloEGLI5255FJsQp6WJ4q0BcUtcTFdAjO3nCR9E%2F0h1s5SvJOoFZFajTYf%2FAvDN6WTlE%2FwPfuPfDGyrAWwMdelFaM9Z"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79321429bf5f74ad-LHR
expires: Tue, 23 Jan 2024 10:00:15 GMT

GET
H2 200 runtime.d985bba006ed.js Show response
asset.barrons.com/article/public/ 25 KB
8 KB 205ms
111ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/runtime.d985bba006ed.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7d62bab62d534ed5fe4f0f489c0be4236f7ce40f769b29ea3c843aecbfa12e5f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 12:09:00 GMT
content-encoding: br
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 25 Jan 2023 11:53:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 683476
etag: W/"9c63ef252c8a813b4dd7c3541478c19d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: hPQ_BtpLmU1LnSVBZ--TelGAZ15LqKxkrtBeT3qQ9KlmOcrPWnL6Zw==

GET
H2 200 sso-auth.js Show response
accounts.wsj.com/assets/ 5 KB
2 KB 264ms
70ms Script
application/javascript 2600:9000:211a:1600:f:5016:900:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.wsj.com/assets/sso-auth.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:1600:f:5016:900:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache /
Resource Hash: fac95bf7dfdb7ba7246674b35ba9ba6a726d9786f0819fdbb9c7dcb43801292a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 01:00:16 GMT
content-encoding: gzip
via: 1.1 b0311c7e530c126dd286898583b59e4c.cloudfront.net (CloudFront)
last-modified: Wed, 25 Jan 2023 19:40:24 GMT
server: Apache
x-amz-cf-pop: VIE50-C2
age: 32399
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public,max-age=14400
content-length: 1913
x-amz-cf-id: Wjf7bZcxQszIEomBUqCiRJBf2EVPKNjSR8fuEZ_zOvUmCrBsccvMQg==

GET
H2 200 wsj.js Show response
www.wsj.com/asset/dj-ufc/loaders/ 541 B
995 B 146ms
145ms Script
application/javascript 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/asset/dj-ufc/loaders/wsj.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5364a9f7dc57c75ac772445ecba2171f22a2cefafd0736f0dccf280ab34276e6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: rs7In0VSqXFeSyoSO0r1_m5Rp87bx857
date: Thu, 02 Feb 2023 09:55:51 GMT
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 294
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 541
last-modified: Tue, 13 Dec 2022 17:18:10 GMT
server: AmazonS3
etag: "2d70dde09a9e4b4b44803884575d8301"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=600
accept-ranges: bytes
x-amz-cf-id: V_-zoQI1AqzKjOiRacewCuEjzyNwtqfDfw7pxMHtjBrkv__mbt7HKw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 163ms
54ms XHR
application/javascript 13.32.28.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.28.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-28-197.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 05:56:00 GMT
x-amz-version-id: 1R3b4YI9dI20q9Y7Gq1DHxVUnq3Fp2gn
content-encoding: gzip
via: 1.1 6c7a5d26be7fb35284e54d321f16b6f6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 14656
x-cache: Hit from cloudfront
last-modified: Fri, 23 Dec 2022 01:05:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: EtvSXDitHD71eSXm96LKFdRENGfh0OobbV606rTAwbgO9k5tv5rbiw==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 536 B
885 B 152ms
151ms XHR
application/json 13.32.28.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3482&u=https%3A%2F%2Fwww.wsj.com
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.28.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-28-197.fra56.r.cloudfront.net
Software: Server /
Resource Hash: dc4f66162ea8f9862c8bbb84c1a856c9bd516a368905b56f165eefbd9df50079

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:15 GMT
via: 1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.wsj.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 536
x-amz-cf-id: 5rQmIYT_XXwsZ6nBBGOJaR4jLbySuF9-sDSZWJfP-rVF4dH1bsb2Bg==

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 64 B
500 B 232ms
89ms XHR
text/javascript 99.86.3.236
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3482&u=https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406&pid=RZ9hrsDT9IDJ4&cb=0&ws=1600x1200&v=23.127.1625&t=1000&slots=%5B%7B%22sd%22%3A%22AD_L%22%2C%22s%22%3A%5B%22300x250%22%2C%22320x320%22%2C%22728x90%22%2C%22970x90%22%2C%22970x66%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F2%2Finteractive.wsj.com%2Fpro_cyber%22%7D%5D&pj=%7B%22us_privacy%22%3A%221---%22%7D&gdprl=%7B%22status%22%3A%22tcfv2-timeout%22%7D

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.3.236 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-3-236.fra6.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:15 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA6-C1
x-amz-rid: JVEBV1C3CGKSZ40PPX89
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.wsj.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 64
x-amz-cf-id: zrjdqUgE4OvOfNH2rt2dOTauSpluCLI4QbpHA5th2hc-1RIglUpHtA==

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 64 B
499 B 244ms
102ms XHR
text/javascript 99.86.3.236
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3482&u=https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406&pid=RZ9hrsDT9IDJ4&cb=1&ws=1600x1200&v=23.127.1625&t=1000&slots=%5B%7B%22sd%22%3A%22AD_G%22%2C%22s%22%3A%5B%22300x250%22%2C%22320x320%22%2C%22300x600%22%2C%22336x280%22%2C%22336x850%22%2C%22300x1050%22%5D%2C%22sn%22%3A%22%2F2%2Finteractive.wsj.com%2Fpro_cyber%22%7D%5D&pj=%7B%22us_privacy%22%3A%221---%22%7D&gdprl=%7B%22status%22%3A%22tcfv2-timeout%22%7D

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.3.236 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-3-236.fra6.r.cloudfront.net

Software

Server /

Resource Hash

8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:15 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA6-C1
x-amz-rid: TN4NREE8WR5TPPYHF9GA
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.wsj.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 64
x-amz-cf-id: H6oVkXzcEtKDvPDbri7lmmThDVdKpuxekpfe65iq1w_U_ldoB4N3KQ==

GET
H2 200 pubads_impl_2023012601.js Show response
securepubads.g.doubleclick.net/gpt/ 386 KB
131 KB 55ms
52ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012601.js

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5634160b5779452c237d49e24be812637f98f9d7f64b1f4115e3ad786cacf48c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 09:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2308
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133524
x-xss-protection: 0
last-modified: Thu, 26 Jan 2023 09:36:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 02 Feb 2024 09:21:47 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 580 B
220 B 200ms
89ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.wsj.com

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d822017f60343257c897877615706808054cfbed8f53ccad98dcd26d2639aad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 195
x-xss-protection: 0
expires: Thu, 02 Feb 2023 10:00:15 GMT

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 603 B
777 B 300ms
81ms Script
text/html 34.241.144.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CY%24%3D!!taxWi3M%3BI1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-2RlMhkIJ33QxUrdGk7NYu%2BFfHV3eib89DkRB2436S0SxzRtAIyeo1MnKlpdMQlJdIBr9&rs=1-JK8FHCPigFLOGg%3D%3D&sc=1&os=1-FQ%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406&pcode=dowjonesheader64568365681&rx=621510518423&callback=MoatNadoAllJsonpRequest_54553244
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/dowjonesheader64568365681/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.144.75 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-144-75.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/6.0 /
Resource Hash: b6a7cf012908d2594e003ba57dc5ee58245f0931f0ba36c9734b4c1abb635153

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:15 GMT
cache-control: max-age=900
server: Microsoft-IIS/6.0
timing-allow-origin: *
etag: "32fed5ffeb1502639de74aa36339a0f4124553f8"
content-length: 603
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 98 B
270 B 210ms
51ms Script
text/html 13.42.74.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CY%24%3D!!taxWi3M%3BI1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-2RlMhkIJ33QxUrdGk7NYu%2BFfHV3eib89DkRB2436S0SxzRtAIyeo1MnKlpdMQlJdIBr9&rs=1-JK8FHCPigFLOGg%3D%3D&sc=1&os=1-FQ%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=DOWJONES_HEADER1&hp=1&wf=1&pxm=3&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1675332015554&de=89618936410&rx=621510518423&m=0&ar=13a42d9f-clean&iw=75fac34&q=1&cb=0&cu=1675332015554&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&cm=1&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=dowjonesheader64568365681&fd=1&it=500&ti=0&ih=2&pe=1%3A1925%3A1925%3A0%3A0&jk=-1&jm=-1&fs=129&na=1727842964&cs=0&ord=1675332015554&jv=1099974533&callback=DOMlessLLDcallback_54553244
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/dowjonesheader64568365681/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.74.150 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-42-74-150.eu-west-2.compute.amazonaws.com
Software: Microsoft-IIS/6.0 /
Resource Hash: a00fd4909149c85366c9cfdcabfb031987fa7f9cc7ea7c696efdec8860cb49ca

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:15 GMT
cache-control: max-age=900
server: Microsoft-IIS/6.0
timing-allow-origin: *
etag: "dffe72a4b5efff04fe4fcc23a0afef03f4015298"
content-length: 98
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 100 B
274 B 206ms
48ms Script
text/html 13.42.74.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CY%24%3D!!taxWi3M%3BI1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-2RlMhkIJ33QxUrdGk7NYu%2BFfHV3eib89DkRB2436S0SxzRtAIyeo1MnKlpdMQlJdIBr9&rs=1-JK8FHCPigFLOGg%3D%3D&sc=1&os=1-FQ%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=DOWJONES_HEADER1&hp=1&wf=1&pxm=3&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1675332015554&de=89618936410&rx=621510518423&m=0&ar=13a42d9f-clean&iw=75fac34&q=2&cb=0&cu=1675332015554&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&cm=1&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=dowjonesheader64568365681&fd=1&it=500&ti=0&ih=2&pe=1%3A1925%3A1925%3A0%3A0&jk=-1&jm=-1&fs=129&na=1720753267&cs=0&callback=MoatDataJsonpRequest_54553244
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/dowjonesheader64568365681/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.74.150 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-42-74-150.eu-west-2.compute.amazonaws.com
Software: Microsoft-IIS/6.0 /
Resource Hash: 9d8365d89b7b4111e90fde6c93cd64309a8895f9700dcd247683bb66a6fdbfa2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:15 GMT
cache-control: max-age=900
server: Microsoft-IIS/6.0
timing-allow-origin: *
etag: "7f10145b0434d102269e07fc69e317af4f8c46c7"
content-length: 100
content-type: text/html; charset=UTF-8

GET
H2 200 iframe.html Show response
z.moatads.com/hd09824092/ Frame ADD2 1 KB
2 KB 55ms
53ms Document
text/html 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/hd09824092/iframe.html
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=3052
content-length: 1374
content-type: text/html
date: Thu, 02 Feb 2023 10:00:15 GMT
etag: "4a9cbc2e5bc164313dace42a58bef141"
last-modified: Tue, 26 Jan 2021 22:41:39 GMT
server: AmazonS3
unused62: 8096267
x-amz-id-2: tXhAc64MXavoo2Ys7gL4K0CHvWdnnjW6yMDYhattkSwkbmjydK4ZTHB9EYLhbnHzR5lAnVYPFb8=
x-amz-request-id: 7Y2H1YDSCY2G4ZCG

GET
H2 200 op.js Show response
tagan.adlightning.com/newscorp-wsj-aps/ 41 KB
17 KB 184ms
62ms Script
application/javascript 65.9.66.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/newscorp-wsj-aps/op.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-17.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 789aee6d923a732513b56c2ad3b98a39c8c18be36bf23d04d2688bfb166906e4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: SZa0pg2Lwx9anQcZVe6njV11f4iB.Ida
content-encoding: gzip
via: 1.1 43c19aee1cbb38bf37ea4d5265ba1f54.cloudfront.net (CloudFront)
date: Thu, 02 Feb 2023 09:15:12 GMT
x-amz-cf-pop: FRA56-C1
age: 2710
x-cache: Hit from cloudfront
content-length: 16431
x-amz-meta-git_commit: 8db6969
last-modified: Wed, 01 Feb 2023 07:12:46 GMT
server: AmazonS3
etag: "72971f7c5311b68983529b17177739fa"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: 6EWebflZc7ighVQ6Ggz4lgO4zMHAGvRGII0z8NSx7rsmOmgxE_qmkw==

OPTIONS
H2 200 meta-data
cdn.privacy-mgmt.com/wrapper/v2/ Frame 0
0 164ms
55ms Preflight
text/plain 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.privacy-mgmt.com/wrapper/v2/meta-data?hasCsp=true&accountId=229&env=prod&metadata=%7B%22ccpa%22%3A%7B%7D%2C%22gdpr%22%3A%7B%7D%7D&propertyId=3634&scriptVersion=4.5.0&scriptType=unified

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.102 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-102.fra6.r.cloudfront.net

Software

/ Express

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.wsj.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,SP_SCRIPT_VERSION
access-control-allow-methods: GET, PUT, POST, DELETE
access-control-allow-origin: *
access-control-max-age: 86400
age: 31590
cache-control: max-age=86400, s-maxage=86400
content-length: 2
content-type: text/plain; charset=utf-8
date: Thu, 02 Feb 2023 01:13:45 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
x-amz-cf-id: EaESPbfA3d1Hy1vgARlrQRGGSQ0M6ebPKr3kg9crTFQah3sH7Xe0GQ==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-powered-by: Express

GET
H2 200 ccpa.338b6cd2f1013fb88e57.bundle.js Show response
cdn.privacy-mgmt.com/unified/4.5.0/ 10 KB
4 KB 55ms
54ms Script
text/javascript 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.privacy-mgmt.com/unified/4.5.0/ccpa.338b6cd2f1013fb88e57.bundle.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-102.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 819cd11b48e7f2d1a6ba85d2b0ce07950b52bcc9b04d27587f59cfce03d8c999

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 07:40:34 GMT
content-encoding: br
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
last-modified: Mon, 09 Jan 2023 20:21:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 13744
etag: W/"1e8abbfe2746ce14da00985d88567c71"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: QzcHyL6zzyEVngl3_vVKgoYb0BmER8SNuTpBhDiHW0db8sMKzhtMxQ==

GET
H2 200 gdpr-tcf.d469fa22183489866de1.bundle.js Show response
cdn.privacy-mgmt.com/unified/4.5.0/ 86 KB
18 KB 61ms
61ms Script
text/javascript 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.privacy-mgmt.com/unified/4.5.0/gdpr-tcf.d469fa22183489866de1.bundle.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-102.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4963b09462b5db20b9a820b98581b6f8a4058a2eeb2d4d7b4177ac3a9cc33f80

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 03:16:04 GMT
content-encoding: br
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
last-modified: Mon, 09 Jan 2023 20:21:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 24252
etag: W/"8d578fd3ad53639646d3898951859d33"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: H007C7_8pClm2q1B_gUpsiLRUVVYkzXI1upk0vd8Er38Kt7x_Svfjw==

GET
H2 200 meta-data Show response
cdn.privacy-mgmt.com/wrapper/v2/ 286 B
821 B 56ms
55ms XHR
application/json 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.privacy-mgmt.com/wrapper/v2/meta-data?hasCsp=true&accountId=229&env=prod&metadata=%7B%22ccpa%22%3A%7B%7D%2C%22gdpr%22%3A%7B%7D%7D&propertyId=3634&scriptVersion=4.5.0&scriptType=unified

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.102 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-102.fra6.r.cloudfront.net

Software

/ Express

Resource Hash

ae90b5bde77280c1f9bf217e46beb8534a0e74632183db9812166c18c00d037a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 02 Feb 2023 09:25:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 2079
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 286
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=3600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, SP_SCRIPT_VERSION
x-amz-cf-id: m5pR0r36H0QkTDYorecWCrEnHLOhfBof-jmNMKcOfGXByGxunFmdZQ==

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 471fe2996db186a05e20d52b03a8cd99b17f6be67d96603689701019afb84629

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 swg-button.css
news.google.com/swg/js/v1/ 21 KB
6 KB 59ms
58ms Stylesheet
text/css 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c429b056c18833dd3d7fe28ab8ba904526ad1375398ffac0a0e4f2d278e1ac43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 09:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6458
x-xss-protection: 0
last-modified: Wed, 02 Nov 2022 19:15:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Thu, 02 Feb 2023 10:47:26 GMT

GET
H2 200 dj-ufc.esm.js Show response
www.wsj.com/asset/dj-ufc/v1.10.0/ 3 KB
2 KB 71ms
70ms Script
application/javascript 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/asset/dj-ufc/v1.10.0/dj-ufc.esm.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9945da6442f97fa154aac094aa0e7959d26e47f845339ee5483347c38efc9f4a

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:54 GMT
x-amz-version-id: SxL725lInQtViCJdbH7PMvia4Er.tSHI
content-encoding: br
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57562
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
last-modified: Tue, 13 Dec 2022 17:04:46 GMT
server: AmazonS3
etag: W/"c57343d7000991bd8e731be6341cb50a"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31557600, immutable
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: DIDTPL5ixG1u8p7QpuD8JE-8yoi6XsHx7fg6Bh-FhrMVcKFKJUmYsw==

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ 107 KB
34 KB 401ms
250ms Script
application/x-javascript 2a02:26f0:11a:391::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a:391::268b Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: da99004a3dd3736a976dbff7dfe56ebf70076475ba4e60d67506dead66e38ee4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 10:00:16 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 Jan 2023 05:10:31 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 34709
Expires: Thu, 02 Feb 2023 11:00:16 GMT

GET
H/1.1 200
OK cx.cce.js Show response
cdn.cxense.com/ 23 KB
6 KB 427ms
71ms Script
application/x-javascript 2a02:26f0:11a:391::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.cce.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a:391::268b Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5b4c012c740d120a384871f05af3184799f6e2b607767a5d6229e2a82aac103b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 10:00:16 GMT
Content-Encoding: gzip
Last-Modified: Fri, 07 Oct 2022 14:05:13 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5959
Expires: Thu, 02 Feb 2023 11:00:16 GMT

