urlscan.io logo urlscan.io
SecurityTrails logo

www.secureworldexpo.com Open in urlscan Pro
2606:4700::6811:87b4  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Submission: On July 29 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 35 IPs in 7 countries across 29 domains to perform 118 HTTP transactions. The main IP is 2606:4700::6811:87b4, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.secureworldexpo.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on September 17th 2019. Valid for: a year.
This is the only time www.secureworldexpo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
30 2606:4700::68... 13335 (CLOUDFLAR...)
11 2a01:4a0:1338... 201011 (NETZBETRI...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a01:4a0:1338... 201011 (NETZBETRI...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a04:4e42:1b:... 54113 (FASTLY)
3 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
5 23.210.248.44 16625 (AKAMAI-AS)
7 2606:4700::68... 13335 (CLOUDFLAR...)
2 147.75.101.5 54825 (PACKET)
1 23.210.250.213 16625 (AKAMAI-AS)
1 2 2a00:1450:400... 15169 (GOOGLE)
8 172.217.16.130 15169 (GOOGLE)
1 2a02:26f0:eb:... 20940 (AKAMAI-ASN1)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 151.101.112.157 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 6 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 147.75.102.13 54825 (PACKET)
1 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:eb:... 20940 (AKAMAI-ASN1)
6 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
118 35
30    2606:4700::6811:87b4 (United States)

ASN13335 (CLOUDFLARENET, US)
www.secureworldexpo.com
11    2a01:4a0:1338:28::c38a:ff08 (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)
use.typekit.net
1    2a00:1450:4001:816::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a01:4a0:1338:28::c38a:ff0b (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)
platform.linkedin.com
2    2606:4700::6811:f3cc (United States)

ASN13335 (CLOUDFLARENET, US)
cdn2.hubspot.net
2    2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
3    2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
adservice.google.de
adservice.google.com
2    2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
5    23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com
s7.addthis.com
v1.addthisedge.com
m.addthis.com
7    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
no-cache.hubspot.com
app.hubspot.com
track.hubspot.com
2    147.75.101.5 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress16
static.hotjar.com
script.hotjar.com
1    23.210.250.213 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-213.deploy.static.akamaitechnologies.com
z.moatads.com
2    2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
8    172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net
securepubads.g.doubleclick.net
1    2a02:26f0:eb:385::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
snap.licdn.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
platform.twitter.com
1    2606:4700::6811:cbcc (United States)

ASN13335 (CLOUDFLARENET, US)
api.hubapi.com
1    2606:4700::6811:e6cc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
1    2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6811:46b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2a00:1450:400c:c01::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
6    2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    2a05:f500:11:101::b93f:9005 (Ireland)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    147.75.102.13 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress3
vars.hotjar.com
1    2a00:1450:4001:81f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
9b37ec61a1956211135da73c0128c504.safeframe.googlesyndication.com
9    2a00:1450:4001:819::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a02:26f0:eb:1af::19fd (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
p.typekit.net
6    2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
1    2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2606:4700::6810:5605 (United States)

