Archive Captures
Independent captures of Gardyn-published URLs referenced in CISA advisory ICSA-26-055-03 and on this site. SHA-256 hashes establish chain-of-custody.
Manifest
The full manifest is at /captures/manifest.json. It records, for each URL: timestamp of fetch, HTTP response chain (including any redirects), final URL, byte size, SHA-256 hash, and JSON-LD dateModified / datePublished values where present.
Captures (April 29, 2026 at 04:12:32 UTC)
https://mygardyn.com/blog/security-update/
| HTTP response | 200 OK |
|---|---|
| Bytes | 822,125 |
| SHA-256 | 0903d5c6995e7d98b39a66981db0c20575a092f0a4942375140ac6e62819c8ef |
JSON-LD datePublished | 2026-02-24T18:38:01+00:00 |
JSON-LD dateModified | 2026-04-07T18:05:17+00:00 |
| Local capture | mygardyn.com_blog_security-update.html |
https://mygardyn.com/policy/privacy/
| HTTP response | 200 OK |
|---|---|
| Bytes | 886,906 |
| SHA-256 | afdb338be75c2d71154ab44d31d42ba8cc7d8c7789e7bda2672090639fbfe514 |
JSON-LD datePublished | 2019-05-08T01:38:14+00:00 |
JSON-LD dateModified | 2026-03-20T12:36:12+00:00 |
| Local capture | mygardyn.com_policy_privacy.html |
https://mygardyn.com/security/
| HTTP response chain | 301 → 200 |
|---|---|
| Final URL | https://mygardyn.com/blog/security-update/ |
| Bytes | 822,125 |
| SHA-256 | 041f1384f97de32921f79d622683575ac966146787c556217de73a73fe393b6a |
JSON-LD datePublished | 2026-02-24T18:38:01+00:00 |
JSON-LD dateModified | 2026-04-07T18:05:17+00:00 |
| Local capture | mygardyn.com_security.html |
Addendum capture (May 14, 2026 at 18:14:53 UTC)
The Terms of Service was subsequently captured by direct origin fetch so it has a direct-fetch baseline matching the privacy policy and security-update captures above. It is recorded in the same manifest, with a per-entry fetched_at field distinguishing it from the original April 29 set.
https://mygardyn.com/policy/terms-of-service/
| HTTP response | 200 OK |
|---|---|
| Bytes | 859,564 |
| SHA-256 | aa8da72a6b8ee58a2cc7e7f25dd013819abe0b266fa47b34c2ab191a12090cab |
JSON-LD datePublished | 2020-01-06T23:44:07+00:00 |
JSON-LD dateModified | 2026-04-06T16:51:48+00:00 |
| Body “Effective Date” | February 23, 2026 |
| Local capture | mygardyn.com_policy_terms-of-service.html |
Note on prior captures
An earlier set of captures was fetched on April 27, 2026 at 04:59:38 UTC. The source files for that capture set are no longer available on the maintainer’s workstation. The captures above, fetched on April 29, 2026 at 04:12:32 UTC, supersede them. The April 27 SHA-256 hashes are preserved in this site’s git history; the April 29 hashes will not match because the captured pages contain dynamic elements (e.g., a marketing countdown timer) that change between fetches.
Wayback Machine captures
Twenty Wayback Machine captures of three vendor pages (/blog/security-update/, /policy/privacy/, /policy/terms-of-service/) are mirrored locally under /captures/wayback/ with a structured manifest at /captures/wayback/manifest.json. Each row in the index links to the primary source on archive.org and to the local mirror, and records the JSON-LD dateModified field, the body “Last updated” or “Effective Date” string, and the SHA-256 of the locally stored bytes.
Beyond the local mirror set, the maintainer also operates a scheduled Cloudflare Worker that submits the three vendor URLs above to web.archive.org/save/ five times per day, creating an ongoing third-party-controlled record of any subsequent changes. Independent third-party Wayback submissions of these URLs are welcomed and can be triggered by anyone at the same endpoint.
Independently verifying these captures
To verify a SHA-256 hash from the manifest:
curl -sL "https://mygardyn.com/blog/security-update/" -A "Mozilla/5.0" | shasum -a 256The hash will not match exactly because the page contains dynamic elements (e.g., a marketing countdown timer); however, the editorial content (the article body, FAQ section, and JSON-LD metadata) is stable. The local capture file in this directory preserves the byte-for-byte content as fetched at the timestamp recorded in the manifest.
Chain of custody
All captures were fetched via curl 8.x with User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X) gardyn-security-incident-docs/1.0 from the maintainer’s workstation in New Jersey, USA. The original set was fetched on April 29, 2026 at 04:12:32 UTC; the Terms of Service addendum was fetched on May 14, 2026 at 18:14:53 UTC. No content was modified between fetch and storage. SHA-256 hashes were computed via shasum -a 256 on the as-fetched bytes.