GET
H2 200 wsj_resp_article_16u.9bfaf218afb1.js Show response
asset.barrons.com/article/public/ 664 KB
189 KB 63ms
63ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/wsj_resp_article_16u.9bfaf218afb1.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f6b344252eff2db0c3aceca713062e91aa81aa953bfb69460c85b1e62b5a06b2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 15 Dec 2022 15:05:46 GMT
content-encoding: br
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Thu, 15 Dec 2022 13:01:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4215270
etag: W/"b4d45c2daf3984e9e51516dee1af8e1b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: NRxbIfw_65-fhzEd5J0irPiIRWb67dt3uTDmydCxG9Ku62zdjYVQTA==

GET
H2 200 time Show response
video-api.shdsvc.dowjones.io/api/ 22 B
392 B 722ms
381ms Fetch
application/json 2600:9000:211a:5c00:6:60db:a3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video-api.shdsvc.dowjones.io/api/time
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:5c00:6:60db:a3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: e31ce888a84abf8847879ba472b37955c7936ad66b833da402cdab7ffbbc98ef

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:16 GMT
content-encoding: gzip
via: 1.1 9a66d849010281b3877fd5f66dbb4720.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-powered-by: Express
etag: W/"16-uRdGwcu5Vlm5elNeWG744CdBsH8"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache,max-age=0
x-amz-cf-id: SEUx0_Z_rIarYgLvhfDM_DIvEIUyTvm56Vr5Sb1C-_CN1XYTfWjaZw==

GET
H2 200 find-all-videos Show response
video-api.shdsvc.dowjones.io/api/legacy/ 8 KB
3 KB 567ms
238ms XHR
application/json 2600:9000:211a:5c00:6:60db:a3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video-api.shdsvc.dowjones.io/api/legacy/find-all-videos?type=guid&fields=adCategory%2CadTagParams%2CadZone%2CadsAllowed%2CaspectRatio%2Cauthor%2CcaptionsVTT%2Ccatastrophic%2CchapterTimes%2Ccolumn%2Cdescription%2CdoctypeID%2Cduration%2Ceditor%2CemailURL%2CepisodeNumber%2CforceClosedCaptions%2Cformat%2CformattedCreationDate%2CgptCustParams%2Cguid%2Chls%2ChlsNoCaptions%2CisQAEvent%2Ciso8601CreationDate%2Ckeywords%2CkeywordsOmni%2ClinkRelativeURL%2ClinkShortURL%2ClinkURL%2CmediaLiveChannelId%2Cname%2ComniProgramName%2ComniPublishDate%2ComniVideoFormat%2Cprovider%2CrssURL%2CsecondsUntilStartTime%2CseriesName%2CseriesHideName%2CshowName%2CsponsoredVideo%2Clang%2Cstate%2CthumbnailImageManager%2CthumbnailList%2CthumbstripURL%2Ctitletag%2CtouchCastID%2Ctype%2Cvideo1264kMP4Url%2Cvideo174kMP4Url%2Cvideo1864kMP4Url%2Cvideo2564kMP4Url%2Cvideo320kMP4Url%2Cvideo664kMP4Url%2CvideoMP4List%2CvideoStillURL%2Cwsj-section%2Cwsj-subsection%2Cfactiva-subjects%2Cfactiva-regions&count=1&query=8B1F50DA-FB21-4186-8E33-398A639EEC23
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:5c00:6:60db:a3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: aee70e8095e5af64760acae5c7844bc8bcae03a11f35fb8185602fc0dec4c35a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:16 GMT
content-encoding: gzip
via: 1.1 9a66d849010281b3877fd5f66dbb4720.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-powered-by: Express
etag: W/"1e74-4qKkqraNsQ2nY6I3i7IeyQslzro"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=60
x-amz-cf-id: tSeLowktf5JeDxInrCXV6wSrLqBRoucBQj3Xgk1oJ7nHs_8nZB3ETQ==

GET
H2 200 b-8db6969-6e427bcd.js Show response
tagan.adlightning.com/newscorp-wsj-aps/ 69 KB
26 KB 227ms
226ms Script
application/javascript 65.9.66.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/newscorp-wsj-aps/b-8db6969-6e427bcd.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-17.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f749bc5d66379bf89ee5f8d7c75c8e4171e6530b2d0568fa652566777e8018e2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 02:12:32 GMT
content-encoding: gzip
via: 1.1 43c19aee1cbb38bf37ea4d5265ba1f54.cloudfront.net (CloudFront)
x-amz-version-id: HXhWsJQXpSY7bh14hIkZippq3BchtoVF
x-amz-cf-pop: FRA56-C1
age: 1237664
x-cache: Hit from cloudfront
content-length: 26560
x-amz-meta-git_commit: 8db6969
last-modified: Mon, 07 Nov 2022 22:06:36 GMT
server: AmazonS3
etag: "543a0f2f521d7aac102e687658384f26"
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 2CbJuA9nKl5mcjjHBnQa9iRYyjVuRUz203qJRJvo1OSP0_9nQ8050A==

GET
H2 200 bl-ddacba4-336d5f0a.js Show response
tagan.adlightning.com/newscorp-wsj-aps/ 48 KB
21 KB 228ms
227ms Script
application/javascript 65.9.66.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/newscorp-wsj-aps/bl-ddacba4-336d5f0a.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-17.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0499fcc1b696675f804771b4e29197007720a391cd265356eccae543c5b6afce

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 07:12:53 GMT
content-encoding: gzip
via: 1.1 43c19aee1cbb38bf37ea4d5265ba1f54.cloudfront.net (CloudFront)
x-amz-version-id: XDKp0IVj4rsE3epVRFLigoHWFMHzVQdy
x-amz-cf-pop: FRA56-C1
age: 96443
x-cache: Hit from cloudfront
content-length: 20896
x-amz-meta-git_commit: ddacba4
last-modified: Wed, 01 Feb 2023 07:12:24 GMT
server: AmazonS3
etag: "d0e6345fd510b3339bacd6dfe4c47196"
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: p0gGfrjanKP4OB8iBfPGeQlJ-U4fyG-30pCqOg3e1z7IlBAFrPy8tw==

GET
H2 200 messages Show response
cdn.privacy-mgmt.com/wrapper/v2/ 197 KB
131 KB 67ms
64ms XHR
application/json 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.privacy-mgmt.com/wrapper/v2/messages?hasCsp=true&env=prod&body=%7B%22accountId%22%3A229%2C%22campaignEnv%22%3A%22prod%22%2C%22campaigns%22%3A%7B%22ccpa%22%3A%7B%22alwaysDisplayDNS%22%3Afalse%2C%22hasLocalData%22%3Afalse%2C%22targetingParams%22%3A%7B%7D%7D%2C%22gdpr%22%3A%7B%22consentStatus%22%3A%7B%7D%2C%22targetingParams%22%3A%7B%7D%7D%7D%2C%22clientMMSOrigin%22%3A%22https%3A%2F%2Fcdn.privacy-mgmt.com%22%2C%22hasCSP%22%3Atrue%2C%22includeData%22%3A%7B%22localState%22%3A%7B%22type%22%3A%22string%22%7D%2C%22actions%22%3A%7B%22type%22%3A%22RecordString%22%7D%2C%22cookies%22%3A%7B%22type%22%3A%22RecordString%22%7D%7D%2C%22propertyHref%22%3A%22https%3A%2F%2Fwww.wsj.com%22%2C%22propertyId%22%3A3634%7D&localState=null&metadata=%7B%22ccpa%22%3A%7B%22applies%22%3Afalse%7D%2C%22gdpr%22%3A%7B%22applies%22%3Atrue%7D%7D&nonKeyedLocalState=null&scriptVersion=4.5.0&scriptType=unified

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.102 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-102.fra6.r.cloudfront.net

Software

/ Express

Resource Hash

b5c8a8e375e04e1986218d85bddc3cd11cbaac2f5bc28a4bdde0ea55df2690a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 02 Feb 2023 09:42:31 GMT
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
via: 1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 1065
x-powered-by: Express
x-cache: Hit from cloudfront
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, s-maxage=1200
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, SP_SCRIPT_VERSION
x-amz-cf-id: Y6dfDa-63jDdzl-zF59BYsBMWzUQTel-smZf_sgxl5pVwoBegIWvrg==

OPTIONS
H2 200 messages
cdn.privacy-mgmt.com/wrapper/v2/ Frame 0
0 225ms
224ms Preflight
text/plain 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.102 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-102.fra6.r.cloudfront.net

Software

/ Express

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.wsj.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,SP_SCRIPT_VERSION
access-control-allow-methods: GET, PUT, POST, DELETE
access-control-allow-origin: *
access-control-max-age: 86400
age: 59439
cache-control: max-age=86400, s-maxage=86400
content-length: 2
content-type: text/plain; charset=utf-8
date: Wed, 01 Feb 2023 17:29:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
x-amz-cf-id: aBXqsBtNYmOFn7kEG6CX9kNiQ7VOTFwUpGstkZtnrkPTwp2v8cWtSw==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-powered-by: Express

GET
H2 200 p-747af32b.js Show response
www.wsj.com/asset/dj-ufc/v1.10.0/ 9 KB
5 KB 218ms
218ms Script
application/javascript 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/asset/dj-ufc/v1.10.0/p-747af32b.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd1798a3196052839bf26731f4d766f089a01982cc5a7e60fc3cae9392c8e3c6

Request headers

Referer: https://www.wsj.com/asset/dj-ufc/v1.10.0/dj-ufc.esm.js
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:54 GMT
x-amz-version-id: iTW7dQKkc_azS6cIwzCkB9z2.muqbqs2
content-encoding: br
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57563
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
last-modified: Tue, 13 Dec 2022 17:04:46 GMT
server: AmazonS3
etag: W/"4c859af72ebb76feca63a202ef8e3c3e"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31557600, immutable
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: fjUUNTuBhtQJc7D61q7WsHFRxegZIz109A2UbjS9-4sT4jtHyp3bvg==

GET
H2 200 p-ccedc378.js Show response
www.wsj.com/asset/dj-ufc/v1.10.0/ 86 B
724 B 219ms
219ms Script
application/javascript 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/asset/dj-ufc/v1.10.0/p-ccedc378.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 401b0dd998d6f56a3286fa0be96ed91802c905e45b854bbe069e780c905220df

Request headers

Referer: https://www.wsj.com/asset/dj-ufc/v1.10.0/dj-ufc.esm.js
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:54 GMT
x-amz-version-id: DRm.zjCENnxqVVEjEy62FjJJNosNHCfR
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57563
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
content-length: 86
last-modified: Tue, 13 Dec 2022 17:04:46 GMT
server: AmazonS3
etag: "3102a5f9c97737e3ea3801d8fcb44fa1"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31557600, immutable
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: rdXLgx7BR01IlPuBPmiIm4FuoTcwH0VelKDohSt5hE1v02zl4Nmo5w==

GET
H/1.1 200
OK audioplayer.min.css
video-api.wsj.com/api-video/audio/css/ 52 KB
6 KB 163ms
163ms Stylesheet
text/css 13.227.219.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://video-api.wsj.com/api-video/audio/css/audioplayer.min.css

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.28 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-28.ams54.r.cloudfront.net

Software

CloudFront /

Resource Hash

43c145b67282d661e41e44084b10ca1291770fdc3c8df9508ce3847786a4f2f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: VzkVBgTnKwdbiWFrmJ8SubfiiLPeJEuo
Content-Encoding: br
X-Content-Type-Options: nosniff
Date: Thu, 02 Feb 2023 09:42:02 GMT
Via: 1.1 df4167ab0949b4d2c15466bdfdc05f94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
Age: 1095
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 07 Dec 2022 23:43:52 GMT
Server: CloudFront
ETag: W/"6354c547d546395c7e8ae7f01407e4f5"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=3600
X-Amz-Cf-Id: X0CPpxxV6524vyk51uSczTurdl9YaKY43QBhh4wws5buPsNkx8cAoA==

GET
H/1.1 200
OK audioplayer.min.js Show response
video-api.wsj.com/api-video/audio/js/ 125 KB
37 KB 174ms
174ms Script
application/javascript 13.227.219.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://video-api.wsj.com/api-video/audio/js/audioplayer.min.js

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.28 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-28.ams54.r.cloudfront.net

Software

CloudFront /

Resource Hash

0f0e69410d1bbcc1438942d7500be3ade7f24b76c266c33caefe9a150a654d7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: C07dbnr1ZTSbs_3zwiFbzTigCegLwdxc
Content-Encoding: br
X-Content-Type-Options: nosniff
Date: Thu, 02 Feb 2023 09:57:26 GMT
Via: 1.1 2e0227ef3f0af98f7b4e1f8452f59f84.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
Age: 171
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 07 Dec 2022 23:43:53 GMT
Server: CloudFront
ETag: W/"a0afacc8037c93647d51b380d934b55b"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3600
X-Amz-Cf-Id: FucJ-Tv_e11cvxpX32Jflox0q3spyqxD7AEGniU8aIYINu9LIkfWoQ==

GET
H3 200 loader.svg
news.google.com/swg/js/v1/ 0
1 KB 168ms
168ms Other
image/svg+xml 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/loader.svg

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 09:52:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 484
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1049
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 18:14:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: image/svg+xml
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Thu, 02 Feb 2023 10:42:12 GMT

GET
H3

200

serviceiframe Show response
news.google.com/swg/ui/v1/ Frame 37F0
Redirect Chain

https://news.google.com/swg/_/ui/v1/serviceiframe?_=465370&publicationId=wsj.com
https://news.google.com/swg/ui/v1/serviceiframe?_=465370&publicationId=wsj.com

16 KB
7 KB

115ms
115ms

Document
text/html

2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/ui/v1/serviceiframe?_=465370&publicationId=wsj.com

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7e030b8bc8a5e080eb75bfdb61afdcc924aa7cf851460c666221cae5c8293fe4

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport script-src 'report-sample' 'nonce-L-qkosRgxYjWxzAtiYqQxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport script-src 'report-sample' 'nonce-L-qkosRgxYjWxzAtiYqQxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: unsafe-none; report-to="SubscribewithgoogleClientUi"
cross-origin-resource-policy: same-site
date: Thu, 02 Feb 2023 10:00:16 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"SubscribewithgoogleClientUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientUi/external"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

Redirect headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport script-src 'report-sample' 'nonce-c53twUPlL4JXZg_mEDOBaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
content-type: application/binary
cross-origin-resource-policy: same-site
date: Thu, 02 Feb 2023 10:00:16 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
location: https://news.google.com/swg/ui/v1/serviceiframe?_=465370&publicationId=wsj.com
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 c8882c9c-15d3-4d1f-9b0e-81b6f321365d.41853d89d2ba.js Show response
asset.barrons.com/article/public/ 20 KB
6 KB 128ms
128ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/c8882c9c-15d3-4d1f-9b0e-81b6f321365d.41853d89d2ba.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3f954b8da022b98c7ff80b7cf9a0b5a182eb8ffcb08612dac96a4f783a96a8b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 18:06:27 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:08:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4809230
etag: W/"0cf11d1d1e97a525f27adb043f0d40d7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: 5ubbAf13KVoriTwO4ooEwbNjzpR79-mJxhgDRVhQRL6ojXf8vuDFKQ==

GET
H2 200 275181c7-8620-4df3-a008-d0cd9937db22.83e514dd97b0.js Show response
asset.barrons.com/article/public/ 26 KB
7 KB 137ms
137ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/275181c7-8620-4df3-a008-d0cd9937db22.83e514dd97b0.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 402f386125882f2c6bfb5639857999bf15b46d187c0c293e5f9df6fbfb5bf41c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 16:19:42 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:08:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4815635
etag: W/"ea45099ea57b0524f49f280b798a2dd8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: WL2hto0kPvmzF9S4xHOs4iutUwL9oPMGNBaYEVdQ9YO9-dTOVbhyjQ==

GET
H2 200 c13492a5-d9db-47c3-a804-80f45f96c081.cafbe9d1e0d3.css
asset.barrons.com/article/public/ 4 KB
2 KB 149ms
149ms Stylesheet
text/css 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/c13492a5-d9db-47c3-a804-80f45f96c081.cafbe9d1e0d3.css
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e5802f293c62b42467e0bee021146995034e4ea8741864d07473ebb4556fe3eb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:50:30 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Mon, 22 Mar 2021 16:32:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 6052187
etag: W/"43d001b5f1cd0707df3ed5f1e627cc52"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: R2gX0WxeCJrkhzji01iYuK-Pzsx8yAeadR3EydmlBRBDefovn67n2A==

GET
H2 200 c13492a5-d9db-47c3-a804-80f45f96c081.816b02e2a867.js Show response
asset.barrons.com/article/public/ 527 KB
77 KB 208ms
208ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/c13492a5-d9db-47c3-a804-80f45f96c081.816b02e2a867.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e1b9e86fa82b13c0bca9a897d309b6e5475aeb1fdbd5a9d062abed600cad0263

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 06:21:23 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:08:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4765134
etag: W/"51c8b3a0fdadd7a36560683a4fece595"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: mGq4gqEHZuGTI6ur3Tx8EUqIgk-A10oP658Mif8UBNXERlrgH0Af8Q==

GET
H2 200 17f32040-0bfd-4790-bb36-732d32093176.5baa5784258a.js Show response
asset.barrons.com/article/public/ 86 KB
28 KB 205ms
205ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/17f32040-0bfd-4790-bb36-732d32093176.5baa5784258a.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d264273099f3ba6a61a1180bbbb01c82490399b9d2f9ec8fbd0b6da0b7b62338

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 18:06:27 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:08:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4809230
etag: W/"c71df3d681d868485466aa1348d6d128"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: nZWneWfWf835O0CJBg5I-tPVRzy0yGjLzhi-X8nbSRzQqnA0Fcywcw==

GET
H2 200 03c85c64-f03f-4789-9e88-00158f0ea41e.c5381a10a595.css
asset.barrons.com/article/public/ 52 KB
12 KB 203ms
203ms Stylesheet
text/css 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/03c85c64-f03f-4789-9e88-00158f0ea41e.c5381a10a595.css
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 002698cb316a124adaa0e64332ff5028aff5a87f9cadd049c2b9794ec53882e3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 18:12:44 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:08:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4808853
etag: W/"30c071f370d851f662bbae88fc275323"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: ai16RvcZYyzKocAZab4SnSVuLgPYCeHOKWVC_GCK6PPP0fbQjitjNA==