ASN13335 (CLOUDFLARENET, US)
perf.hsforms.com
4    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hubspot.com
Apex Domain
Subdomains		 Transfer
30 secureworldexpo.com
www.secureworldexpo.com
487 KB
14 googlesyndication.com
9b37ec61a1956211135da73c0128c504.safeframe.googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
251 KB
12 typekit.net
use.typekit.net
p.typekit.net
145 KB
9 doubleclick.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
99 KB
8 hubspot.com
no-cache.hubspot.com
app.hubspot.com
track.hubspot.com
forms.hubspot.com
5 KB
7 google.com
adservice.google.com
www.google.com
922 B
6 ampproject.org
cdn.ampproject.org
256 KB
4 addthis.com
s7.addthis.com
m.addthis.com
190 KB
4 linkedin.com
platform.linkedin.com
px.ads.linkedin.com
www.linkedin.com
57 KB
3 hotjar.com
static.hotjar.com
script.hotjar.com
vars.hotjar.com
72 KB
2 twitter.com
platform.twitter.com
29 KB
2 facebook.net
connect.facebook.net
60 KB
2 google.de
adservice.google.de
www.google.de
274 B
2 google-analytics.com
www.google-analytics.com
18 KB
2 cloudflare.com
cdnjs.cloudflare.com
77 KB
2 unpkg.com
unpkg.com
2 KB
2 hubspot.net
cdn2.hubspot.net
8 KB
1 hsforms.com
perf.hsforms.com
530 B
1 gstatic.com
www.gstatic.com
130 KB
1 hs-analytics.net
js.hs-analytics.net
18 KB
1 hs-banner.com
js.hs-banner.com
7 KB
1 hsleadflows.net
js.hsleadflows.net
66 KB
1 hubapi.com
api.hubapi.com
549 B
1 addthisedge.com
v1.addthisedge.com
848 B
1 licdn.com
snap.licdn.com
2 KB
1 moatads.com
z.moatads.com
1 KB
1 googletagservices.com
www.googletagservices.com
16 KB
1 jsdelivr.net
cdn.jsdelivr.net
23 KB
1 googletagmanager.com
www.googletagmanager.com
33 KB
118 29
Domain Requested by
30 www.secureworldexpo.com www.secureworldexpo.com
11 use.typekit.net www.secureworldexpo.com
use.typekit.net
9 tpc.googlesyndication.com securepubads.g.doubleclick.net
www.secureworldexpo.com
cdn.ampproject.org
tpc.googlesyndication.com
8 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.secureworldexpo.com
6 cdn.ampproject.org securepubads.g.doubleclick.net
6 www.google.com 1 redirects www.secureworldexpo.com
www.gstatic.com
5 track.hubspot.com
4 pagead2.googlesyndication.com securepubads.g.doubleclick.net
3 s7.addthis.com www.secureworldexpo.com
s7.addthis.com
2 px.ads.linkedin.com 1 redirects www.secureworldexpo.com
2 platform.twitter.com www.secureworldexpo.com
platform.twitter.com
2 connect.facebook.net www.secureworldexpo.com
connect.facebook.net
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 cdnjs.cloudflare.com www.secureworldexpo.com
2 unpkg.com 1 redirects www.secureworldexpo.com
2 cdn2.hubspot.net www.secureworldexpo.com
cdn.ampproject.org
1 forms.hubspot.com js.hsleadflows.net
1 perf.hsforms.com www.secureworldexpo.com
1 www.gstatic.com www.google.com
1 p.typekit.net www.secureworldexpo.com
1 9b37ec61a1956211135da73c0128c504.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 vars.hotjar.com static.hotjar.com
1 www.linkedin.com 1 redirects
1 www.google.de www.secureworldexpo.com
1 stats.g.doubleclick.net 1 redirects
1 js.hs-analytics.net www.secureworldexpo.com
1 js.hs-banner.com www.secureworldexpo.com
1 js.hsleadflows.net www.secureworldexpo.com
1 script.hotjar.com static.hotjar.com
1 api.hubapi.com www.secureworldexpo.com
1 app.hubspot.com www.secureworldexpo.com
1 m.addthis.com s7.addthis.com
1 v1.addthisedge.com s7.addthis.com
1 snap.licdn.com www.secureworldexpo.com
1 adservice.google.com www.googletagservices.com
1 adservice.google.de www.googletagservices.com
1 z.moatads.com s7.addthis.com
1 static.hotjar.com www.secureworldexpo.com
1 no-cache.hubspot.com www.secureworldexpo.com
1 www.googletagservices.com www.secureworldexpo.com
1 cdn.jsdelivr.net www.secureworldexpo.com
1 platform.linkedin.com www.secureworldexpo.com
1 www.googletagmanager.com www.secureworldexpo.com
118 43
Subject Issuer Validity Valid
www.secureworldexpo.com
CloudFlare Inc ECC CA-2		 2019-09-17 -
2020-09-16		 a year crt.sh
use.typekit.net
DigiCert SHA2 Secure Server CA		 2020-01-28 -
2022-02-01		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2020-07-03 -
2022-07-08		 2 years crt.sh
hubspot.net
Cloudflare Inc ECC CA-3		 2020-07-03 -
2021-07-03		 a year crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-04-06 -
2020-10-09		 6 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-07-08 -
2021-04-17		 9 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
cloudflare.com
Cloudflare Inc ECC CA-3		 2020-07-04 -
2021-07-04		 a year crt.sh
odc-prod-01.oracle.com
DigiCert Secure Site ECC CA-1		 2020-07-22 -
2021-10-13		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2020-07-27 -
2021-07-27		 a year crt.sh
static.hotjar.com
Let's Encrypt Authority X3		 2020-06-17 -
2020-09-15		 3 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2020-01-17 -
2021-03-17		 a year crt.sh
*.google.de
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-07-21 -
2020-10-12		 3 months crt.sh
platform.twitter.com
DigiCert SHA2 High Assurance Server CA		 2019-08-28 -
2020-09-01		 a year crt.sh
hubapi.com
Cloudflare Inc ECC CA-3		 2020-07-03 -
2021-07-03		 a year crt.sh
script.hotjar.com
Let's Encrypt Authority X3		 2020-06-18 -
2020-09-16		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2020-03-04 -
2020-09-04		 6 months crt.sh
vars.hotjar.com
Let's Encrypt Authority X3		 2020-06-16 -
2020-09-14		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.typekit.net
DigiCert SHA2 Secure Server CA		 2019-12-06 -
2021-12-10		 2 years crt.sh
misc-sni.google.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh

This page contains 11 frames:

Primary Page: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Frame ID: F992E7AE80BFEDFB3314B0041691F199
Requests: 90 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 63F46933B73DD711374623AF04D27BDB
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: AA93A9B325B0207BD0996680B2C85B4C
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 69A223B9FAE5DB595D5F1CFCFAAA802A
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.c4b33f07650267db9f8a72eaac551cac.html?origin=https%3A%2F%2Fwww.secureworldexpo.com
Frame ID: D09EF8ACF7BB56DD4DCFBF27CBB811A1
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Frame ID: 14B89E312591358F775D3C1FD1FB52A6
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Frame ID: A12E8757FAD82376B36B0A74CD0B20F7
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Frame ID: 8FEEF7F25DCAE278979BA6882FE2DD40
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGRleHBvLmNvbTo0NDM.&hl=en&v=AFBwIe6h0oOL7MOVu88LHld-&size=invisible&badge=inline&cb=28jgn76ff4l3
Frame ID: 91A5F70FC26E191F4BFBB404C9FF6FD5
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=AFBwIe6h0oOL7MOVu88LHld-&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&cb=bzehky8lpuna
Frame ID: DA71EDA571BF8166BBD93697A4E68EAD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: 6C6B91CA57B278C5D5D8A118E7868F84
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

118
Requests

99 %
HTTPS

83 %
IPv6

29
Domains

43
Subdomains

35
IPs

7
Countries

2054 kB
Transfer

5543 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js HTTP 302
  • https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
Request Chain 34
  • https://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
Request Chain 67
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=343230341&t=pageview&_s=1&dl=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&ul=en-us&de=UTF-8&dt=Special%20Security%20Advisory%3A%20%27Ryuk%20Ransomware%20Targeting%20Organizations%20Globally%27&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1305446125&gjid=2051460167&cid=1927368728.1596045513&tid=UA-29110626-1&_gid=610101161.1596045513&_r=1&gtm=2ou7m1&z=257475982 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-29110626-1&cid=1927368728.1596045513&jid=1305446125&_gid=610101161.1596045513&gjid=2051460167&_v=j83&z=257475982 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=1927368728.1596045513&jid=1305446125&_v=j83&z=257475982 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=1927368728.1596045513&jid=1305446125&_v=j83&z=257475982&slf_rd=1&random=3365329826
Request Chain 69
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1596045512680 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D651962%26url%3Dhttps%253A%252F%252Fwww.secureworldexpo.com%252Findustry-news%252Fhow-ryuk-ransomware-works%26time%3D1596045512680%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1596045512680&liSync=true

118 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request how-ryuk-ransomware-works
www.secureworldexpo.com/industry-news/ 		64 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
6538840bab88e62f8898546a9d45bd0bff56f2809e6921c4bbe98e29ea3d0138
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=0

Request headers

:method
GET
:authority
www.secureworldexpo.com
:scheme
https
:path
/industry-news/how-ryuk-ransomware-works
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Wed, 29 Jul 2020 17:58:32 GMT
content-type
text/html;charset=utf-8
set-cookie
__cfduid=d7b6031d36e5bd24f8ca46b40a6da7cb21596045511; expires=Fri, 28-Aug-20 17:58:31 GMT; path=/; domain=.www.secureworldexpo.com; HttpOnly; SameSite=Lax __cfruid=7d44f1a3db7fe10bf708b2989a8b6f8d9d575d6a-1596045512; path=/; domain=.www.secureworldexpo.com; HttpOnly; Secure; SameSite=None
cf-ray
5ba8ba7ead503233-FRA
cache-control
s-maxage=1800,max-age=5
link
</hs/hsstatic/HubspotToolsMenu/static-1.72/js/index.js>; rel=preload; as=script, </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.7/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.16/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.81/js/comment_listing_asset.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
strict-transport-security
max-age=0
vary
Accept-Encoding
cf-cache-status
MISS
access-control-allow-credentials
false
cf-request-id
043d52e3240000323339a85200000001
content-security-policy
upgrade-insecure-requests
edge-cache-tag
CT-10855193339,CG-2221756,P-2221756,L-4217464939,L-4217501659,L-4327754887,L-4453182780,CW-5767375991,E-4263571273,MENU-4263609498,MENU-4404484415,PGS-ALL,SW-0,SD-6,B-4214485368,GC-27670355560
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-hs-cache-config
BrowserCache-5s-EdgeCache-1800s
x-hs-combine-css
Retry-0
x-hs-content-id
10855193339
x-hs-hub-id
2221756
x-powered-by
HubSpot
x-trace
2B80FFC411C1B1C02663FD0EAA32EE111446D3126C000000000000000000
server
cloudflare
content-encoding
br
cf-h2-pushed
</hs/hsstatic/HubspotToolsMenu/static-1.72/js/index.js>,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.7/bundles/project.js>,</hs/hsstatic/cos-i18n/static-1.16/bundles/project.js>,</hs/hsstatic/AsyncSupport/static-1.81/js/comment_listing_asset.js>,</_hcms/forms/v2.js>
index.js
www.secureworldexpo.com/hs/hsstatic/HubspotToolsMenu/static-1.72/js/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/HubspotToolsMenu/static-1.72/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1bd7c3200bda02262090f6ca46a5928d152bfdd6201ab98f4041f9d3c2447167