GET
H2 200 03c85c64-f03f-4789-9e88-00158f0ea41e.235d420e83af.js Show response
asset.barrons.com/article/public/ 974 KB
177 KB 209ms
209ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/03c85c64-f03f-4789-9e88-00158f0ea41e.235d420e83af.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5fe9def46a8b91028785a46837dca6fc1e6adbb83ea70ac2234d60df39ae6904

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 18:09:23 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:08:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4809054
etag: W/"e3cce4dfc705eb713e685ca4113fef75"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: g-zhAqzIpI72oGoZ97k6U93sQ9CQ39MDPvY6Pj8gT1r4K0TvHoG95w==

GET
H2 200 5c5570fe-7775-4969-92ed-c47ecb965e78.119e49f767f8.css
asset.barrons.com/article/public/ 40 KB
8 KB 135ms
135ms Stylesheet
text/css 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/5c5570fe-7775-4969-92ed-c47ecb965e78.119e49f767f8.css
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ee533b9e14640df8355b7e6b91c1fe958703b65a72ad0622695c447afc085bca

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 08:14:47 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Thu, 04 Aug 2022 17:47:25 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 14521529
etag: W/"33563a37ea361d788f28a4a0056c55db"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: dH-NrADQK1aPUGE7HOp92YEkfYFGiKnRagy-zYaLMOE_5t8T5SGI4A==

GET
H2 200 5c5570fe-7775-4969-92ed-c47ecb965e78.47fd093d561d.js Show response
asset.barrons.com/article/public/ 611 KB
106 KB 144ms
144ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/5c5570fe-7775-4969-92ed-c47ecb965e78.47fd093d561d.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1bc3773a8dacd0125c2dc3e9837fb4209eccc6db5eef734c10a21b6fcd5819c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 18:06:27 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:08:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4809230
etag: W/"eabb19d66e54321270220e163425c005"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: LmxPMFFLzSaSb-ESDPwHltNS3Edb8NNp1w03vic08PHD8DtTiD48nQ==

GET
H2 200 0ad70e52-063f-11ea-8d71-362b9e155667.d8da0cbe54f3.css
asset.barrons.com/article/public/ 10 KB
4 KB 204ms
204ms Stylesheet
text/css 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/0ad70e52-063f-11ea-8d71-362b9e155667.d8da0cbe54f3.css
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8708450c640e8334574e34b1bf0c47844c0764a9ea0d06cdfc6390830249a638

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 16:17:05 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Tue, 27 Sep 2022 08:29:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 10950192
etag: W/"146b032548accf3b5417e21435fcd170"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: sa3XypIMzp9qzO4Zreyu5NusxPwSgwXLg4Bora_hfF9g41ai-OsfKQ==

GET
H2 200 0ad70e52-063f-11ea-8d71-362b9e155667.f1875c4caf42.js Show response
asset.barrons.com/article/public/ 568 KB
92 KB 251ms
251ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/0ad70e52-063f-11ea-8d71-362b9e155667.f1875c4caf42.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f48f311b949a7369b8a381932ffd054cc5b1f8f74a672cc47d1fcad60f7858e0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 18:06:27 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:08:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4809230
etag: W/"1453b04e0ff54022fa28ae5699fc3fef"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: yx0-nChHyFK1vJeW9bhEsx3Nr8AG1AtJeAL0CIB9U6za5sBb5P0nJA==

GET
H2 200 9b6fea7a-ca2a-4ec2-982f-ea3079678342.0419b11351ae.css
asset.barrons.com/article/public/ 13 KB
5 KB 231ms
231ms Stylesheet
text/css 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/9b6fea7a-ca2a-4ec2-982f-ea3079678342.0419b11351ae.css
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3c5373d92b755ad6044e5867981367495b87d2fc22c272d3e1d383b8591cd801

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 12 Dec 2022 05:34:59 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:08:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4508718
etag: W/"1ea4a67747222f13e1c0676967f3c83d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: aOOpb8v0gbNYF7WPJh_pJRbo5XyEh4hU5lUn8C-fzj9svJTfW3yrwA==

GET
H2 200 9b6fea7a-ca2a-4ec2-982f-ea3079678342.4bce856a5ce9.js Show response
asset.barrons.com/article/public/ 619 KB
107 KB 258ms
258ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/9b6fea7a-ca2a-4ec2-982f-ea3079678342.4bce856a5ce9.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bef07650ae13b3536510763686eea5abcd1189ec8ee14c37060c8ac99ceba9e5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 18:09:24 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:08:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4809053
etag: W/"6721b6fcd7207a0882ef4add52ef60af"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: s0CTnxnCAo2qZ3VV9UiFHjRKnaVPnj9XZ4uvhpGITpWNG-g2tAhlow==

GET
H2 200 669cbb36-1bd8-4a26-89f6-ec35ac37fb24.3d50a4892ddd.css
asset.barrons.com/article/public/ 3 KB
1 KB 229ms
228ms Stylesheet
text/css 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/669cbb36-1bd8-4a26-89f6-ec35ac37fb24.3d50a4892ddd.css
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a390f4498a7b5e34c082b9cb5691116fe75cc8769e5f2a84bac38b93d27dbf03

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 14 Jul 2022 23:48:40 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Mon, 16 Aug 2021 15:14:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 17489497
etag: W/"28bdc287d49158acacb6a1c84eb99b9c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 8An33oinIZnkrlNPfog_36rQ4Yk2vjYiClV7xGvpI2kGYOV-zZHDaw==

GET
H2 200 669cbb36-1bd8-4a26-89f6-ec35ac37fb24.8c03aa36c505.js Show response
asset.barrons.com/article/public/ 24 KB
7 KB 229ms
229ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/669cbb36-1bd8-4a26-89f6-ec35ac37fb24.8c03aa36c505.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e4c6c97c5838b7d41a7d042f4452201e6da3de6a1299fe0b9b53888cd0a5111

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 18:06:27 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:08:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4809230
etag: W/"8ed85f522dc1e9f64904c881ee55188b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: 8NLfI3U6Y3tv_aQ1pCh0_n0oonyFQfylicM9hWnIPzx-r6oMGpS5Tw==

GET
H3 200 entitlements Show response
news.google.com/swg/_/api/v1/publication/wsj.com/ 2 B
59 B 141ms
141ms Fetch
application/json 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/api/v1/publication/wsj.com/entitlements

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: text/plain, application/json
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientHttp/cspreport
content-encoding: gzip
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin; report-to="SubscribewithgoogleClientHttp"
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.wsj.com
report-to: {"group":"SubscribewithgoogleClientHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientHttp/external"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 p-38aaf73f.entry.js Show response
www.wsj.com/asset/dj-ufc/v1.10.0/ 76 KB
22 KB 70ms
69ms Script
application/javascript 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/asset/dj-ufc/v1.10.0/p-38aaf73f.entry.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/asset/dj-ufc/v1.10.0/p-747af32b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: def2dd078ee571590e4db5eee85669e7c971dbd71b29927b1465f24619229fa7

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:55 GMT
x-amz-version-id: CmCirrSRJ8F2MBtz8ZiFEMwN3ModAiFH
content-encoding: br
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57562
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
last-modified: Tue, 13 Dec 2022 17:04:46 GMT
server: AmazonS3
etag: W/"52a44021951074f82c5c2a994637a443"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31557600, immutable
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: ZRd5Rz5ds3rj50xoqjyHwq6M-vuZMDJz0Run3TquYKkyUygc4cy4gQ==

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8c14dd9179913a3fb6d8bee3165293a61a0ffe62aca3be04bae738b5bce30a13

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 wsj-logo-big-black.e653dfca7923.svg
asset.barrons.com/article/public/img/ 17 KB
7 KB 60ms
60ms Image
image/svg+xml 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://asset.barrons.com/article/public/img/wsj-logo-big-black.e653dfca7923.svg
Requested by: Host: asset.barrons.com
URL: https://asset.barrons.com/article/public/9b6fea7a-ca2a-4ec2-982f-ea3079678342.0419b11351ae.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: afceefd395be95bd1b05d50c99964f1daa86e78a9a0f9f70e43c52fa4e8d5f0a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://asset.barrons.com/article/public/9b6fea7a-ca2a-4ec2-982f-ea3079678342.0419b11351ae.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 18:12:45 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:08:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4808852
etag: W/"e653dfca7923db2dfe35853484ecc138"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-id: lslSDvBdGvaX0lI72rFZnh8TDS9Tj6tMiqamy2wowN-_15zFb3a1ig==

GET
H2 200 google-play.4699f3c28a26.svg
asset.barrons.com/article/public/img/ 6 KB
3 KB 55ms
55ms Image
image/svg+xml 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://asset.barrons.com/article/public/img/google-play.4699f3c28a26.svg
Requested by: Host: asset.barrons.com
URL: https://asset.barrons.com/article/public/9b6fea7a-ca2a-4ec2-982f-ea3079678342.0419b11351ae.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f173ce9aba85239293aa2d30b59d8e9769ab57261a63376147b22773f84972bb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://asset.barrons.com/article/public/9b6fea7a-ca2a-4ec2-982f-ea3079678342.0419b11351ae.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 14 Jul 2022 23:10:47 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Tue, 16 Mar 2021 02:37:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 17491770
etag: W/"4699f3c28a26de50bde7eb2e516c4616"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-id: 2VCJLzs23gnL7po-pcevISPmHbOaxQNNDOfH6ofESwdJjBRjD8b-UA==

GET
H2 200 appstore.a6e93ba3daca.svg
asset.barrons.com/article/public/img/ 5 KB
2 KB 54ms
53ms Image
image/svg+xml 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://asset.barrons.com/article/public/img/appstore.a6e93ba3daca.svg
Requested by: Host: asset.barrons.com
URL: https://asset.barrons.com/article/public/9b6fea7a-ca2a-4ec2-982f-ea3079678342.0419b11351ae.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: beec0e606b0397cdc95eba5c160317d7c73f18917d6cb2ec97795aec9b10fafa

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://asset.barrons.com/article/public/9b6fea7a-ca2a-4ec2-982f-ea3079678342.0419b11351ae.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 12:47:24 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Tue, 16 Mar 2021 02:37:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 26255573
etag: W/"a6e93ba3daca96df368bd52a469cf262"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-id: --2i2GIPcUrxPO3y1z9-uVIZqJachX8El0Mclh26J6CSBcM0wJd1hw==

GET
H2 200 WSJTheme-c8882c9c-15d3-4d1f-9b0e-81b6f321365d.cd69b5260360.css
asset.barrons.com/article/public/ 90 B
431 B 54ms
53ms Stylesheet
text/css 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/WSJTheme-c8882c9c-15d3-4d1f-9b0e-81b6f321365d.cd69b5260360.css
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c902ab00352d0ae869550735beabccb7b86654e7198b2d2954bdd3864119496f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 12:47:20 GMT
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 02 Jun 2021 21:25:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 26255577
etag: "6fbf0c07779fd28ee03d2ce7547692ea"
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 90
x-amz-cf-id: 1gsnhZgdBw8e3OphwdqynrkwVVX2OvNJBHOlSYrtzO2LVTswswIEnw==

GET
H2 200 WSJTheme-c8882c9c-15d3-4d1f-9b0e-81b6f321365d.c33432da64c8.js Show response
asset.barrons.com/article/public/ 167 B
518 B 54ms
54ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/WSJTheme-c8882c9c-15d3-4d1f-9b0e-81b6f321365d.c33432da64c8.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86fcd3926befb288b406fe16fefc1e91342e11c04ee7af9c77cd3b7a6b7c84ae

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 08:44:15 GMT
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Tue, 13 Sep 2022 10:15:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 9767762
etag: "fbc18c20000ba0a5f71de9ffa6b5e388"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 167
x-amz-cf-id: L2IH4IcBp6cuEmsKjWrHRAKKdL0LVaCogInBf_r5GleKp_XL_3sR7Q==

GET
H2 200 WSJTheme-275181c7-8620-4df3-a008-d0cd9937db22.19ffb35d6384.css
asset.barrons.com/article/public/ 11 KB
4 KB 54ms
53ms Stylesheet
text/css 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/WSJTheme-275181c7-8620-4df3-a008-d0cd9937db22.19ffb35d6384.css
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 267643b1790a2c87a0fdfec4a2cccd321cd1b22a5d7af7861bd8f118f3d74e3f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 18:22:20 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 20 Apr 2022 10:30:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 24766677
etag: W/"433448ec6abdcc06747c8a171e528762"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: EHEeLIxyTwSotblIws3xy4SkFS5nwqyg_kABn39jw3UcqrZl8hnoEw==

GET
H2 200 WSJTheme-275181c7-8620-4df3-a008-d0cd9937db22.32def8f8e3cb.js Show response
asset.barrons.com/article/public/ 9 KB
4 KB 54ms
54ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/WSJTheme-275181c7-8620-4df3-a008-d0cd9937db22.32def8f8e3cb.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a71d84f1b53f545fd62160359e05bb751aaefde1cebc05e5ce49d258a3b9eeac

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 01 Aug 2022 19:21:00 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Wed, 13 Jul 2022 18:49:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 15950357
etag: W/"3858f0bd1cf1583352b75ce1ca770eaf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: 36oagBf_IiJ7GmBtmB4whYqmUy5_OUpQVjwiKplGyNu-uJnREkRvSQ==

GET
H2 200 p-43dd4095.js Show response
www.wsj.com/asset/dj-ufc/v1.10.0/ 5 KB
2 KB 70ms
69ms Script
application/javascript 2600:9000:211a:8800:3:4b0:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wsj.com/asset/dj-ufc/v1.10.0/p-43dd4095.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8800:3:4b0:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9886eba3730d9972ff89016c53fc50ee22f535605cfc9b28dbc3788be2834c30

Request headers

Referer: https://www.wsj.com/asset/dj-ufc/v1.10.0/p-38aaf73f.entry.js
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:00:55 GMT
x-amz-version-id: FJ4JvXgilZwzrHDnXGluvz8fccL7gPye
content-encoding: br
via: 1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 57562
x-cache: Hit from cloudfront
x-amz-replication-status: REPLICA
last-modified: Tue, 13 Dec 2022 17:04:45 GMT
server: AmazonS3
etag: W/"ea66b40903dc8105e79e498551319267"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://www.wsj.com
access-control-expose-headers: ETag
cache-control: public, max-age=31557600, immutable
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: vxQl8DIx5-GUCa1-spk-doOVmI0OuCr9oBHtlqhZFon5Ei9VnCL4fw==

GET
H2 200 custom-vendors Show response
cdn.privacy-mgmt.com/ccpa/consent/3634/ 66 B
541 B 332ms
331ms XHR
application/json 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.privacy-mgmt.com/ccpa/consent/3634/custom-vendors?ccpaUUID=null&hasCsp=true

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.102 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-102.fra6.r.cloudfront.net

Software

Resource Hash

78666b6dfb45515213fab81f180cef33611fb69cf893910bfb6f6e3ebd3c19d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:16 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.wsj.com
x-cache: Miss from cloudfront
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length: 66
x-amz-cf-id: LehRIoBMjzFpmkZiXo2uq1dNYNx97vqKjHzcCPx-0nRrCfvOFlC4GA==

POST
H2 200 custom-metrics
cdn.privacy-mgmt.com/wrapper/metrics/v1/ 2 B
0 56ms
56ms Fetch
text/plain 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.privacy-mgmt.com/wrapper/metrics/v1/custom-metrics

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.102 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-102.fra6.r.cloudfront.net

Software

/ Express

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 02 Feb 2023 10:00:16 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.wsj.com
x-cache: Miss from cloudfront
cache-control: no-cache, no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, SP_SCRIPT_VERSION
content-length: 2
x-amz-cf-id: o4gludZd8F9KZhs5GMV0Ka7UmdM0b3ouUXw1c_MV_XHxdWSqjucYCw==

GET
H2 200 WSJTheme-17f32040-0bfd-4790-bb36-732d32093176.388efae4898e.css
asset.barrons.com/article/public/ 4 KB
2 KB 54ms
54ms Stylesheet
text/css 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/WSJTheme-17f32040-0bfd-4790-bb36-732d32093176.388efae4898e.css
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1a2953c323d5dc9e496ffe18c2a8dac61c62e45e0775a965ce05330921355b96

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 12:47:21 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Tue, 16 Mar 2021 21:50:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 26255576
etag: W/"f1b578c803002ec314040321c4564d17"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: Aj3lBEJmHPFzPJyhyosM9_jIvFwf3QTyqNwn9BmWM7fGJUTfdc92HQ==

GET
H2 200 WSJTheme-17f32040-0bfd-4790-bb36-732d32093176.f0d49ce2cb11.js Show response
asset.barrons.com/article/public/ 1 KB
1 KB 55ms
54ms Script
application/javascript 2600:9000:206f:0:1a:635e:8fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://asset.barrons.com/article/public/WSJTheme-17f32040-0bfd-4790-bb36-732d32093176.f0d49ce2cb11.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:0:1a:635e:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b901a9ca2535b2c2e4986a4170934e277a00712e5c0525d253719a7277bc8309

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 08:44:23 GMT
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Tue, 13 Sep 2022 10:15:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 9767754
etag: W/"aab07a6004914d5699eaa2bc407c974d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: zQHQh9bcC_eXAjl6d7yvSjERU37-iVZ_jf8tjMkVRTRvstUcYCjqaA==

OPTIONS
H2 200 custom-metrics
cdn.privacy-mgmt.com/wrapper/metrics/v1/ Frame 0
0 60ms
60ms Preflight
text/html 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.privacy-mgmt.com/wrapper/metrics/v1/custom-metrics

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.102 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-102.fra6.r.cloudfront.net

Software

/ Express

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.wsj.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,SP_SCRIPT_VERSION
access-control-allow-methods: GET, PUT, POST, DELETE
access-control-allow-origin: https://www.wsj.com
allow: POST
cache-control: no-cache, no-store
content-length: 4
content-type: text/html; charset=utf-8
date: Thu, 02 Feb 2023 10:00:16 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
x-amz-cf-id: Dia51Mozelnf9oxZf0aZX2UmtF-gUqKXHJ3JcEoA3X0wDl1YvNJQpw==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H/1.1 200
OK sp1.html Show response
cdn.cxense.com/ Frame E526 684 B
749 B 72ms
72ms Document
text/html 2a02:26f0:11a:391::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/sp1.html
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a:391::268b Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 535be4b8bedf82433d210152dfb19dd4eaf5796c4e61c2be1c2ed356827b5580