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 55fa3dde23353cff6cf7a09eb763933c.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
106306
x-amz-server-side-encryption
AES256
cf-ray
5ba8ba828e883233-FRA
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
cf-request-id
043d52e5930000323339ab6200000001
last-modified
Mon, 27 Jul 2020 19:07:57 GMT
server
cloudflare
etag
W/"8e0f41fe10dafcb878a6cf6f260ad3c6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
IWqYILzZrU2yHF48nbSvpYDBYBO7qJVI
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD79-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
zcmtnAWO3mT7OjoCYMhG_n6Xe3L92l6CNHbdNy_wq8Y_mIxQNHEv1g==
project.js
www.secureworldexpo.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.7/bundles/ 		2 KB
684 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.7/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c2c02e9614363683f8e388045ca9fd63a691125c5904c17ae76bb61994a46fda

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 157ebd6865840045fc8b5ed1cce7e466.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
1629660
x-amz-server-side-encryption
AES256
cf-ray
5ba8ba828e8a3233-FRA
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
cf-request-id
043d52e5930000323339ab7200000001
last-modified
Mon, 09 Mar 2020 16:45:22 GMT
server
cloudflare
etag
W/"13d7f6663fd3c647b1222db945cca06a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
F8BNQrrKLCj8R5Pce1ocuLgFrUYw7rqF
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
J4zyanNdOKkSmhlH_RUnEFPT75DgeXHd230OLJkVHu0kiiMTEIWzIA==
project.js
www.secureworldexpo.com/hs/hsstatic/cos-i18n/static-1.16/bundles/ 		1 KB
803 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/cos-i18n/static-1.16/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
557ad452a06d522c1a395625dad86562395f613b0e5be6d4d064227cba3177fc

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 22e9d361a9c4153886c1c8aa0eb4ffa8.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
1629660
x-amz-server-side-encryption
AES256
cf-ray
5ba8ba828e8d3233-FRA
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
cf-request-id
043d52e5930000323339ab8200000001
last-modified
Fri, 06 Mar 2020 22:11:41 GMT
server
cloudflare
etag
W/"521bbded6fd98183186fa53a6ec3a214"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
_BZT4UvGuuv15ZMP47_RmvTsjqOaqFD9
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
lm7f2o-Rp1SBliJayY0DcDMXO31z8qmKYGAQ_H8S396b3RHO6XvuKQ==
comment_listing_asset.js
www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.81/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.81/js/comment_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddf85c0a55c7d03f4e3a1cce43da67eb89317d6ccf537a05135001d855c79d1c

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 20579d8c7e6a7d159f211e9ee1d4003c.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
14091
x-amz-server-side-encryption
AES256
cf-ray
5ba8ba828e8e3233-FRA
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
cf-request-id
043d52e5930000323339ab9200000001
last-modified
Mon, 27 Jul 2020 21:53:38 GMT
server
cloudflare
etag
W/"567bab48661da0a415927a96f9c7f681"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
Eu2fKShLk.u0kGoANv_gTElq1sLOwO7N
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
4-HqcxgNDkHqm5R5hciQZdeX0E3R4gd3puDqHoUh_U6ZIkiJTE5dCA==
v2.js
www.secureworldexpo.com/_hcms/forms/ 		459 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c74966498bd2a74ba2cf4fbcf0229ed6b161caf55f63c8fba4093286d7b8b54

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 3dcb635971b5d310e8941cdb963aff70.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
36972
x-amz-server-side-encryption
AES256
cf-ray
5ba8ba828e8f3233-FRA
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
cf-request-id
043d52e5930000323339aba200000001
last-modified
Tue, 21 Jul 2020 10:44:54 UTC
server
cloudflare
etag
W/"3cd160df982426cc1c86494397b0c6fe"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
wXZKWTnYMV_Y36cO.xKGc7KhNSEePysX
cache-control
s-maxage=86400, max-age=0
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
27_liuZAQLViyHBYSyHoQcJ0ztxqY_9sh5ziuXJXXU0SfM3FbM0vkg==
jquery-1.7.1.js
www.secureworldexpo.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 		92 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 a075746ea1824aa1c02a5e26a9e968e5.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
1629660
cf-ray
5ba8ba82aedd3233-FRA
x-cache
Hit from cloudfront
status
200
content-encoding
br
cf-request-id
043d52e5a80000323339abe200000001
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
EhKKxvdq-DWMOAK5Uyoyoriq4zGJnEOJPFwG1-nNTwMOWq8TrJP9Jw==
comments_listing_asset.css
www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.81/sass/ 		1 KB
659 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.81/sass/comments_listing_asset.css
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c92b3367b5fe4043730b6978e65a2cfbe6c0fa7a2eeadf0e904435aa9354877f