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 379
Content-Type: text/html
Date: Thu, 02 Feb 2023 10:00:16 GMT
Expires: Sun, 12 Feb 2023 10:00:16 GMT
Last-Modified: Tue, 11 Jan 2022 07:21:04 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H2 200 index.html Show response
cdn.privacy-mgmt.com/ Frame 8FF3 4 KB
2 KB 54ms
54ms Document
text/html 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.privacy-mgmt.com/index.html?message_id=718122&consentUUID=null&requestUUID=1155df93-7ad1-497a-90f5-a221953f7d91&preload_message=true&hasCsp=true&version=v1&consentLanguage=en
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-102.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 226e276f6230b9b9338a5c06633f8ff6eb9e5a628c411d9e1225e8431055278f

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 422
cache-control: max-age=3600
content-encoding: gzip
content-type: text/html
date: Thu, 02 Feb 2023 09:53:15 GMT
etag: W/"775772433842b9bdd372564179405393"
last-modified: Thu, 19 Jan 2023 15:53:48 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
x-amz-cf-id: WYzKS1uQZD4vf8sXw-NYBCYZBGZu-0-MTGOropk2_BGKHaJnX8lOXQ==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront

POST
H3 204 cspreport
news.google.com/swg/_/SubscribewithgoogleClientUi/ Frame 37F0 0
27 B 110ms
109ms Other
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/SubscribewithgoogleClientUi/cspreport

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-kJ-6dTPzOcmvlfsZmBrugQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/swg/ui/v1/serviceiframe?_=465370&publicationId=wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Thu, 02 Feb 2023 10:00:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-kJ-6dTPzOcmvlfsZmBrugQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"SubscribewithgoogleClientUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientUi/external"}]}
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="SubscribewithgoogleClientUi"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m=serviceiframeview,_b,_tp,_r
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/ss/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.F9IbdYg1O6o.L.B1.O/am=OgMABA/d=1/ed=1/rs=ABXTjI5rneIiHarAeJRvwly_YDRTFdrsxw/ Frame 37F0 521 B
967 B 178ms
54ms Stylesheet
text/css 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/ss/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.F9IbdYg1O6o.L.B1.O/am=OgMABA/d=1/ed=1/rs=ABXTjI5rneIiHarAeJRvwly_YDRTFdrsxw/m=serviceiframeview,_b,_tp,_r

Requested by

Host: news.google.com
URL: https://news.google.com/swg/ui/v1/serviceiframe?_=465370&publicationId=wsj.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

476d60955514d59fff612bff247149d6c3d8040247ec574886143d08163e1717

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 17:45:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58490
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 311
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 00:36:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/css; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 17:45:26 GMT

GET
H2 200 m=_b,_tp,_r Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/am=OgMABA/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/rs=ABX... Frame 37F0 195 KB
69 KB 179ms
55ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/am=OgMABA/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/rs=ABXTjI69BvY7szh0OL5cArnIK-typLJpTQ/m=_b,_tp,_r

Requested by

Host: news.google.com
URL: https://news.google.com/swg/ui/v1/serviceiframe?_=465370&publicationId=wsj.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a03bf5a8645582c4c181f998eac2fd4283416a0f5d9bd98cfbeae42de2511c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55516
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70050
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 03:51:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 18:35:00 GMT

GET
H2 200 Notice.d64a5.css
cdn.privacy-mgmt.com/ Frame 8FF3 33 KB
6 KB 56ms
55ms Stylesheet
text/css 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.privacy-mgmt.com/Notice.d64a5.css
Requested by: Host: cdn.privacy-mgmt.com
URL: https://cdn.privacy-mgmt.com/index.html?message_id=718122&consentUUID=null&requestUUID=1155df93-7ad1-497a-90f5-a221953f7d91&preload_message=true&hasCsp=true&version=v1&consentLanguage=en
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-102.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ec52c92bd844889ac4997fe38fbfd0ac09c4111738ca64b5e873662a674e207d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cdn.privacy-mgmt.com/index.html?message_id=718122&consentUUID=null&requestUUID=1155df93-7ad1-497a-90f5-a221953f7d91&preload_message=true&hasCsp=true&version=v1&consentLanguage=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 09:43:18 GMT
content-encoding: gzip
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
last-modified: Thu, 19 Jan 2023 15:53:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 1019
etag: W/"d5e39d14d13451fd5020ca1442920af1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=3600
x-amz-cf-id: _qlM6Ch82dfsAOAHujefRyEkglfvE8DzLrpBO_TLYfmwVWrkpVSKBA==

GET
H2 200 polyfills.d36c5.js Show response
cdn.privacy-mgmt.com/ Frame 8FF3 5 KB
2 KB 57ms
56ms Script
application/javascript 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.privacy-mgmt.com/polyfills.d36c5.js
Requested by: Host: cdn.privacy-mgmt.com
URL: https://cdn.privacy-mgmt.com/index.html?message_id=718122&consentUUID=null&requestUUID=1155df93-7ad1-497a-90f5-a221953f7d91&preload_message=true&hasCsp=true&version=v1&consentLanguage=en
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-102.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 533b23c57b1770cc3ee9c15b998b2eb494fa0adb2d6929fd22a9b78adfade3a7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cdn.privacy-mgmt.com/index.html?message_id=718122&consentUUID=null&requestUUID=1155df93-7ad1-497a-90f5-a221953f7d91&preload_message=true&hasCsp=true&version=v1&consentLanguage=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 09:19:01 GMT
content-encoding: gzip
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
last-modified: Thu, 19 Jan 2023 15:53:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 2476
etag: W/"89661b8fd918815bcb224bba79cabab1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: pgncK81ZFKd3WYlu9cOw7CKx-mYgGrS-Qv0oeaCVetFnE-pLLHHp0g==

GET
H2 200 Notice.38fc9.js Show response
cdn.privacy-mgmt.com/ Frame 8FF3 261 KB
69 KB 63ms
63ms Script
application/javascript 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.privacy-mgmt.com/Notice.38fc9.js
Requested by: Host: cdn.privacy-mgmt.com
URL: https://cdn.privacy-mgmt.com/index.html?message_id=718122&consentUUID=null&requestUUID=1155df93-7ad1-497a-90f5-a221953f7d91&preload_message=true&hasCsp=true&version=v1&consentLanguage=en
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-102.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a7b97147d39d2583a88140e6aa19b6c862eddc289261686d51f1fd9e45f87d8f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cdn.privacy-mgmt.com/index.html?message_id=718122&consentUUID=null&requestUUID=1155df93-7ad1-497a-90f5-a221953f7d91&preload_message=true&hasCsp=true&version=v1&consentLanguage=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 09:31:56 GMT
content-encoding: gzip
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
last-modified: Thu, 19 Jan 2023 15:53:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 1701
etag: W/"616a682f1967dc6d6ea6304242f94325"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: qdvIjTIV35Abu1_MdFy2i2fCKmN4vVUOS7TWaSyQWXK5py1oCBDIyw==

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ Frame E526 107 KB
34 KB 88ms
87ms Script
application/x-javascript 2a02:26f0:11a:391::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a:391::268b Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 06639d033d7cf998bac4c166c2040102efc566e743de92c2d7b932dee909e3c7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cdn.cxense.com/sp1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 10:00:16 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 Jan 2023 05:10:31 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 34709
Expires: Thu, 02 Feb 2023 11:00:16 GMT

GET
H2 200 061721ransomware_960x540.jpg
m.wsj.net/video/20210617/061721ransomware/ 130 KB
130 KB 654ms
519ms Image
image/jpeg 13.227.219.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.wsj.net/video/20210617/061721ransomware/061721ransomware_960x540.jpg
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-41.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1604cc7a8efc66831d1234b8f1bd9e146a66cb5fdca09b6c3ed688a49976c25e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:18 GMT
via: 1.1 46293c8f7848e2378b777a1f48183614.cloudfront.net (CloudFront)
last-modified: Thu, 17 Jun 2021 04:08:13 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
etag: "3502c5939936e13d8d9e6e45a77f5d5c"
x-cache: Miss from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 133080
x-amz-cf-id: uT7PxWO1-k1UJ9GJ26Qikr_-_MTmxDbwlpwzh3l1imrwHtxa0_w0xQ==

GET
H/1.1 200
OK hls.f3437138246b4ef7ecdb.min.js Show response
video-api.wsj.com/api-video/player/v3/js/ 377 KB
96 KB 56ms
56ms Script
application/javascript 13.227.219.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://video-api.wsj.com/api-video/player/v3/js/hls.f3437138246b4ef7ecdb.min.js

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.28 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-28.ams54.r.cloudfront.net

Software

CloudFront /

Resource Hash

06cdc8d9c77c2d7c5c1106e42e923a6c9a448cbf416b5f6364c369aa8723e8c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: DKQ.tWpyMfb8FHY5sO.u3Exwxs_b0Cgd
Content-Encoding: br
X-Content-Type-Options: nosniff
Date: Thu, 02 Feb 2023 09:35:34 GMT
Via: 1.1 2e0227ef3f0af98f7b4e1f8452f59f84.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
Age: 1491
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 01 Dec 2022 16:38:00 GMT
Server: CloudFront
ETag: W/"4c9d377694ddcddbbfe88a1048c0d667"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3600
X-Amz-Cf-Id: qp249X0xDT-W-vbw6CyzQZw-58Ig-hCXdwr2vSO2lHgRflNKOKZEyg==

GET
H2 200 thumbstrip.jpg
m.wsj.net/video/20210617/061721ransomware/ 299 KB
300 KB 509ms
509ms Image
image/jpeg 13.227.219.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.wsj.net/video/20210617/061721ransomware/thumbstrip.jpg
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-41.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 28cdcc48f0cc711a01fe35c625de83ca52211297b433f9f2792b1e5b55ef597b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:18 GMT
via: 1.1 46293c8f7848e2378b777a1f48183614.cloudfront.net (CloudFront)
last-modified: Thu, 17 Jun 2021 04:18:11 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
etag: "e3d092fac95e475c66f7c28b7105918c"
x-cache: Miss from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 306571
x-amz-cf-id: A5B8H6-svkjelFLmm8G7cLpP_RYiGqYa7l6aJkTbGnlrR2bAr5PJFg==

GET
H/1.1 200
OK p1.js Show response
p1cluster.cxense.com/ Frame E526 47 B
637 B 200ms
55ms Script
text/javascript 147.75.83.64
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://p1cluster.cxense.com/p1.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.83.64 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: 17853685296330913ac7fbb7ccf27d448f4d89922d7a8a03fdc712fb5ad8e965

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:17 GMT
last-modified: Tue, 02 Aug 2022 10:00:17 GMT
server: Jetty(9.4.28.v20200408)
etag: 2ky3009ihvzul12uhtimz3w3kj
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: text/javascript;charset=utf-8
cache-control: private, proxy-revalidate
content-length: 47
expires: Fri, 02 Feb 2024 10:00:17 GMT

GET
H2 200 m=byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,ws9Tlc,fKUV3e,aurFic,U0aPgd,LEikZe,NwH0H,OmgaI,gychg,EEDORb,Mlhmy,zG9H6c,ZfAoz,kWgXee,ovKuLd,yDVVkb,KG2eXe,DfBslb Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.F9IbdYg1O6o.L... Frame 37F0 124 KB
42 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.F9IbdYg1O6o.L.B1.O/am=OgMABA/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI7_BEwwy72UYKaPSElA7OZzAkjOxg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/m=byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,ws9Tlc,fKUV3e,aurFic,U0aPgd,LEikZe,NwH0H,OmgaI,gychg,EEDORb,Mlhmy,zG9H6c,ZfAoz,kWgXee,ovKuLd,yDVVkb,KG2eXe,DfBslb

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/am=OgMABA/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/rs=ABXTjI69BvY7szh0OL5cArnIK-typLJpTQ/m=_b,_tp,_r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

974b3d30f00aeabc802bc8fe120efe2de9a8b029b6299591c9d2ab8d4350c23b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54597
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42679
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 00:36:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 18:50:20 GMT

GET
H2 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.F9IbdYg1O6o.L... Frame 37F0 17 KB
7 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.F9IbdYg1O6o.L.B1.O/am=OgMABA/d=1/exm=COQbmf,DfBslb,EEDORb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,ZfAoz,_b,_r,_tp,aurFic,byfTOb,fKUV3e,gychg,kWgXee,lsjVmc,ovKuLd,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI7_BEwwy72UYKaPSElA7OZzAkjOxg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ea25b3756b3e97a98da0d6949c6c7881a161acb9962b9229deea1d0395f9b86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54597
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7308
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 00:36:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 18:50:20 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=CB68E4BA55144CAA0A4C98A5%40AdobeOrg&d_nsid=0&ts=1675332017053
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=CB68E4BA55144CAA0A4C98A5%40AdobeOrg&d_nsid=0&ts=1675332017053

367 B
1 KB

60ms
60ms

XHR
application/json

54.216.3.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=CB68E4BA55144CAA0A4C98A5%40AdobeOrg&d_nsid=0&ts=1675332017053

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Server

54.216.3.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-216-3-241.eu-west-1.compute.amazonaws.com

Software

Resource Hash

a6061179dfc013703fabbe3ff7ae3cf5f95e531740c2b1a200ad44138a04607f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-061dae83e.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: VewZi1plRig=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.wsj.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 308
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v045-0314701ba.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: yRov0eOlTag=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.wsj.com
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=CB68E4BA55144CAA0A4C98A5%40AdobeOrg&d_nsid=0&ts=1675332017053
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 categories Show response
cdn.privacy-mgmt.com/consent/tcfv2/vendor-list/ Frame 8FF3 3 KB
1 KB 54ms
54ms Fetch
application/json 99.86.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.privacy-mgmt.com/consent/tcfv2/vendor-list/categories?siteId=3634&consentLanguage=en

Requested by

Host: cdn.privacy-mgmt.com
URL: https://cdn.privacy-mgmt.com/Notice.38fc9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.102 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-102.fra6.r.cloudfront.net

Software

Resource Hash

dc4b2d1a866748cb7f12771941d55b63f9dad9bad683d916dc7965f0eb62a880

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cdn.privacy-mgmt.com/index.html?message_id=718122&consentUUID=null&requestUUID=1155df93-7ad1-497a-90f5-a221953f7d91&preload_message=true&hasCsp=true&version=v1&consentLanguage=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 09:03:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 3393
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=0, s-maxage=3600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
x-amz-cf-id: y8aw24x5VKHtcl2pPXECsSR817-uC6vlVGq4x2zxdj9YU569fsJBQw==

GET
H/1.1 200
OK 806.a58815ffa5b579546097.min.js Show response
video-api.wsj.com/api-video/audio/js/chunks/ 114 KB
37 KB 52ms
52ms Script
application/javascript 13.227.219.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://video-api.wsj.com/api-video/audio/js/chunks/806.a58815ffa5b579546097.min.js

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.28 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-28.ams54.r.cloudfront.net

Software

CloudFront /

Resource Hash

86395c2c4bb7064d07c64bd165901de2fbbb1b72ffa5057e09a40dda39796dc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 27 Dec 2022 09:46:55 GMT
x-amz-version-id: cYmTEZrhtlgT7bk3ajE9fHQiTXAh4sAb
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Via: 1.1 2e0227ef3f0af98f7b4e1f8452f59f84.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
Age: 3197603
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 07 Dec 2022 23:43:55 GMT
Server: CloudFront
ETag: W/"d01422887acd63bd9daf781796f75622"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=31536000, immutable
X-Amz-Cf-Id: S5l9c6qSJalkE-zQ84EvzXqqWQ8iioI08Xgcs__mHox4zYKUTaTO2g==

GET
H2 200 find-all-videos Show response
video-api.shdsvc.dowjones.io/api/legacy/ 27 B
399 B 249ms
248ms Fetch
application/json 2600:9000:211a:5c00:6:60db:a3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video-api.shdsvc.dowjones.io/api/legacy/find-all-videos?type=read-to-me&query=SB10167101553910484438504588294342540938644&fields=adZone,allthingsd-section,allthingsd-subsection,audioURL,audioURLPanoply,author,body,column,description,doctypeID,duration,episodeNumber,formattedCreationDate,guid,keywords,linkURL,name,omniPublishDate,omniVideoFormat,playbackSite,podcastName,podcastSubscribeLinks,podcastUrl,sm-section,sm-subsection,thumbnailImageManager,thumbnailList,titletag,type,wsj-section,wsj-subsection
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:5c00:6:60db:a3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: b2168a18421e92dd6685e65393a9c1207d604ce71219eec19f0a5f947d30a573

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:17 GMT
content-encoding: gzip
via: 1.1 9a66d849010281b3877fd5f66dbb4720.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-powered-by: Express
etag: W/"1b-3crkFHIyP68LCypBO7tEUSDhMwo"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=60
x-amz-cf-id: 97TR5Lt_AbGYl4uKXVTgNDuXZXMBPCQgZtPMdXT-jWG_KDsPcAjKUw==

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 367 KB
123 KB 327ms
133ms Script
text/javascript 2a00:1450:400d:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2864bf3ca82a5e7f9cc6e96e40dc32665faea6bb959d04686ba2155ccba3c29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 125826
x-xss-protection: 0
expires: Thu, 02 Feb 2023 10:00:17 GMT