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 38ecebcaa39c8742da2b6336935bb446.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
14091
x-amz-server-side-encryption
AES256
cf-ray
5ba8ba82aed93233-FRA
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
cf-request-id
043d52e5a80000323339abc200000001
last-modified
Mon, 27 Jul 2020 21:53:38 GMT
server
cloudflare
etag
W/"bff3608e1efab0c0b3f7a0eb6c143971"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
D8BAokZMBAd.raFVBkdcFzmbYBC50Q06
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C3
content-type
text/css
x-amz-cf-id
z-V5vKC082k02mJvDBagvLVtxvb0u2jKy1ldjBqM5RuH8y3--XqMcA==
cfm6mzj.js
use.typekit.net/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/cfm6mzj.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
nginx /
Resource Hash
dc53889df8e39fce04b75adf5e004cf9644428f46b97f31a773804dffbeaf306
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
server
nginx
status
200
date
Wed, 29 Jul 2020 17:58:32 GMT
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=600, stale-while-revalidate=604800
timing-allow-origin
*
content-length
7075
js
www.googletagmanager.com/gtag/ 		85 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-29110626-1
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
aa10a7c683329e90a3d8e3bf19a6ef64264b10ccfd99d865c64271e67879ca3c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34167
x-xss-protection
0
last-modified
Wed, 29 Jul 2020 17:40:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 29 Jul 2020 17:58:32 GMT
in.js
platform.linkedin.com/ 		181 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff0b , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
Play /
Resource Hash
c4e90b6531466a2c4be221d416cc7c96e9fbddb38df9a99858707762a73db202

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-LI-UUID
bwDVJWpJJhagaZfh5SoAAA==
Date
Wed, 29 Jul 2020 17:58:32 GMT
Content-Encoding
gzip
X-CDN-CLIENT-IP-VERSION
IPV6
Server
Play
X-Li-Pop
prod-ela1
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Cache-Control
public, max-age=3600
Connection
keep-alive
X-LI-Proto
http/1.1
Content-Length
55598
X-CDN
AKAM
X-Li-Fabric
prod-lor1
Expires
Wed, 29 Jul 2020 18:30:38 GMT
layout.min.css
cdn2.hubspot.net/hub/-1/hub_generated/template_assets/1495141902003/hubspot_default/shared/responsive/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/-1/hub_generated/template_assets/1495141902003/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
cf-cache-status
HIT
age
1218
status
200
x-amz-meta-md5-hash
0b0c633d59ab0af9553a98c0e7d97349
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 55
cf-request-id
043d52e5bd0000d6e1a0be2200000001
last-modified
Thu, 18 May 2017 21:11:43 GMT
server
cloudflare
etag
W/"0b0c633d59ab0af9553a98c0e7d97349"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop
IAD79-C2
cf-ray
5ba8ba82c859d6e1-FRA
Sw-2016.min.css
www.secureworldexpo.com/hs-fs/hub/2221756/hub_generated/template_assets/4263571273/1570561295473/Coded_files/Custom/page/Secureworld_2016/ 		91 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs-fs/hub/2221756/hub_generated/template_assets/4263571273/1570561295473/Coded_files/Custom/page/Secureworld_2016/Sw-2016.min.css
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01238c0b3d70f0c96d84be0f867fd8e55c97a1545345310f7ca35feabd685915

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 7b32163caf7e91fe96df7bbeaa58c0f9.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
2928
x-cache
RefreshHit from cloudfront
status
200
x-amz-cf-pop
IAD89-C1
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 5
content-encoding
br
x-amz-request-id
9K6NFP4G9JAV9XBR
x-amz-id-2
H9rKpZnpYLyiCmxqcyRdOljpt7ADMCTrxI4pToRic5sRlZzRVYp6oLEPrmEKbc35dXhxhxUtB3M=
last-modified
Tue, 08 Oct 2019 19:01:36 GMT
server
cloudflare
etag
W/"1ed2ffd1cb4fe8b34349e906f7d2681f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
s-maxage=7200, max-age=7200, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
u.S1AwSFzI9ZTgt_RhhxGnOMGalq.3HE
cf-request-id
043d52e5a80000323339abd200000001
cf-ray
5ba8ba82aedc3233-FRA
x-amz-cf-id
jNvE_RdQuWANpy3UJCUuEa8IHDK8wIfzoIRDApdDb6kQgUeMYVgfQA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 5
jquery.slides.min.js
www.secureworldexpo.com/hubfs/js/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hubfs/js/jquery.slides.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59ec733cb38ee1c685cda9409cc5502f2ea47dd072f70b30146f5494dbe32ba8

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 d79148f01e44f5598c15bdd5ce1c1997.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
6889
x-cache
RefreshHit from cloudfront
status
200
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 4
content-encoding
br
x-amz-request-id
1A63B17619B3B91E
cf-request-id
043d52e5a80000323339abf200000001
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 4
last-modified
Mon, 11 Jul 2016 21:39:09 GMT
server
cloudflare
etag
W/"58f295f0c2cc45fb57ab5fe958f93eeb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=7200, max-age=7200
x-amz-version-id
oAXa_7l104Cf5Y8HYZhqFUOFvtaey45r
x-amz-cf-pop
FRA54
cf-ray
5ba8ba82aee03233-FRA
x-amz-cf-id
S7ty2kCP-LALY0CII-Rsems1vWK_vRfsSvjyzRE7a1Z7FabP35RLdw==
x-amz-id-2
7amqTDOcqlYdaMtx5yTj0RxgTViI1gGIW1XhMNjl7I/9utl/cJaJHq9C1h0oO+DgVhOsY/5Ki2Q=
masonry.pkgd.min.js
www.secureworldexpo.com/hubfs/js/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hubfs/js/masonry.pkgd.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e7e1ec94cb98f8ee2f2f9d4549030b15bf4198419cfab1b5eab13c13ecf26ff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 0176a7920fd558900dd5f893f79acb9e.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
6889
x-cache
RefreshHit from cloudfront
status
200
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 4
content-encoding
br
x-amz-request-id
E93DC331DCB9E458
cf-request-id
043d52e5a80000323339ac0200000001
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 4
last-modified
Tue, 12 Jul 2016 17:33:54 GMT
server
cloudflare
etag
W/"d5761132889fee4a606e54d26675d2ea"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=7200, max-age=7200
x-amz-version-id
p01HdefR.thGzQP58gPWMqi14.QGjgok
x-amz-cf-pop
FRA54
cf-ray
5ba8ba82aee23233-FRA
x-amz-cf-id
bTecFv1GQqwisfedUV0H8_J_smX4EQMfAFp8p0SRFR-bkYVUwda3iA==
x-amz-id-2
uKssKMSmAoYp32wcvVkASTWe+u0ygndmk+EdaAUO1a41Qx0GRQTrCPlNiixzmi2DHNNOl0qzKss=
jquery-ui.min.js
www.secureworldexpo.com/hubfs/js/ 		247 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hubfs/js/jquery-ui.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78613a6e5bab939b078feae691fb0661e2b2671dcce1b1be66517203b2a7b3b1

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 9f190c53aa1fad1d6d54f8cc88bdeb16.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
6889
x-cache
RefreshHit from cloudfront
status
200
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 5
content-encoding
br
x-amz-request-id
9507F47ABF17E4AA
cf-request-id
043d52e5a80000323339ac1200000001
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 5
last-modified
Thu, 14 Jul 2016 17:45:45 GMT
server
cloudflare
etag
W/"8cbf62fc02083afe12a90787cb8f9e3c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=7200, max-age=7200
x-amz-version-id
3i9pp9ZRYVIn0GLzROYg8mObVjOyRJSc
x-amz-cf-pop
FRA54
cf-ray
5ba8ba82aee33233-FRA
x-amz-cf-id
aUhHklZUbPY-amYD6eI8u6sQ5hLGO-PQgw1OXS53ifeU5NLDyKjuvA==
x-amz-id-2
9VcjptG6ENSqDyCrJgR7qzFK4C87+GxdrSEoRILXxFCPuxFc8j0Fq8o+HKTpfj/ERRQY0DT5Nkk=
imagesloaded.pkgd.min.js
unpkg.com/imagesloaded@4.1.4/
Redirect Chain
  • https://unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js
  • https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96abf166b3cbb5f7df525d86fdeeeccea4af3c120b19bc26b0613530a94e8b44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
22887849
status
200
vary
Accept-Encoding
cf-request-id
043d52e5cd000005b7e7bad200000001
last-modified
Tue, 02 Jan 2018 16:53:35 GMT
server
cloudflare
etag
W/"15da-bT4RF04iZo5p3yNuXEVCFo98v+w"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
7a7b3adc933350b5bf6d04c0c54b1505
cache-control
public, max-age=31536000
cf-ray
5ba8ba82eaf105b7-FRA

Redirect headers

date
Wed, 29 Jul 2020 17:58:32 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
349
status
302
vary
Accept, Accept-Encoding
content-length
66
cf-request-id
043d52e5ba000005b7e7baa200000001
access-control-allow-origin
*
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/plain; charset=utf-8
location
/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
x-cloud-trace-context
4130a12c521b76e47559a0d404a725ea
cache-control
public, s-maxage=600, max-age=60
cf-ray
5ba8ba82ca9d05b7-FRA
handlebars.min.js
cdn.jsdelivr.net/npm/handlebars@4.0.10/dist/ 		74 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/handlebars@4.0.10/dist/handlebars.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d096836c66515e5ce415b57c5e2f19847ff367a41033463774291867b258ab7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
10188
x-cache
HIT, HIT
status
200
content-length
22695
etag
W/"12630-EKA6xd0OO5UHmP0bY9EiNnZapJc"
x-served-by
cache-fra19175-FRA, cache-hhn4065-HHN
date
Wed, 29 Jul 2020 17:58:32 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
gpt.js
www.googletagservices.com/tag/js/ 		48 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a9fa043d6cebef7ba5637d07a949d71e1c4104521a2f30e94f11d31601eb85c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"586 / 248 of 1000 / last-modified: 1596044805"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
16565
x-xss-protection
0
expires
Wed, 29 Jul 2020 17:58:32 GMT
hamburger.png
www.secureworldexpo.com/hubfs/ 		178 B
813 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/hamburger.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e85e480856bd1bfc6c8f2782e1cffcb33b19837fcbc24cc8b25ed969d30bbd11