GET
H/1.1 200
OK data Show response
api.cxense.com/public/widget/ 15 KB
4 KB 186ms
68ms Script
text/javascript 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/public/widget/data?json=%7B%22context%22%3A%7B%22referrer%22%3A%22%22%2C%22categories%22%3A%7B%22subscriber%22%3A%22nonsubscriber%22%2C%22edition%22%3A%22naus%22%2C%22pwcampaign%22%3A%2254325%22%2C%22bucket%22%3A%226%22%2C%22testgroup%22%3A%2273%22%7D%2C%22parameters%22%3A%5B%7B%22key%22%3A%22subscriber%22%2C%22value%22%3A%22nonsubscriber%22%7D%2C%7B%22key%22%3A%22edition%22%2C%22value%22%3A%22naus%22%7D%2C%7B%22key%22%3A%22pwcampaign%22%2C%22value%22%3A%2254325%22%7D%2C%7B%22key%22%3A%22bucket%22%2C%22value%22%3A%226%22%7D%2C%7B%22key%22%3A%22userState%22%2C%22value%22%3A%22anon%22%7D%2C%7B%22key%22%3A%22ver%22%2C%22value%22%3A%22test%22%7D%2C%7B%22key%22%3A%22testGroup%22%2C%22value%22%3A%2273%22%7D%2C%7B%22key%22%3A%22topDomain%22%2C%22value%22%3A%22wsj.com%22%7D%2C%7B%22key%22%3A%22pwTag%22%2C%22value%22%3A%22default%22%7D%2C%7B%22key%22%3A%22pwPlacement%22%2C%22value%22%3A%22cx-pro-scrim%22%7D%2C%7B%22key%22%3A%22pwCampaign%22%2C%22value%22%3A%2254325%22%7D%2C%7B%22key%22%3A%22pwType%22%2C%22value%22%3A%22free%22%7D%2C%7B%22key%22%3A%22type%22%2C%22value%22%3A%22Pro%20Cyber%20News%22%7D%2C%7B%22key%22%3A%22template%22%2C%22value%22%3A%22full%22%7D%2C%7B%22key%22%3A%22access%22%2C%22value%22%3A%22paid%22%7D%2C%7B%22key%22%3A%22section%22%2C%22value%22%3A%22WSJ%20Pro%22%7D%2C%7B%22key%22%3A%22subsection%22%2C%22value%22%3A%22Pro%20Cyber%22%7D%2C%7B%22key%22%3A%22cms_name%22%2C%22value%22%3A%22METHODE%22%7D%2C%7B%22key%22%3A%22vix%22%2C%22value%22%3A%22%22%7D%2C%7B%22key%22%3A%22ab_bucket%22%2C%22value%22%3A%2296%22%7D%2C%7B%22key%22%3A%22pageContentTypeDetai%22%2C%22value%22%3A%22article%22%7D%2C%7B%22key%22%3A%22pageSiteProduct%22%2C%22value%22%3A%22WSJ%22%7D%2C%7B%22key%22%3A%22testgroup%22%2C%22value%22%3A%2273%22%7D%5D%2C%22autoRefresh%22%3Afalse%2C%22url%22%3A%22https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406%22%7D%2C%22widgetId%22%3A%22fdffeaef25759d5a4b278e2b045241d7cc93fb7c%22%2C%22user%22%3A%7B%22ids%22%3A%7B%22usi%22%3A%22ldmxfd4919mrv3ah%22%7D%7D%2C%22prnd%22%3A%22ldmxfbwd17oh6dp6%22%7D&media=javascript&sid=9222318613852486900&widgetId=fdffeaef25759d5a4b278e2b045241d7cc93fb7c&resizeToContentSize=true&useSecureUrls=true&usi=ldmxfd4919mrv3ah&rnd=870306242&prnd=ldmxfbwd17oh6dp6&tzo=0&callback=cXJsonpCB1

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

bbc3640f31c372da68e5029c1f775715e681fdd327c4c77dc0ec04918b2bba6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Feb 2023 10:00:17 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
server: Jetty(9.4.28.v20200408)
content-type: text/javascript;charset=utf-8
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-length: 3509
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK data Show response
api.cxense.com/public/widget/ 6 KB
2 KB 177ms
61ms Script
text/javascript 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/public/widget/data?json=%7B%22context%22%3A%7B%22referrer%22%3A%22%22%2C%22categories%22%3A%7B%22subscriber%22%3A%22nonsubscriber%22%2C%22edition%22%3A%22naus%22%2C%22pwcampaign%22%3A%2254325%22%2C%22bucket%22%3A%226%22%2C%22testgroup%22%3A%2273%22%7D%2C%22parameters%22%3A%5B%7B%22key%22%3A%22subscriber%22%2C%22value%22%3A%22nonsubscriber%22%7D%2C%7B%22key%22%3A%22edition%22%2C%22value%22%3A%22naus%22%7D%2C%7B%22key%22%3A%22pwcampaign%22%2C%22value%22%3A%2254325%22%7D%2C%7B%22key%22%3A%22bucket%22%2C%22value%22%3A%226%22%7D%2C%7B%22key%22%3A%22userState%22%2C%22value%22%3A%22anon%22%7D%2C%7B%22key%22%3A%22ver%22%2C%22value%22%3A%22test%22%7D%2C%7B%22key%22%3A%22testGroup%22%2C%22value%22%3A%2273%22%7D%2C%7B%22key%22%3A%22topDomain%22%2C%22value%22%3A%22wsj.com%22%7D%2C%7B%22key%22%3A%22pwTag%22%2C%22value%22%3A%22default%22%7D%2C%7B%22key%22%3A%22pwPlacement%22%2C%22value%22%3A%22cx-pro-scrim%22%7D%2C%7B%22key%22%3A%22pwCampaign%22%2C%22value%22%3A%2254325%22%7D%2C%7B%22key%22%3A%22pwType%22%2C%22value%22%3A%22free%22%7D%2C%7B%22key%22%3A%22type%22%2C%22value%22%3A%22Pro%20Cyber%20News%22%7D%2C%7B%22key%22%3A%22template%22%2C%22value%22%3A%22full%22%7D%2C%7B%22key%22%3A%22access%22%2C%22value%22%3A%22paid%22%7D%2C%7B%22key%22%3A%22section%22%2C%22value%22%3A%22WSJ%20Pro%22%7D%2C%7B%22key%22%3A%22subsection%22%2C%22value%22%3A%22Pro%20Cyber%22%7D%2C%7B%22key%22%3A%22cms_name%22%2C%22value%22%3A%22METHODE%22%7D%2C%7B%22key%22%3A%22vix%22%2C%22value%22%3A%22%22%7D%2C%7B%22key%22%3A%22ab_bucket%22%2C%22value%22%3A%2296%22%7D%2C%7B%22key%22%3A%22pageContentTypeDetai%22%2C%22value%22%3A%22article%22%7D%2C%7B%22key%22%3A%22pageSiteProduct%22%2C%22value%22%3A%22WSJ%22%7D%2C%7B%22key%22%3A%22testgroup%22%2C%22value%22%3A%2273%22%7D%5D%2C%22autoRefresh%22%3Afalse%2C%22url%22%3A%22https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406%22%7D%2C%22widgetId%22%3A%222a15f91fb0031a6eb0b15bd05b36bc23765bd090%22%2C%22user%22%3A%7B%22ids%22%3A%7B%22usi%22%3A%22ldmxfd4919mrv3ah%22%7D%7D%2C%22prnd%22%3A%22ldmxfbwd17oh6dp6%22%7D&media=javascript&sid=9222318613852486900&widgetId=2a15f91fb0031a6eb0b15bd05b36bc23765bd090&resizeToContentSize=true&useSecureUrls=true&usi=ldmxfd4919mrv3ah&rnd=1762871623&prnd=ldmxfbwd17oh6dp6&tzo=0&callback=cXJsonpCB2

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

7f9ba21def67e5276755455872ad16ba43438df0ca9b9d0a5586b9c726846d62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Feb 2023 10:00:17 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
server: Jetty(9.4.28.v20200408)
content-type: text/javascript;charset=utf-8
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-length: 1667
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK data Show response
api.cxense.com/public/widget/ 21 KB
6 KB 217ms
103ms Script
text/javascript 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/public/widget/data?json=%7B%22context%22%3A%7B%22referrer%22%3A%22%22%2C%22categories%22%3A%7B%22subscriber%22%3A%22nonsubscriber%22%2C%22edition%22%3A%22naus%22%2C%22pwcampaign%22%3A%2254325%22%2C%22bucket%22%3A%226%22%2C%22testgroup%22%3A%2273%22%7D%2C%22parameters%22%3A%5B%7B%22key%22%3A%22subscriber%22%2C%22value%22%3A%22nonsubscriber%22%7D%2C%7B%22key%22%3A%22edition%22%2C%22value%22%3A%22naus%22%7D%2C%7B%22key%22%3A%22pwcampaign%22%2C%22value%22%3A%2254325%22%7D%2C%7B%22key%22%3A%22bucket%22%2C%22value%22%3A%226%22%7D%2C%7B%22key%22%3A%22userState%22%2C%22value%22%3A%22anon%22%7D%2C%7B%22key%22%3A%22ver%22%2C%22value%22%3A%22test%22%7D%2C%7B%22key%22%3A%22testGroup%22%2C%22value%22%3A%2273%22%7D%2C%7B%22key%22%3A%22topDomain%22%2C%22value%22%3A%22wsj.com%22%7D%2C%7B%22key%22%3A%22pwTag%22%2C%22value%22%3A%22default%22%7D%2C%7B%22key%22%3A%22pwPlacement%22%2C%22value%22%3A%22cx-pro-scrim%22%7D%2C%7B%22key%22%3A%22pwCampaign%22%2C%22value%22%3A%2254325%22%7D%2C%7B%22key%22%3A%22pwType%22%2C%22value%22%3A%22free%22%7D%2C%7B%22key%22%3A%22type%22%2C%22value%22%3A%22Pro%20Cyber%20News%22%7D%2C%7B%22key%22%3A%22template%22%2C%22value%22%3A%22full%22%7D%2C%7B%22key%22%3A%22access%22%2C%22value%22%3A%22paid%22%7D%2C%7B%22key%22%3A%22section%22%2C%22value%22%3A%22WSJ%20Pro%22%7D%2C%7B%22key%22%3A%22subsection%22%2C%22value%22%3A%22Pro%20Cyber%22%7D%2C%7B%22key%22%3A%22cms_name%22%2C%22value%22%3A%22METHODE%22%7D%2C%7B%22key%22%3A%22vix%22%2C%22value%22%3A%22%22%7D%2C%7B%22key%22%3A%22ab_bucket%22%2C%22value%22%3A%2296%22%7D%2C%7B%22key%22%3A%22pageContentTypeDetai%22%2C%22value%22%3A%22article%22%7D%2C%7B%22key%22%3A%22pageSiteProduct%22%2C%22value%22%3A%22WSJ%22%7D%2C%7B%22key%22%3A%22testgroup%22%2C%22value%22%3A%2273%22%7D%5D%2C%22autoRefresh%22%3Afalse%2C%22url%22%3A%22https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406%22%7D%2C%22widgetId%22%3A%222de24eadb5f96a9436a375f0d2087dac83093d90%22%2C%22user%22%3A%7B%22ids%22%3A%7B%22usi%22%3A%22ldmxfd4919mrv3ah%22%7D%7D%2C%22prnd%22%3A%22ldmxfbwd17oh6dp6%22%7D&media=javascript&sid=9222318613852486900&widgetId=2de24eadb5f96a9436a375f0d2087dac83093d90&resizeToContentSize=true&useSecureUrls=true&usi=ldmxfd4919mrv3ah&rnd=1679296823&prnd=ldmxfbwd17oh6dp6&tzo=0&callback=cXJsonpCB3

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

870eb541de2e4736c4337c3ab8d34fbaa2617d993979cefd5f7c5d79d08e501d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Feb 2023 10:00:17 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
server: Jetty(9.4.28.v20200408)
content-type: text/javascript;charset=utf-8
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-length: 5882
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK data Show response
api.cxense.com/public/widget/ 2 KB
1 KB 177ms
66ms Script
text/javascript 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/public/widget/data?json=%7B%22context%22%3A%7B%22referrer%22%3A%22%22%2C%22categories%22%3A%7B%22subscriber%22%3A%22nonsubscriber%22%2C%22edition%22%3A%22naus%22%2C%22pwcampaign%22%3A%2254325%22%2C%22bucket%22%3A%226%22%2C%22testgroup%22%3A%2273%22%7D%2C%22parameters%22%3A%5B%7B%22key%22%3A%22subscriber%22%2C%22value%22%3A%22nonsubscriber%22%7D%2C%7B%22key%22%3A%22edition%22%2C%22value%22%3A%22naus%22%7D%2C%7B%22key%22%3A%22pwcampaign%22%2C%22value%22%3A%2254325%22%7D%2C%7B%22key%22%3A%22bucket%22%2C%22value%22%3A%226%22%7D%2C%7B%22key%22%3A%22userState%22%2C%22value%22%3A%22anon%22%7D%2C%7B%22key%22%3A%22ver%22%2C%22value%22%3A%22test%22%7D%2C%7B%22key%22%3A%22testGroup%22%2C%22value%22%3A%2273%22%7D%2C%7B%22key%22%3A%22topDomain%22%2C%22value%22%3A%22wsj.com%22%7D%2C%7B%22key%22%3A%22pwTag%22%2C%22value%22%3A%22default%22%7D%2C%7B%22key%22%3A%22pwPlacement%22%2C%22value%22%3A%22cx-pro-scrim%22%7D%2C%7B%22key%22%3A%22pwCampaign%22%2C%22value%22%3A%2254325%22%7D%2C%7B%22key%22%3A%22pwType%22%2C%22value%22%3A%22free%22%7D%2C%7B%22key%22%3A%22type%22%2C%22value%22%3A%22Pro%20Cyber%20News%22%7D%2C%7B%22key%22%3A%22template%22%2C%22value%22%3A%22full%22%7D%2C%7B%22key%22%3A%22access%22%2C%22value%22%3A%22paid%22%7D%2C%7B%22key%22%3A%22section%22%2C%22value%22%3A%22WSJ%20Pro%22%7D%2C%7B%22key%22%3A%22subsection%22%2C%22value%22%3A%22Pro%20Cyber%22%7D%2C%7B%22key%22%3A%22cms_name%22%2C%22value%22%3A%22METHODE%22%7D%2C%7B%22key%22%3A%22vix%22%2C%22value%22%3A%22%22%7D%2C%7B%22key%22%3A%22ab_bucket%22%2C%22value%22%3A%2296%22%7D%2C%7B%22key%22%3A%22pageContentTypeDetai%22%2C%22value%22%3A%22article%22%7D%2C%7B%22key%22%3A%22pageSiteProduct%22%2C%22value%22%3A%22WSJ%22%7D%2C%7B%22key%22%3A%22testgroup%22%2C%22value%22%3A%2273%22%7D%5D%2C%22autoRefresh%22%3Afalse%2C%22url%22%3A%22https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406%22%7D%2C%22widgetId%22%3A%22cd6dfe5cad0e11d2b5b32bf63b7776a73af93c00%22%2C%22user%22%3A%7B%22ids%22%3A%7B%22usi%22%3A%22ldmxfd4919mrv3ah%22%7D%7D%2C%22prnd%22%3A%22ldmxfbwd17oh6dp6%22%7D&media=javascript&sid=9222318613852486900&widgetId=cd6dfe5cad0e11d2b5b32bf63b7776a73af93c00&resizeToContentSize=true&useSecureUrls=true&usi=ldmxfd4919mrv3ah&rnd=121875785&prnd=ldmxfbwd17oh6dp6&tzo=0&callback=cXJsonpCB4

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

538ef190b86302e414dcc8be0b843b5e6b5fa8074d94b2704debadc3e87e70c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Feb 2023 10:00:17 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
server: Jetty(9.4.28.v20200408)
content-type: text/javascript;charset=utf-8
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-length: 784
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 manifest-hd-wifi.m3u8 Show response
m.wsj.net/video/20210617/061721ransomware/hls/ 2 KB
1010 B 598ms
496ms XHR
application/x-mpegurl 13.227.219.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://m.wsj.net/video/20210617/061721ransomware/hls/manifest-hd-wifi.m3u8
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-41.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b032d886830188ea3ef3720eea57f57c6285693e3af230477199248e1f62d0bb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:18 GMT
content-encoding: gzip
via: 1.1 5e95d2e6aebe43cabd9dcdad89ad0a42.cloudfront.net (CloudFront)
last-modified: Thu, 17 Jun 2021 04:17:55 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
etag: W/"2c5fbc024f7f11ce0abcd0696840db61"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: POST, GET, PUT, DELETE, HEAD
content-type: application/x-mpegURL
access-control-allow-origin: *
x-cache: Miss from cloudfront
access-control-expose-headers: ETag
x-amz-cf-id: LGbiVp_q1Ra0qui-Wy69G3bw2WppAqg5JBnyNb1bKxDyjX-0lIwUVg==

GET
H2 200 061721ransomware.en_US.vtt
m.wsj.net/video/20210617/061721ransomware/ 15 KB
15 KB 151ms
64ms TextTrack
text/vtt 13.227.219.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://m.wsj.net/video/20210617/061721ransomware/061721ransomware.en_US.vtt
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-41.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f8cd0337c878919cdb4e60a4c5821c746915e1d8e6a64dbe0de80bf4b0ccdbc9

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Origin: https://www.wsj.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 08:19:18 GMT
via: 1.1 5e95d2e6aebe43cabd9dcdad89ad0a42.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 6060
x-cache: Hit from cloudfront
content-length: 15127
last-modified: Thu, 17 Jun 2021 10:42:54 GMT
server: AmazonS3
etag: "9394836b5eb86cb6cae548fb5d0fba8a"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: POST, GET, PUT, DELETE, HEAD
content-type: text/vtt
access-control-allow-origin: *
access-control-expose-headers: ETag
accept-ranges: bytes
x-amz-cf-id: YMfisvmgEMKXKtLWD2n1P-XgrcX0_q9_csocluTq88VURwzSvoVIEQ==

GET
H2 200 wsj-logo.svg
s.wsj.net/img/meta/ Frame 8FF3 10 KB
10 KB 214ms
60ms Image
image/svg+xml 2600:9000:214f:3200:19:3d3:51c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.wsj.net/img/meta/wsj-logo.svg
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:3200:19:3d3:51c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5054a1af89cc72bcb7c086ce9fc4f8a6fc230b90b92c6dbf340bb25cd728a02c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cdn.privacy-mgmt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 23 Jan 2023 08:58:39 GMT
x-amz-version-id: hzPppwvr3FIBSh69YZ6YAken11m2wwUJ
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
last-modified: Sat, 31 Jul 2021 12:13:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 867699
etag: "15c521bde9426a80b2f9a04d9c540547"
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-replication-status: REPLICA
accept-ranges: bytes
content-length: 10225
x-amz-cf-id: 7FLX-RqCTL6ONUYPpeZ1ZTNdm7ClsZsc-JPSUfiVLwkOElrRXHE84Q==