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b9.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4228641034,P-2221756,FLS-ALL
age
3429
cf-polished
origFmt=png, origSize=678
edge-cache-tag
F-4228641034,P-2221756,FLS-ALL
status
200
content-disposition
inline; filename="hamburger.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 6
x-amz-request-id
D5530017A1BA3018
cf-request-id
043d52e69b0000323339ad5200000001
x-cache
RefreshHit from cloudfront
accept-ranges
bytes
last-modified
Sun, 08 Oct 2017 22:59:50 GMT
server
cloudflare
etag
"d3bd09f40d4f357af913c143adca587d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
x-amz-id-2
XciHwJmBbCCHHPdwyKfQcr/30A4AR87aDkJ8K72spOzTSKPndkofqR7cIk/nc3nXAHOeYCw5s8Y=
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=7200, max-age=7200
x-amz-version-id
4m0X8x7SQCsWrf.U9R26NzzJ2LVMVSnV
x-amz-cf-pop
FRA6-C1
content-length
178
cf-ray
5ba8ba842a563233-FRA
x-amz-cf-id
S0jE9qf6B6G59fZk2W5kv_J2TKr5ttvp6MiTqA7ABS5UEQ9i55eIdA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 6
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/ 		28 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
7400255
status
200
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
043d52e5f400001f210fa5f200000001
served-in-seconds
0.001
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:19:53 GMT
server
cloudflare
etag
W/"5afd4939-7187"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
5ba8ba832b021f21-FRA
expires
Mon, 19 Jul 2021 17:58:32 GMT
Bruce_Sussman.png
www.secureworldexpo.com/hubfs/Headshots/ 		71 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/Headshots/Bruce_Sussman.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8d357fe2d42c42524852717e660a0d21b07dc960f70f1709e40795b9971d25b

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 8e04f5d6c745b231c10fce7c2aa9c70f.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-28441472492,FD-4325750832,P-2221756,FLS-ALL
age
5731
cf-polished
origFmt=png, origSize=85901
edge-cache-tag
F-28441472492,FD-4325750832,P-2221756,FLS-ALL
status
200
content-disposition
inline; filename="Bruce_Sussman.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 5
x-amz-request-id
9AA11DBE9DA1396F
cf-request-id
043d52e69b0000323339ad6200000001
x-amz-server-side-encryption
AES256
accept-ranges
bytes
last-modified
Thu, 16 Apr 2020 19:33:13 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"e13b7e7fbcb1633906f9511fbe4f3f77"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
x-amz-id-2
t0BNFmD2Sah97lNoV3u5Y/wl9fjD4hUPo3RRgY4rgybgtHRsMFnO8t6IMB8pH7swf5rJjqTfq+I=
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=7200, max-age=7200
x-amz-version-id
vK.vrf0ODpqVXbHy5fhweygy0QULGp7E
x-amz-cf-pop
FRA6-C1
content-length
73116
cf-ray
5ba8ba842a583233-FRA
x-amz-cf-id
YfN9RNpngy24_5E9aNOB5V-_QI8nyT2-IqpkPDPCizaKtjS3EmmB3g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 5
ransomware_eye_lock_shutterstock_477248593.jpg
www.secureworldexpo.com/hubfs/Blog_images/ 		61 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/Blog_images/ransomware_eye_lock_shutterstock_477248593.jpg
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93a04dd5b3ffd721e1efd7f37f0abae74486c53afafd22f68a4c95a5ae29a1e0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 fa5a3d5abd34c6fac657b045a4dcbdc5.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-29285496584,FD-4415468373,P-2221756,FLS-ALL
age
285948
cf-polished
degrade=85, origSize=135160, status=webp_bigger
cf-ray
5ba8ba842a5b3233-FRA
edge-cache-tag
F-29285496584,FD-4415468373,P-2221756,FLS-ALL
status
200
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 7
x-amz-request-id
06F5CB2F41F3F929
cf-request-id
043d52e69b0000323339ad7200000001
x-amz-meta-index-tag
all
x-amz-server-side-encryption
AES256
accept-ranges
bytes
last-modified
Tue, 12 May 2020 16:18:18 GMT
server
cloudflare
etag
"8f171a4fbbb9378b714e740f35502d13"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-amz-id-2
C8IaX6Emi+JqfQcbIcG05x32oeJFkObwQD/EPfp/S6E1Y+TKJj2p/FEDRpBjB5Fg1f7Gr2uZ69Y=
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
2Vv65CpDbI31lre7RYsuwcRvX4VMt6jQ
x-amz-cf-pop
FRA50-C1
content-length
62620
x-robots-tag
all
x-amz-cf-id
6P949iLTO3dBzVFUxUQezJs4A8MIrpPxs6srDpV2BZPkwULBfvseZQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 7
gamers_video_game_teenagers_shutterstock_1176828529_crop.jpeg
www.secureworldexpo.com/hubfs/Blog_images/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/Blog_images/gamers_video_game_teenagers_shutterstock_1176828529_crop.jpeg
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00b4ac92df8e97444b57434487f2b4edd4a991d912324750bd041105b61cdfb3