GET
DATA 200
OK truncated
/ Frame 8FF3 62 KB
62 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b14684edc7a33025134268da451328fe23fd64c0ab1614a9811f47b3dbe944b4

Request headers

Referer
Origin: https://cdn.privacy-mgmt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ Frame 8FF3 62 KB
62 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f27f7b08cdba301dc4a18d86a6749ca5e133b70aa2fdc166327c8be7d9a30a37

Request headers

Referer
Origin: https://cdn.privacy-mgmt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
H3 200 m=bm51tf Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.F9IbdYg1O6o.L... Frame 37F0 1 KB
739 B 57ms
57ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.F9IbdYg1O6o.L.B1.O/am=OgMABA/d=1/exm=COQbmf,DfBslb,EEDORb,FCpbqb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,WhJNk,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,byfTOb,fKUV3e,gychg,hhhU8,kWgXee,lsjVmc,ovKuLd,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI7_BEwwy72UYKaPSElA7OZzAkjOxg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/m=bm51tf

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

680ac2087275c43683d86a9362271c56c2987257e82a78f9b520b00b26ee54c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:50:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54596
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 713
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 00:36:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 18:50:21 GMT

GET
H/1.1 200
OK rep.gif
comcluster.cxense.com/Repo/ Frame E526 43 B
465 B 169ms
57ms Image
image/gif 147.75.83.64
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://comcluster.cxense.com/Repo/rep.gif?ver=2.8.10&typ=pgv&rnd=ldmxfbwd17oh6dp6&sid=9222318613852486900&loc=https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406&new=1&arf=0&ltm=1675332016431&ref=&tzo=0&wsz=1600x1200&res=1600x1200&dpr=1&col=24&bln=en-US&chs=UTF-8&cks=ldmxfd7zifltnc98&ckp=ldmxfd4919mrv3ah&glb=&cp_userState=anon&cp_ver=test&cp_testGroup=73&cp_topDomain=wsj.com&cp_pwTag=default&cp_pwPlacement=cx-pro-scrim&cp_pwCampaign=54325&cp_pwType=free&cp_type=Pro%20Cyber%20News&cp_template=full&cp_access=paid&cp_section=WSJ%20Pro&cp_subsection=Pro%20Cyber&cp_cms_name=METHODE&cp_vix=&cp_subscriber=nonsubscriber&cp_edition=naus&cp_bucket=6&cp_ab_bucket=96&cp_pageContentTypeDetai=article&cp_pageSiteProduct=WSJ&cst=2ky3009ihvzul12uhtimz3w3kj
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.83.64 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date: Thu, 02 Feb 2023 10:00:17 GMT
server: Jetty(9.4.28.v20200408)
content-length: 43
content-type: image/gif

GET
H3 200 m=RqjULd Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.F9IbdYg1O6o.L... Frame 37F0 11 KB
4 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.F9IbdYg1O6o.L.B1.O/am=OgMABA/d=1/exm=COQbmf,DfBslb,EEDORb,FCpbqb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,WhJNk,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,bm51tf,byfTOb,fKUV3e,gychg,hhhU8,kWgXee,lsjVmc,ovKuLd,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI7_BEwwy72UYKaPSElA7OZzAkjOxg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/m=RqjULd

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e52d005fe814fca1692096727c3f9908bcdaa8bec58f867c229fcdbcb64e1adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:50:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54596
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4124
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 00:36:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 18:50:21 GMT

POST
H2 200 log Show response
play.google.com/ Frame 37F0 131 B
579 B 209ms
90ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 02 Feb 2023 10:00:17 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 02 Feb 2023 10:00:17 GMT

POST
H3 200 batchexecute Show response
news.google.com/swg/_/SubscribewithgoogleClientUi/data/ Frame 37F0 153 B
186 B 117ms
117ms XHR
application/json 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&source-path=%2Fswg%2Fui%2Fv1%2Fserviceiframe&f.sid=4877547834761504875&bl=boq_subscribewithgoogleclientserver_20230131.07_p0&hl=en-US&soc-app=673&soc-platform=1&soc-device=1&_reqid=36018&rt=c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2da5b5ed581f295ea206a0c99cbbfe5e5fbc113211f9506c59fea6694eb101a3

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Same-Domain: 1
Referer: https://news.google.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 02 Feb 2023 10:00:17 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
content-encoding: gzip
cross-origin-resource-policy: same-site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK id Show response
id.cxense.com/public/user/ 100 B
672 B 172ms
60ms Script
text/javascript 147.75.83.64
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://id.cxense.com/public/user/id?json=%7B%22identities%22%3A%5B%7B%22type%22%3A%22ckp%22%2C%22id%22%3A%22ldmxfd4919mrv3ah%22%7D%2C%7B%22type%22%3A%22lst%22%2C%22id%22%3A%222ky3009ihvzul12uhtimz3w3kj%22%7D%2C%7B%22type%22%3A%22cst%22%2C%22id%22%3A%222ky3009ihvzul12uhtimz3w3kj%22%7D%5D%2C%22siteId%22%3A%229222318613852486900%22%2C%22location%22%3A%22https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406%22%7D&callback=cXJsonpCB5

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.83.64 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

7c9fa159d8e255b9319dd41afd15aa362fe79b82853a4880106a4fc5c742982b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Feb 2023 10:00:17 GMT
x-content-type-options: nosniff
server: Jetty(9.4.28.v20200408)
content-type: text/javascript;charset=utf-8
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-length: 100
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 m=n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,O6y8ed,PrPYRd,MpJwZc,XVMNvd,L1AAkb,KUM7Z,s39S4,SdcwHb,aW3pY,pw70Gc,wmnU7d,Z5uLle,xQtZb,QIhFr,hc6Ubd,SpsfSb,MdUzUe,zbML3c Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.F9IbdYg1O6o.L... Frame 37F0 107 KB
36 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.LWw9RoN0c_U.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.F9IbdYg1O6o.L.B1.O/am=OgMABA/d=1/exm=COQbmf,DfBslb,EEDORb,FCpbqb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,RqjULd,U0aPgd,WhJNk,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,bm51tf,byfTOb,fKUV3e,gychg,hhhU8,kWgXee,lsjVmc,ovKuLd,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI7_BEwwy72UYKaPSElA7OZzAkjOxg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/m=n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,O6y8ed,PrPYRd,MpJwZc,XVMNvd,L1AAkb,KUM7Z,s39S4,SdcwHb,aW3pY,pw70Gc,wmnU7d,Z5uLle,xQtZb,QIhFr,hc6Ubd,SpsfSb,MdUzUe,zbML3c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b00d3b65c9268f309a774c73b9d986fd19efa34cdc4ddee8eddb7d0510aa29d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 18:50:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54596
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36605
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 00:36:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 18:50:21 GMT

GET
H/1.1 200
OK dest5.html Show response
dowjones.demdex.net/ Frame 1421 7 KB
3 KB 317ms
58ms Document
text/html 52.215.109.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dowjones.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.215.109.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-2-v045-027dff91d.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: FiGztltmRqI=
content-encoding: gzip
date: Thu, 2 Feb 2023 10:00:17 GMT
last-modified: Fri, 28 Oct 2022 13:34:31 GMT
vary: accept-encoding

GET
H2 200 id Show response
oms.dowjoneson.com/ 48 B
458 B 321ms
52ms XHR
application/x-javascript 15.236.117.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oms.dowjoneson.com/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=CB68E4BA55144CAA0A4C98A5%40AdobeOrg&mid=45233526439221874561324078436519534262&ts=1675332017392

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.117.205 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-117-205.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

fd6d34ae21753d7bb4e1c59de23570a40b493cb044fc3a3e5a351c0d0c83d082

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 02 Feb 2023 10:00:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://www.wsj.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Y9uJsQAAAI0MswOJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=45249182604141731521327860668428469654
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y9uJsQAAAI0MswOJ

42 B
942 B

59ms
58ms

Image
image/gif

54.216.3.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y9uJsQAAAI0MswOJ

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Server

54.216.3.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-216-3-241.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0687cfe76.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: K24Js5udQ8k=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y9uJsQAAAI0MswOJ
Date: Thu, 02 Feb 2023 10:00:17 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 log Show response
play.google.com/ Frame 37F0 131 B
273 B 70ms
62ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
X-Goog-AuthUser: 0
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 02 Feb 2023 10:00:17 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 02 Feb 2023 10:00:17 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 175ms
61ms Preflight
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://news.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://news.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Thu, 02 Feb 2023 10:00:17 GMT
expires: Thu, 02 Feb 2023 10:00:17 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 log Show response
play.google.com/ Frame 37F0 131 B
273 B 93ms
89ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
X-Goog-AuthUser: 0
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 02 Feb 2023 10:00:17 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 02 Feb 2023 10:00:17 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 176ms
63ms Preflight
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://news.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://news.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Thu, 02 Feb 2023 10:00:17 GMT
expires: Thu, 02 Feb 2023 10:00:17 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 log Show response
play.google.com/ Frame 37F0 131 B
273 B 65ms
62ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
X-Goog-AuthUser: 0
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 02 Feb 2023 10:00:17 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 02 Feb 2023 10:00:17 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 200ms
88ms Preflight
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://news.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://news.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Thu, 02 Feb 2023 10:00:17 GMT
expires: Thu, 02 Feb 2023 10:00:17 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 1864k.m3u8 Show response
m.wsj.net/video/20210617/061721ransomware/hls/1864k/ 2 KB
862 B 458ms
458ms XHR
application/x-mpegurl 13.227.219.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://m.wsj.net/video/20210617/061721ransomware/hls/1864k/1864k.m3u8
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-41.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1a5d8473db66db213f060066a11dee62d6d92e29679d49bc30d17d0452b77613

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:19 GMT
content-encoding: gzip
via: 1.1 5e95d2e6aebe43cabd9dcdad89ad0a42.cloudfront.net (CloudFront)
last-modified: Thu, 17 Jun 2021 04:17:18 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
etag: W/"4f8f21807bbc171d492738bc9ba2f515"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: POST, GET, PUT, DELETE, HEAD
content-type: application/x-mpegURL
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
access-control-expose-headers: ETag
x-amz-cf-id: C3mc3LEgiVc0oqqJzlXGWmYP07suBFvEuUfk1VL_nwo9rqZ8kgdbBQ==

GET
H2 200 859.95d4308d-1222.js Show response
js-agent.newrelic.com/ 7 KB
3 KB 163ms
53ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/859.95d4308d-1222.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1de1594a678d9dcbd8d9367a11fef1812376de4f23105c2a480609caeb88efec

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: GtNmis6Y3zB4SbtciuRtabFzp3T7wBIy
content-encoding: gzip
via: 1.1 varnish
date: Thu, 02 Feb 2023 10:00:17 GMT
x-amz-request-id: X6AK8AWC7Q9Y8P3E
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2975
x-amz-id-2: 5mHbyKDu6gd+S3Ef1LzRGXkE4qW6agHX89FUkVp/qMxLatSv6TLmb3xblfgeyiwO72W+lWbiox0=
x-served-by: cache-hhn-etou8220075-HHN
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
server: AmazonS3
x-timer: S1675332018.948317,VS0,VE0
etag: "b087387593417c0b63259918da3584e3"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 15843

GET
H2 200 negotiate Show response
wsjstream.wsj.net/bg2/signalr/ 303 B
573 B 395ms
120ms XHR
application/json 3.218.191.213
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://wsjstream.wsj.net/bg2/signalr/negotiate?clientProtocol=2.1&connectionData=%5B%7B%22name%22%3A%22mainhub%22%7D%5D&_=1675332017813

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.218.191.213 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-218-191-213.compute-1.amazonaws.com

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

dbc07a9c2245535b3fa81d8093fe32c39fbaad344075082b2a28d416ad08415d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 02 Feb 2023 10:00:18 GMT
x-content-type-options: nosniff
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.wsj.com
cache-control: no-cache
access-control-allow-credentials: true
expires: -1

GET
H/1.1 200
OK data Show response
api.cxense.com/public/widget/ 21 KB
6 KB 72ms
72ms Script
text/javascript 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/public/widget/data?json=%7B%22context%22%3A%7B%22referrer%22%3A%22%22%2C%22categories%22%3A%7B%22subscriber%22%3A%22nonsubscriber%22%2C%22edition%22%3A%22naus%22%2C%22pwcampaign%22%3A%2254325%22%2C%22bucket%22%3A%226%22%2C%22testgroup%22%3A%2273%22%7D%2C%22parameters%22%3A%5B%7B%22key%22%3A%22subscriber%22%2C%22value%22%3A%22nonsubscriber%22%7D%2C%7B%22key%22%3A%22edition%22%2C%22value%22%3A%22naus%22%7D%2C%7B%22key%22%3A%22pwcampaign%22%2C%22value%22%3A%2254325%22%7D%2C%7B%22key%22%3A%22bucket%22%2C%22value%22%3A%226%22%7D%2C%7B%22key%22%3A%22userState%22%2C%22value%22%3A%22anon%22%7D%2C%7B%22key%22%3A%22ver%22%2C%22value%22%3A%22test%22%7D%2C%7B%22key%22%3A%22testGroup%22%2C%22value%22%3A%2273%22%7D%2C%7B%22key%22%3A%22topDomain%22%2C%22value%22%3A%22wsj.com%22%7D%2C%7B%22key%22%3A%22pwTag%22%2C%22value%22%3A%22default%22%7D%2C%7B%22key%22%3A%22pwPlacement%22%2C%22value%22%3A%22cx-pro-scrim%22%7D%2C%7B%22key%22%3A%22pwCampaign%22%2C%22value%22%3A%2254325%22%7D%2C%7B%22key%22%3A%22pwType%22%2C%22value%22%3A%22free%22%7D%2C%7B%22key%22%3A%22type%22%2C%22value%22%3A%22Pro%20Cyber%20News%22%7D%2C%7B%22key%22%3A%22template%22%2C%22value%22%3A%22full%22%7D%2C%7B%22key%22%3A%22access%22%2C%22value%22%3A%22paid%22%7D%2C%7B%22key%22%3A%22section%22%2C%22value%22%3A%22WSJ%20Pro%22%7D%2C%7B%22key%22%3A%22subsection%22%2C%22value%22%3A%22Pro%20Cyber%22%7D%2C%7B%22key%22%3A%22cms_name%22%2C%22value%22%3A%22METHODE%22%7D%2C%7B%22key%22%3A%22vix%22%2C%22value%22%3A%22%22%7D%2C%7B%22key%22%3A%22ab_bucket%22%2C%22value%22%3A%2296%22%7D%2C%7B%22key%22%3A%22pageContentTypeDetai%22%2C%22value%22%3A%22article%22%7D%2C%7B%22key%22%3A%22pageSiteProduct%22%2C%22value%22%3A%22WSJ%22%7D%2C%7B%22key%22%3A%22testgroup%22%2C%22value%22%3A%2273%22%7D%2C%7B%22key%22%3A%22ctrlUrl1%22%2C%22value%22%3A%22https%3A%2F%2Fstore.wsj.com%2Fshop%2Femea%2Fwsjaoemea23%2F%3FinttrackingCode%3Daaqyhdia%26icid%3DWSJ_ON_ALL_ACQ_NA%26cx_campaign%3DWSJEMEAFSFY23%22%7D%5D%2C%22autoRefresh%22%3Afalse%2C%22url%22%3A%22https%3A%2F%2Fwww.wsj.com%2Farticles%2Finside-a-ransomware-hit-at-nordic-choice-hotels-11641983406%22%7D%2C%22widgetId%22%3A%222de24eadb5f96a9436a375f0d2087dac83093d90%22%2C%22user%22%3A%7B%22ids%22%3A%7B%22usi%22%3A%22ldmxfd4919mrv3ah%22%7D%7D%2C%22prnd%22%3A%22ldmxfbwd17oh6dp6%22%7D&media=javascript&sid=9222318613852486900&widgetId=2de24eadb5f96a9436a375f0d2087dac83093d90&resizeToContentSize=true&useSecureUrls=true&usi=ldmxfd4919mrv3ah&rnd=1564670445&prnd=ldmxfbwd17oh6dp6&tzo=0&callback=cXJsonpCB6

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

4bb353395c7e51ccbc2802be0f4abbdef052b073b5e65c5c323338b0ad1888cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Feb 2023 10:00:17 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
server: Jetty(9.4.28.v20200408)
content-type: text/javascript;charset=utf-8
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-length: 5878
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 569.95d4308d-1222.js Show response
js-agent.newrelic.com/ 7 KB
3 KB 54ms
53ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/569.95d4308d-1222.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5442d1b4e5503e7bf898d26807bda51d7bdbc22dd34f545d3c3cc91688f98021

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: umZj.yHws5JPiBHG1j096ELWHEKx7rh0
content-encoding: gzip
via: 1.1 varnish
date: Thu, 02 Feb 2023 10:00:18 GMT
x-amz-request-id: X6AW63K2AYCHZ61Z
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 3173
x-amz-id-2: zPBeDjqoNOF0vW3KonVLwrLlTFJ6YSnxZZR0n/aUc+PnMPazgMXa+ANscJqZtBQzfvcxqz8F7O4=
x-served-by: cache-hhn-etou8220075-HHN
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
server: AmazonS3
x-timer: S1675332018.006756,VS0,VE0
etag: "e97726ab932639fed09971b1d682788c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 15761

GET
H2 200 620.95d4308d-1222.js Show response
js-agent.newrelic.com/ 3 KB
2 KB 55ms
54ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/620.95d4308d-1222.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f30303e41262ed1ae693c03b4ebd0b8ef04eee3e46163bc5ae376e019905524b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: HYguQMwVKEHCmodKuQRUzW1qxlElK9Xr
content-encoding: gzip
via: 1.1 varnish
date: Thu, 02 Feb 2023 10:00:18 GMT
x-amz-request-id: X6ANT9Z6MJVES93R
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1342
x-amz-id-2: ywXfAxM+/fxlnGMBI+IArWs1qgbfzYMNPX4Di5NGnP/9YinOO3ejxRYMsF+oCFTxPuzUZAduzck=
x-served-by: cache-hhn-etou8220075-HHN
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
server: AmazonS3
x-timer: S1675332018.007209,VS0,VE0
etag: "ca9b029ff66dd9146273984d16e20abc"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 15736

GET
H2 200 457.95d4308d-1222.js Show response
js-agent.newrelic.com/ 5 KB
2 KB 54ms
54ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/457.95d4308d-1222.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f1c6499f6a30c6286a56fdf68659e09c40a44ca315ca91fe6a46bc953998dd2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: qROfxBD9CF8WXmbywdhvCmImuu9HvRNA
content-encoding: gzip
via: 1.1 varnish
date: Thu, 02 Feb 2023 10:00:18 GMT
x-amz-request-id: X6ANR5QVYZQK6PJ1
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1953
x-amz-id-2: 0eh8Kl041jSjF7a4U722DXKsU0j01X5TZ9nO1n54OCIbEcjH26MDwlQHrpZzUDHf8Ksft+CtAIw=
x-served-by: cache-hhn-etou8220075-HHN
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
server: AmazonS3
x-timer: S1675332018.008720,VS0,VE0
etag: "c16abc7fa2e34cbb7baf3e290120ad5a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 15775

GET
H2 200 41.95d4308d-1222.js Show response
js-agent.newrelic.com/ 828 B
827 B 56ms
53ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/41.95d4308d-1222.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 334dc34df8944a7cec9a7f00e250fac46113625e9a8c5dd176caf8bcef5bb676

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: 6FOFyXAonMoqJqLGEMhx7HWIp32cv4MT
content-encoding: gzip
via: 1.1 varnish
date: Thu, 02 Feb 2023 10:00:18 GMT
x-amz-request-id: X6AW4512YJS5JSZF
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 439
x-amz-id-2: zwFv/6mW8goJpmkGqwaiZJXE+6FVIVJZopQVtikdEWN1m3seT667BNmlB02sIzp6fpI0X/CjLZg=
x-served-by: cache-hhn-etou8220075-HHN
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
server: AmazonS3
x-timer: S1675332018.015439,VS0,VE0
etag: "29dd8aef66100e4c69e07fd60fc88b12"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 15999

GET
H2 200 244.95d4308d-1222.js Show response
js-agent.newrelic.com/ 7 KB
3 KB 57ms
54ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/244.95d4308d-1222.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 94d7e0d89806dad5b38503db570b3154cdfc886a6fca65cc0897bb4c2c18e648

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: wm7C04ehQ1WMJgMW5R_.Vg0x6NJINoji
content-encoding: gzip
via: 1.1 varnish
date: Thu, 02 Feb 2023 10:00:18 GMT
x-amz-request-id: X6AS60JHV2Q0MTR4
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2607
x-amz-id-2: HVXjHaN+M33RZUlsHQ8GyaU0aGJvRJsPBa+xBsW0UKYvauPzJ5aUV03guFr+8QIZLMLeNPGNgZs=
x-served-by: cache-hhn-etou8220075-HHN
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
server: AmazonS3
x-timer: S1675332018.015659,VS0,VE0
etag: "a24fd7e602a6b44ab4c03cab69c843c6"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 10813

GET
H2 200 736.95d4308d-1222.js Show response
js-agent.newrelic.com/ 5 KB
2 KB 56ms
54ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/736.95d4308d-1222.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 221b0e5f79285115e0fbcec94120508a341186223526a9553048046530818612

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: i.8rfLhEckzO44oBXwNAK9an0lbXu.5p
content-encoding: gzip
via: 1.1 varnish
date: Thu, 02 Feb 2023 10:00:18 GMT
x-amz-request-id: X6AJHCKVX6AE3G6Q
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2132
x-amz-id-2: sGTXvHDuEQIeY1BC9DenzhdJYxeWC8hfsX33fXTu8vg3yJ1vOmGuId8UVeY88SQZJatsIHf5JVs=
x-served-by: cache-hhn-etou8220075-HHN
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
server: AmazonS3
x-timer: S1675332018.015648,VS0,VE0
etag: "def1dc24974c16a4e78c08e349b92860"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 10823

GET
H2 200 142.95d4308d-1222.js Show response
js-agent.newrelic.com/ 2 KB
1 KB 66ms
65ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/142.95d4308d-1222.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b658136fadc6fc8c259f717c518f3b5c14fbdf90ea299d36387f9681e772b6ea

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: ed_.QNbbUDaLQJRSZtC0TghsoJcp2gVk
content-encoding: gzip
via: 1.1 varnish
date: Thu, 02 Feb 2023 10:00:18 GMT
x-amz-request-id: X6AG0XSWDEKY51BR
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 880
x-amz-id-2: agsp95hGOUvmce/yn/SOHbIjf3KA8riP44P65kRGZufo5BC8G2oWhTIPyes/xon8ccJc03pSo0g=
x-served-by: cache-hhn-etou8220075-HHN
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
server: AmazonS3
x-timer: S1675332018.016076,VS0,VE0
etag: "082c9f0a95ce6870ed4d9266fa0e41e5"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 10816

GET
H2 200 466.95d4308d-1222.js Show response
js-agent.newrelic.com/ 7 KB
3 KB 62ms
61ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/466.95d4308d-1222.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 65d385b4c059f3ff75a6c54cc09fe0fd32ea3a2487a11589285627684b7f7211

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: joCLqMlafBXUuB094SKQ5Jhlrbz7F.ON
content-encoding: gzip
via: 1.1 varnish
date: Thu, 02 Feb 2023 10:00:18 GMT
x-amz-request-id: X6AZYWJ4TZBP5633
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2760
x-amz-id-2: xqSUH6GykPTpN6+Kbp+REFdg4kuKhJfNnuaHnGdntehgpXFiqXacPKq0pegEpfk0O00HFS3uWqw=
x-served-by: cache-hhn-etou8220075-HHN
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
server: AmazonS3
x-timer: S1675332018.015982,VS0,VE0
etag: "2b339e4b3b0435de10496ee00de8446a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 10841

GET
H2 200 885.95d4308d-1222.js Show response
js-agent.newrelic.com/ 16 KB
6 KB 58ms
57ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/885.95d4308d-1222.js
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 93c7daa7232fea589edaf300f5ee521efa219138e047a7ae870dd74d9487f9ea

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: PKmhKUoshrjILDxYc6QEKM_sGJ.F4FNB
content-encoding: gzip
via: 1.1 varnish
date: Thu, 02 Feb 2023 10:00:18 GMT
x-amz-request-id: X6AS109MS5T3BT5R
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 5930
x-amz-id-2: oJxI57rL6/52Jt6EJRKNRDXoAgFvq1i9xyFPN5yfU0aivny2tUf8jRhGl6LeflKtXbl6aifkGKM=
x-served-by: cache-hhn-etou8220075-HHN
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
server: AmazonS3
x-timer: S1675332018.015968,VS0,VE0
etag: "fb9bb822463bccec4200657d3ae33dc0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 8518

GET
H/1.1 200
OK cd2b77ba49 Show response
bam.nr-data.net/1/ 49 B
523 B 300ms
160ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/cd2b77ba49?a=906054257&v=1222.PROD&to=ZwEAbRQCWEVVVBYPVl5LJ0EWEVNFR10RSX51ME0WBxFCX1dbBxUWCgUQTQ8AWlN9Uw%3D%3D&rst=4699&ck=0&s=19f55eff46a1a991&ref=https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406&ap=134.735243&be=1867&fe=2586&dc=619&tt=f78ff9fe00824105&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1675332013357,%22n%22:0,%22f%22:1161,%22dn%22:1161,%22dne%22:1201,%22c%22:1201,%22s%22:1268,%22ce%22:1346,%22rq%22:1346,%22rp%22:1719,%22rpe%22:1886,%22dl%22:1722,%22di%22:2485,%22ds%22:2486,%22de%22:2487,%22dc%22:4453,%22l%22:4454,%22le%22:4456%7D,%22navigation%22:%7B%7D%7D&fp=1924&fcp=1924&ja=%7B%22browserWidth%22:1600,%22uac-loaded%22:1982,%22apstag-loaded%22:2090,%22gpt-tagLoaded%22:2158,%22moat-loaded%22:2201,%22liveramp-loaded%22:2343,%22prebid-loaded%22:2398,%22apstag-firstBid%22:2539,%22playerLoadStart%22:2541,%22playerReady%22:3705,%22playerDisplayed%22:4303%7D&jsonp=NREUM.setToken
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Lake Oswego, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a83848cf5c3d96caefe490c19e41659609b3691dd4c531cf925016c084d8e1b0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 10:00:18 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
access-control-allow-credentials: true
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
CF-Ray: 79321439d8127480-LHR

GET
H2 200 1864k-00001.ts Show response
m.wsj.net/video/20210617/061721ransomware/hls/1864k/ 1 MB
1 MB 515ms
514ms XHR
video/mp2t 13.227.219.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://m.wsj.net/video/20210617/061721ransomware/hls/1864k/1864k-00001.ts
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-41.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bf8fc1b1c3f35ad43d96db9cb9cfe59bd741af807587e542d893f0ec32142e95

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:00:19 GMT
via: 1.1 5e95d2e6aebe43cabd9dcdad89ad0a42.cloudfront.net (CloudFront)
last-modified: Thu, 17 Jun 2021 04:17:16 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
etag: "814486b61e9cd8a3a8b9a21c999e493f"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: POST, GET, PUT, DELETE, HEAD
content-type: video/mp2t
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
access-control-expose-headers: ETag
accept-ranges: bytes
content-length: 1509828
x-amz-cf-id: 0ew2eChw6wPePVYXkKydDD9vnX49KnEigPaZ2Udz0cbAWKQ7EXZ2Yw==

POST
H/1.1 200
OK cd2b77ba49 Show response
bam.nr-data.net/resources/1/ 36 B
412 B 191ms
191ms XHR
text/plain 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/resources/1/cd2b77ba49?a=906054257&v=1222.PROD&to=ZwEAbRQCWEVVVBYPVl5LJ0EWEVNFR10RSX51ME0WBxFCX1dbBxUWCgUQTQ8AWlN9Uw%3D%3D&rst=5003&ck=0&s=19f55eff46a1a991&ref=https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406&st=1675332015224&ja=%7B%22browserWidth%22:1600,%22uac-loaded%22:1982,%22apstag-loaded%22:2090,%22gpt-tagLoaded%22:2158,%22moat-loaded%22:2201,%22liveramp-loaded%22:2343,%22prebid-loaded%22:2398,%22apstag-firstBid%22:2539,%22playerLoadStart%22:2541,%22playerReady%22:3705,%22playerDisplayed%22:4303%7D
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Lake Oswego, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e508e6b85c7529fa13cf4727de77625e955fffe78e955c32bc6780081a000f57

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
content-type: text/plain

Response headers

Date: Thu, 02 Feb 2023 10:00:18 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.wsj.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 7932143ae9657480-LHR
Content-Length: 36

POST
H/1.1 200
OK cd2b77ba49 Show response
bam.nr-data.net/events/1/ 24 B
399 B 262ms
174ms XHR
image/gif 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/cd2b77ba49?a=906054257&v=1222.PROD&to=ZwEAbRQCWEVVVBYPVl5LJ0EWEVNFR10RSX51ME0WBxFCX1dbBxUWCgUQTQ8AWlN9Uw%3D%3D&rst=5033&ck=0&s=19f55eff46a1a991&ref=https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Requested by: Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Lake Oswego, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
content-type: text/plain

Response headers

Date: Thu, 02 Feb 2023 10:00:18 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.wsj.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 7932143bab5d23d5-LHR
Content-Length: 24

GET
H2 200 start Show response
wsjstream.wsj.net/bg2/signalr/ 25 B
294 B 120ms
120ms XHR
application/json 3.218.191.213
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://wsjstream.wsj.net/bg2/signalr/start?transport=webSockets&clientProtocol=2.1&connectionToken=6197301f-fadf-4568-9738-f89a2f24d87f%3A&connectionData=%5B%7B%22name%22%3A%22mainhub%22%7D%5D&_=1675332018576

Requested by

Host: www.wsj.com
URL: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.218.191.213 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-218-191-213.compute-1.amazonaws.com

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

c50a0366bab0d95bd0dfbbf67ed889b5fd383ee7464a77660088c32e4ef91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 02 Feb 2023 10:00:18 GMT
x-content-type-options: nosniff
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.wsj.com
cache-control: no-cache
access-control-allow-credentials: true
expires: -1

GET
BLOB 200
OK c7b7da9b-6314-4916-9af9-6a89a567fbcb
https://www.wsj.com/ 91 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.wsj.com/c7b7da9b-6314-4916-9af9-6a89a567fbcb
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45e3e7269652f89ccd2448bb2a9d51367c65132d8e56f058db01a284a9e8e270

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Length: 93051
Content-Type: text/javascript

Verdicts & Comments Add Verdict or Comment

189 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.wsj.com/	1970-01-20 10:05:24	Name: wsjregion Value: na%2Cus
.wsj.com/	1969-12-31 23:59:59	Name: gdprApplies Value: true
.wsj.com/	1970-01-20 18:07:48	Name: ccpaApplies Value: false
.wsj.com/	1969-12-31 23:59:59	Name: vcdpaApplies Value: false
.wsj.com/	1969-12-31 23:59:59	Name: regulationApplies Value: gdpr%3Atrue%2Ccpra%3Afalse%2Cvcdpa%3Afalse
.wsj.com/	1970-01-20 18:58:12	Name: ab_uuid Value: ceab0e8f-a063-470e-bf72-befd9934bc60
.wsj.com/	1970-01-20 18:58:12	Name: usr_bkt Value: q85AaJVP78
.wsj.com/	1970-01-20 09:22:15	Name: usr_prof_v2 Value: eyJpYyI6MX0%3D
.wsj.com/	1970-01-20 18:07:48	Name: has_optimizely Value: true
.wsj.com/	1970-01-20 18:07:48	Name: dnsDisplayed Value: undefined
.wsj.com/	1970-01-20 18:07:48	Name: signedLspa Value: undefined
.wsj.com/	1970-01-20 18:07:48	Name: _sp_su Value: false
.wsj.com/	1970-01-20 18:51:00	Name: _pcid Value: %7B%22browserId%22%3A%22ldmxfd4919mrv3ah%22%7D
.wsj.com/	1970-01-20 18:51:00	Name: cX_P Value: ldmxfd4919mrv3ah
.wsj.com/	1970-01-20 18:51:00	Name: _pctx Value: %7Bu%7DN4IgrgzgpgThIC4B2YA2qA05owMoBcBDfSREQpAeyRCwgEt8oBJAEzIE4AmHgZgEYAHADZ%2BvQQFYuAFhEcADPJABfIA
.wsj.com/	1969-12-31 23:59:59	Name: cX_S Value: ldmxfd7zifltnc98
.demdex.net/	1970-01-20 13:41:24	Name: demdex Value: 45249182604141731521327860668428469654
.wsj.com/	1969-12-31 23:59:59	Name: AMCVS_CB68E4BA55144CAA0A4C98A5%40AdobeOrg Value: 1
.wsj.com/	1970-01-20 18:51:00	Name: cX_G Value: cx%3Amdlxr0d9vfwtbjlck06prv0%3A2anqjyj1s4vi2
.everesttech.net/	1970-01-20 18:07:48	Name: everest_g_v2 Value: g_surferid~Y9uJsQAAAI0MswOJ
.dpm.demdex.net/	1970-01-20 13:41:24	Name: dpm Value: 45249182604141731521327860668428469654
.wsj.com/	1970-01-20 18:58:12	Name: AMCV_CB68E4BA55144CAA0A4C98A5%40AdobeOrg Value: 1585540135%7CMCIDTS%7C19391%7CMCMID%7C45233526439221874561324078436519534262%7CMCAAMLH-1675936817%7C6%7CMCAAMB-1675936817%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1675339217s%7CNONE%7CMCSYNCSOP%7C411-19398%7CMCAID%7CNONE%7CvVersion%7C4.4.0
.cxense.com/	1970-01-20 18:07:48	Name: gckp Value: cx:mdlxr0d9vfwtbjlck06prv0:2anqjyj1s4vi2

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax-dtb-cf.amazon-adsystem.com
accounts.google.com
accounts.wsj.com
api.cxense.com
app.salesloft.com
asset.barrons.com
ats-wrapper.privacymanager.io
bam.nr-data.net
c.amazon-adsystem.com
cdn.cxense.com
cdn.privacy-mgmt.com
cdnjs.cloudflare.com
cm.everesttech.net
comcluster.cxense.com
dowjones.demdex.net
dpm.demdex.net
geo.moatads.com
id.cxense.com
images.wsj.net
imasdk.googleapis.com
js-agent.newrelic.com
m.wsj.net
mb.moatads.com
news.google.com
oms.dowjoneson.com
p1cluster.cxense.com
play.google.com
s.wsj.net
s3.amazonaws.com
securepubads.g.doubleclick.net
segment-data.zqtk.net
sl.cloudplatformonline.com
sts3.wsj.net
tagan.adlightning.com
us.tags.newscgp.com
video-api.shdsvc.dowjones.io
video-api.wsj.com
wsjstream.wsj.net
www.gstatic.com
www.wsj.com
z.moatads.com
13.227.219.105
13.227.219.28
13.227.219.41
13.32.110.36
13.32.27.119
13.32.28.197
13.42.74.150
147.75.83.64
147.75.85.120
15.236.117.205
151.101.194.137
162.247.241.14
23.35.237.151
2600:9000:206f:0:1a:635e:8fc0:93a1
2600:9000:211a:1600:f:5016:900:93a1
2600:9000:211a:5c00:6:60db:a3c0:93a1
2600:9000:211a:8800:3:4b0:de80:93a1
2600:9000:214f:3200:19:3d3:51c0:93a1
2600:9000:214f:bc00:e:b675:f600:93a1
2606:4700::6811:180e
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2003
2a00:1450:4001:82b::200e
2a00:1450:4001:830::200e
2a00:1450:400d:807::200a
2a00:1450:400d:80c::200d
2a02:26f0:11a:391::268b
3.124.93.199
3.218.191.213
34.241.144.75
52.215.109.101
52.216.205.125
52.54.44.30
54.216.3.241
54.229.62.148
63.33.156.146
65.9.66.17
99.86.3.236
99.86.4.102
002698cb316a124adaa0e64332ff5028aff5a87f9cadd049c2b9794ec53882e3
03fc9d8b1f7a378ac294ed96d860ab1573a1a1ff112b55592842fed86e7010a5
0499fcc1b696675f804771b4e29197007720a391cd265356eccae543c5b6afce
06639d033d7cf998bac4c166c2040102efc566e743de92c2d7b932dee909e3c7
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06cdc8d9c77c2d7c5c1106e42e923a6c9a448cbf416b5f6364c369aa8723e8c9
0bfda38967e02f468abcb39f9ee8c1a0eab48b2a2be819e76fd313c71e1cc94c
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d822017f60343257c897877615706808054cfbed8f53ccad98dcd26d2639aad
0f0e69410d1bbcc1438942d7500be3ade7f24b76c266c33caefe9a150a654d7c
1604cc7a8efc66831d1234b8f1bd9e146a66cb5fdca09b6c3ed688a49976c25e
16d567f01f02daf8501abad813698b8c947be6741cab03902742bb518ff6d031
1777af98bf43da9daa115ade572c973984469995f334fd3fbc253fcb1f210d72
17853685296330913ac7fbb7ccf27d448f4d89922d7a8a03fdc712fb5ad8e965
1a2953c323d5dc9e496ffe18c2a8dac61c62e45e0775a965ce05330921355b96
1a5d8473db66db213f060066a11dee62d6d92e29679d49bc30d17d0452b77613
1d252df4fe40425d3e2389831f73d1b6e19ccbba652ca7b9a0b0ec7c8e230e03
1de1594a678d9dcbd8d9367a11fef1812376de4f23105c2a480609caeb88efec
1de6ab9f52cc04aa989d383f0b081316586f13443cd9e906151b91d27bc34071
21e8f5ea8ac99024c3700a48a4a6b28ea29b8951d319c3df760c997c3ea54965
221b0e5f79285115e0fbcec94120508a341186223526a9553048046530818612
226e276f6230b9b9338a5c06633f8ff6eb9e5a628c411d9e1225e8431055278f
23f681e5ca4fc39b86bee60aecb0919bd4127c5b13e2bf8a5eed17191c66a95c
265f4ffccda6159d041b826083c50aea10eb57f5a2762bc8022f96d35dfdb153
267643b1790a2c87a0fdfec4a2cccd321cd1b22a5d7af7861bd8f118f3d74e3f
272ef6004bffdd8a6a55dc4e0f1bc3f57def96e5063de6538c9788a2d3fc9c75
27c22d1e6eaac08bea280246cac9eda13c4fbeab8792c7f7d8438a11d6e1fba0
27fd73dee5596813bbd6282a821926ae6cd1281f9736d98943a1deb6955608ee
28cdcc48f0cc711a01fe35c625de83ca52211297b433f9f2792b1e5b55ef597b
29a03bf5a8645582c4c181f998eac2fd4283416a0f5d9bd98cfbeae42de2511c
2ad4a9b9e1d7bda32834af951eadbe33f30183272a09c596febf458d07cfa916
2d960a7a2823586149d04372efbe64482e8193181c268e509a4b834614facb47
2da5b5ed581f295ea206a0c99cbbfe5e5fbc113211f9506c59fea6694eb101a3
30f50c27fb65c2f79bda64a7f209fd8af7abace857ade7dc29e9539587ace1a2
334dc34df8944a7cec9a7f00e250fac46113625e9a8c5dd176caf8bcef5bb676
38585bfc7440ca36abe08a94e6cc4d089b005f9b97e35049c6e10c06d330e04c
38a583de4c9a85114ea0d3811417028bd25ca29b2eed3f84372822c527d01ca6
3a760ad2462e5115efb1336e598dd00a47072606dedbdb0bb0f75747529228f7
3c5373d92b755ad6044e5867981367495b87d2fc22c272d3e1d383b8591cd801
3e4c6c97c5838b7d41a7d042f4452201e6da3de6a1299fe0b9b53888cd0a5111
401b0dd998d6f56a3286fa0be96ed91802c905e45b854bbe069e780c905220df
402f386125882f2c6bfb5639857999bf15b46d187c0c293e5f9df6fbfb5bf41c
42a22b8d21a7b062a188dde6f75356ed051db1712961c5722adced8fbf1e9baf
43c145b67282d661e41e44084b10ca1291770fdc3c8df9508ce3847786a4f2f2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45e3e7269652f89ccd2448bb2a9d51367c65132d8e56f058db01a284a9e8e270
471fe2996db186a05e20d52b03a8cd99b17f6be67d96603689701019afb84629
476d60955514d59fff612bff247149d6c3d8040247ec574886143d08163e1717
4963b09462b5db20b9a820b98581b6f8a4058a2eeb2d4d7b4177ac3a9cc33f80
497f169256ff4f0af835f665a2d105f02e0f12bf078572d12dcbaf6d25328b8d
49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68
4b00d3b65c9268f309a774c73b9d986fd19efa34cdc4ddee8eddb7d0510aa29d
4bb353395c7e51ccbc2802be0f4abbdef052b073b5e65c5c323338b0ad1888cb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f1c6499f6a30c6286a56fdf68659e09c40a44ca315ca91fe6a46bc953998dd2
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5054a1af89cc72bcb7c086ce9fc4f8a6fc230b90b92c6dbf340bb25cd728a02c
51547de25ed0756832e259e8eac96c8b4b999c54b85f5a4cc40b2ab7e0f33043
530752728a396ddcdd46e2a062834d6fdd475ad5199b9beab914088203fb1fac
533b23c57b1770cc3ee9c15b998b2eb494fa0adb2d6929fd22a9b78adfade3a7
535be4b8bedf82433d210152dfb19dd4eaf5796c4e61c2be1c2ed356827b5580
5364a9f7dc57c75ac772445ecba2171f22a2cefafd0736f0dccf280ab34276e6
538ef190b86302e414dcc8be0b843b5e6b5fa8074d94b2704debadc3e87e70c1
5442d1b4e5503e7bf898d26807bda51d7bdbc22dd34f545d3c3cc91688f98021
5634160b5779452c237d49e24be812637f98f9d7f64b1f4115e3ad786cacf48c
564ce4916aaf2dbd2cca7bd64e173d2696d270dde860ef0c9f8cc27813800fb3
566adb623a1723b23ca4f800a75a4af52d6daeb3750afba98498f832180319c8
5a58836a49ebe0506fa0b0e06dc47085eeff922c34aa9be92c2312ed64c14b99
5b3dafb879aa963cc146639ed50803bb8496968027f35dba28d1e39d0b5ed17d
5b4c012c740d120a384871f05af3184799f6e2b607767a5d6229e2a82aac103b
5ea25b3756b3e97a98da0d6949c6c7881a161acb9962b9229deea1d0395f9b86
5fe9def46a8b91028785a46837dca6fc1e6adbb83ea70ac2234d60df39ae6904
65d385b4c059f3ff75a6c54cc09fe0fd32ea3a2487a11589285627684b7f7211
680ac2087275c43683d86a9362271c56c2987257e82a78f9b520b00b26ee54c1
6b23a75ff4727af6d80f78e4e56bb9159ab4fbcb1e9fe5ac19532ce94465ab8b
6ddc691783c58242f2e240f5b49641ee197af74ce3e1686ee7b578566d7a83ce
7039bb19c75f1c0f7aae5b8d62e7e867c2ed768d453ce30381646afb2e1ecc90
72f50874e4c6eed0603d24fbdc9c187b4ccb9554677422d4ce1563c7f594bd4f
78666b6dfb45515213fab81f180cef33611fb69cf893910bfb6f6e3ebd3c19d6
789aee6d923a732513b56c2ad3b98a39c8c18be36bf23d04d2688bfb166906e4
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c9fa159d8e255b9319dd41afd15aa362fe79b82853a4880106a4fc5c742982b
7d62bab62d534ed5fe4f0f489c0be4236f7ce40f769b29ea3c843aecbfa12e5f
7e030b8bc8a5e080eb75bfdb61afdcc924aa7cf851460c666221cae5c8293fe4
7f9ba21def67e5276755455872ad16ba43438df0ca9b9d0a5586b9c726846d62
819cd11b48e7f2d1a6ba85d2b0ce07950b52bcc9b04d27587f59cfce03d8c999
850e6e33ad9aaf7cb11581029fedf08a1d855814d569f2afcea6a9764e8e0c83
86395c2c4bb7064d07c64bd165901de2fbbb1b72ffa5057e09a40dda39796dc0
86fcd3926befb288b406fe16fefc1e91342e11c04ee7af9c77cd3b7a6b7c84ae
8708450c640e8334574e34b1bf0c47844c0764a9ea0d06cdfc6390830249a638
870eb541de2e4736c4337c3ab8d34fbaa2617d993979cefd5f7c5d79d08e501d
879e5d31dc230d18b8e997f825c613eb751d85f88ff8695c20a6a131a2e7f9ba
8c14dd9179913a3fb6d8bee3165293a61a0ffe62aca3be04bae738b5bce30a13
8c337f9794d78976b5880cd58f4d0c0970d605ed10dc881ee332fc6ddc1a26a1
8d415c84ae3caeab1ef04300f0e9358fde343c99c434645337c0bde0d143d65c
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
93c7daa7232fea589edaf300f5ee521efa219138e047a7ae870dd74d9487f9ea
94d7e0d89806dad5b38503db570b3154cdfc886a6fca65cc0897bb4c2c18e648
974b3d30f00aeabc802bc8fe120efe2de9a8b029b6299591c9d2ab8d4350c23b
976c6dfb82ff818cda688ca43c6c49bcbf285e2652a45f94315154a16036baaa
9886eba3730d9972ff89016c53fc50ee22f535605cfc9b28dbc3788be2834c30
9945da6442f97fa154aac094aa0e7959d26e47f845339ee5483347c38efc9f4a
9d8365d89b7b4111e90fde6c93cd64309a8895f9700dcd247683bb66a6fdbfa2
a00fd4909149c85366c9cfdcabfb031987fa7f9cc7ea7c696efdec8860cb49ca
a390f4498a7b5e34c082b9cb5691116fe75cc8769e5f2a84bac38b93d27dbf03
a47082ca3f007526784fb484648f2da29b01fb1da23dc331df7dfa54e43e591d
a6061179dfc013703fabbe3ff7ae3cf5f95e531740c2b1a200ad44138a04607f
a692ca1c7938f75d637cd0d38dbef6cf015e67efac48585823a4dbcf4487b4e8
a6c268cfcdcdf9c6442bdecb28ba3dc26080d19d3df293d8a47e80311900bed7
a71d84f1b53f545fd62160359e05bb751aaefde1cebc05e5ce49d258a3b9eeac
a7b97147d39d2583a88140e6aa19b6c862eddc289261686d51f1fd9e45f87d8f
a83848cf5c3d96caefe490c19e41659609b3691dd4c531cf925016c084d8e1b0
ae90b5bde77280c1f9bf217e46beb8534a0e74632183db9812166c18c00d037a
aee70e8095e5af64760acae5c7844bc8bcae03a11f35fb8185602fc0dec4c35a
afceefd395be95bd1b05d50c99964f1daa86e78a9a0f9f70e43c52fa4e8d5f0a
b032d886830188ea3ef3720eea57f57c6285693e3af230477199248e1f62d0bb
b14684edc7a33025134268da451328fe23fd64c0ab1614a9811f47b3dbe944b4
b2168a18421e92dd6685e65393a9c1207d604ce71219eec19f0a5f947d30a573
b5c8a8e375e04e1986218d85bddc3cd11cbaac2f5bc28a4bdde0ea55df2690a1
b658136fadc6fc8c259f717c518f3b5c14fbdf90ea299d36387f9681e772b6ea
b6a7cf012908d2594e003ba57dc5ee58245f0931f0ba36c9734b4c1abb635153
b75024c35f8e6624deea361ca7092af8e4f71674eab7d3d410d10faad5cd82c2
b797f6ef1a3ebacf2c60e874b6f86104dfe0ba4c93770cded22bad2cdf42a8f1
b79b2cf11707054066850ee05de2f625d9914558836d3065c20e7f9776440ff6
b901a9ca2535b2c2e4986a4170934e277a00712e5c0525d253719a7277bc8309
bbc3640f31c372da68e5029c1f775715e681fdd327c4c77dc0ec04918b2bba6a
bd1798a3196052839bf26731f4d766f089a01982cc5a7e60fc3cae9392c8e3c6
beec0e606b0397cdc95eba5c160317d7c73f18917d6cb2ec97795aec9b10fafa
bef07650ae13b3536510763686eea5abcd1189ec8ee14c37060c8ac99ceba9e5
bf8fc1b1c3f35ad43d96db9cb9cfe59bd741af807587e542d893f0ec32142e95
c1bc3773a8dacd0125c2dc3e9837fb4209eccc6db5eef734c10a21b6fcd5819c
c2864bf3ca82a5e7f9cc6e96e40dc32665faea6bb959d04686ba2155ccba3c29
c429b056c18833dd3d7fe28ab8ba904526ad1375398ffac0a0e4f2d278e1ac43
c42ad3174f68eef87d27c513c1084a5c0b8ca1d09aab07e6e7d2897f35f47727
c50a0366bab0d95bd0dfbbf67ed889b5fd383ee7464a77660088c32e4ef91c20
c902ab00352d0ae869550735beabccb7b86654e7198b2d2954bdd3864119496f
ca35dc64a5d6c6e8f63c8bb89d75b883b3006426a0d9c968db7249500faa1d72
cbe4e3a615ab6fd297c51d0f136bd4c729bf8bc38a282f469916eb055040a9c6
cc063466fc42fe1b789888a932cc7f3a8bdde1c2d70a8a04b4d9896975620da7
cd6e1b047c6ff55df32853dc017dfc0d353027c8b5f564f8b06584bff654642a
ce6e5bcf942138e7eed1a8476f4460f5532db0272ac5fb318f0a2222b9058461
cf6eecdb9b03afa0696f0f651715608b0ca1f8581399e0d7c52ad93e80b2f553
d264273099f3ba6a61a1180bbbb01c82490399b9d2f9ec8fbd0b6da0b7b62338
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d2dee4d08a598d7777c8c5f70bab11cda670f35407a912749bfd62fdd4e76ef9
d9f489ed019d27d3d089bd3b9f4f1acabb16dac8655088257110ee344ad27c12
da99004a3dd3736a976dbff7dfe56ebf70076475ba4e60d67506dead66e38ee4
dbc07a9c2245535b3fa81d8093fe32c39fbaad344075082b2a28d416ad08415d
dc4b2d1a866748cb7f12771941d55b63f9dad9bad683d916dc7965f0eb62a880
dc4f66162ea8f9862c8bbb84c1a856c9bd516a368905b56f165eefbd9df50079
def2dd078ee571590e4db5eee85669e7c971dbd71b29927b1465f24619229fa7
e1b9e86fa82b13c0bca9a897d309b6e5475aeb1fdbd5a9d062abed600cad0263
e31ce888a84abf8847879ba472b37955c7936ad66b833da402cdab7ffbbc98ef
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f954b8da022b98c7ff80b7cf9a0b5a182eb8ffcb08612dac96a4f783a96a8b
e508e6b85c7529fa13cf4727de77625e955fffe78e955c32bc6780081a000f57
e52d005fe814fca1692096727c3f9908bcdaa8bec58f867c229fcdbcb64e1adb
e5802f293c62b42467e0bee021146995034e4ea8741864d07473ebb4556fe3eb
ec52c92bd844889ac4997fe38fbfd0ac09c4111738ca64b5e873662a674e207d
ec5aef56172acb4f9cc7a533d8846bd6f4c12a8bb635321299d375c3a986095d
ec6aa88ff7746526a4616a8099c1473b39c9f4078442e80dec81ab2a5827ef18
ed71bae44def20c7d8dfaf58dd78bf49859837fac0d8e8cd88132878b61fe71f
ee533b9e14640df8355b7e6b91c1fe958703b65a72ad0622695c447afc085bca
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f07d202cd0aa53e34934caa94ab1b1c9efde735e93303c0cd9722f781252dde7
f173ce9aba85239293aa2d30b59d8e9769ab57261a63376147b22773f84972bb
f27f7b08cdba301dc4a18d86a6749ca5e133b70aa2fdc166327c8be7d9a30a37
f28aad5e4303e98d21626c1044e8afcba3e8dce789e9c6245084bfc83082503e
f30303e41262ed1ae693c03b4ebd0b8ef04eee3e46163bc5ae376e019905524b
f48f311b949a7369b8a381932ffd054cc5b1f8f74a672cc47d1fcad60f7858e0
f6b344252eff2db0c3aceca713062e91aa81aa953bfb69460c85b1e62b5a06b2
f749bc5d66379bf89ee5f8d7c75c8e4171e6530b2d0568fa652566777e8018e2
f8cd0337c878919cdb4e60a4c5821c746915e1d8e6a64dbe0de80bf4b0ccdbc9
f991604789d1e2850a2fa69278386e36cce9e05a2b90c1c71abcd29c931c2373
fac95bf7dfdb7ba7246674b35ba9ba6a726d9786f0819fdbb9c7dcb43801292a
fd6d34ae21753d7bb4e1c59de23570a40b493cb044fc3a3e5a351c0d0c83d082

www.wsj.com Open in urlscan Pro 2600:9000:211a:8800:3:4b0:de80:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

184 Requests

98 %HTTPS

36 %IPv6

25 Domains

41 Subdomains

37 IPs

7 Countries

6029 kBTransfer

14361 kBSize

23 Cookies

76 Outgoing links

Page URL History

Redirected requests

184 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.wsj.com Open in urlscan Pro
2600:9000:211a:8800:3:4b0:de80:93a1 Public Scan

Screenshot
Live screenshot

Full Image

184
Requests

98 %
HTTPS

36 %
IPv6

25
Domains

41
Subdomains

37
IPs

7
Countries

6029 kB
Transfer

14361 kB
Size

23
Cookies

184 HTTP transactions
4 data transactions