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 d5fb859c39a16d7f218b4c7fb1528ad6.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-8987669203,FD-4415468373,P-2221756,FLS-ALL
age
3429
cf-polished
qual=85, origFmt=jpeg, origSize=28257
edge-cache-tag
F-8987669203,FD-4415468373,P-2221756,FLS-ALL
status
200
content-disposition
inline; filename="gamers_video_game_teenagers_shutterstock_1176828529_crop.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 4
x-amz-request-id
38E42C6E652AC4C1
cf-request-id
043d52e69c0000323339ad8200000001
x-cache
RefreshHit from cloudfront
accept-ranges
bytes
last-modified
Thu, 18 Apr 2019 20:58:05 GMT
server
cloudflare
etag
"2d5020e9ff16cead70194d21ae067160"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
x-amz-id-2
jXiGfWcgCzr1Ucv8d+POdUreNu8nHv2DTeNqwFNSjsVFidIfxMVup23GWmt933YQ0RYjA4Ieh+s=
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=7200, max-age=7200
x-amz-version-id
hrHwzR312q8kH_bhoXtQTYztFdtZNIy2
x-amz-cf-pop
FRA6-C1
content-length
12878
cf-ray
5ba8ba842a5d3233-FRA
x-amz-cf-id
He8U2Hga28NK6g6KSWvg2xJLrSjoBhzXjmJebMOdjkDmvXWPmzLpmw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 4
addthis_widget.js
s7.addthis.com/js/300/ 		353 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Thu, 04 Jun 2020 15:49:19 GMT
server
nginx/1.15.8
etag
W/"5ed917ff-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
status
200
cache-control
public, max-age=600
date
Wed, 29 Jul 2020 17:58:32 GMT
x-host
s7.addthis.com
content-length
116324
5b11748c-d8d9-47fd-b704-d273971b3380.png
no-cache.hubspot.com/cta/default/2221756/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/2221756/5b11748c-d8d9-47fd-b704-d273971b3380.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0f8dc01b870f4220bb68c5ece91eb9aa5d2b459d84ae795567d9b068184bc54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
cf-cache-status
DYNAMIC
x-amz-request-id
8C1A7FC1ED967B12
status
200
content-length
1720
x-amz-id-2
2QvXVl1TrZ8MNMIVUqzcBbcsBaaz7ugiq40DvLa03uhnW4KcLzelA/3j9JcnVOBSF4aRiPwpeVs=
last-modified
Thu, 08 Sep 2016 23:38:22 GMT
server
cloudflare
etag
"a0bf93e49385d55d2b06b74a0483880e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
cache-control
no-cache, no-store
cf-request-id
043d52e6bf0000d6cd8b338200000001
accept-ranges
bytes
cf-ray
5ba8ba846d3ed6cd-FRA
current.js
www.secureworldexpo.com/hs/cta/cta/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/cta/cta/current.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7449c1e3f354cb62fc458fdc2d374d80a3efa24d03b0dc4a80c8f42d3e96a869

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 156336391961f724345f6534c674b6eb.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
x-amz-cf-pop
IAD89-C3
x-amz-server-side-encryption
AES256
cf-ray
5ba8ba83c9733233-FRA
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
cf-request-id
043d52e6600000323339acc200000001
last-modified
Mon, 15 Jun 2020 10:43:57 UTC
server
cloudflare
etag
W/"3407615c40ffe888d06d8f463830073d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
Lux2CvjWKLgiGWv8al_HK.o_WRN8H0qs
cache-control
max-age=600
access-control-allow-credentials
false
content-type
application/javascript; charset=utf-8
x-amz-cf-id
XqsvLjRYC1DIdkCziLDxgtjqWtzAV4bTUm8ssdIGf_u8MNiPbwTl8g==
facebook-icon.png
www.secureworldexpo.com/hubfs/icons/ 		266 B
860 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/facebook-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45d8a712ca77cd325fcaaf66940adab8fc7d87692dfab6795f4fe8af5761bbc2

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 1463b274b31e0310acc7c754b8b5a550.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4217507994,P-2221756,FLS-ALL
age
3428
cf-polished
origFmt=png, origSize=341
edge-cache-tag
F-4217507994,P-2221756,FLS-ALL
status
200
content-disposition
inline; filename="facebook-icon.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 5
x-amz-request-id
8C8D6D4CDA74F41C
cf-request-id
043d52e69c0000323339ad9200000001
x-cache
RefreshHit from cloudfront
accept-ranges
bytes
last-modified
Sun, 08 Oct 2017 22:59:45 GMT
server
cloudflare
etag
"382d93a10bf4c2b421daabc50181cee3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
x-amz-id-2
z8Q0dlPUU+eIHGAF9AcWrNfyNiYtnNL8hFtjjj8e3cbxGKl40hn7SNkMId/CcQ1DORcEAwExgr0=
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=7200, max-age=7200
x-amz-version-id
cpGeMT3J5tMnUJqYR3Q0N_7QYVZ9aPqE
x-amz-cf-pop
FRA54
content-length
266
cf-ray
5ba8ba842a5e3233-FRA
x-amz-cf-id
yHRMf_TFVce-EXY5XSa0d96nb2ZLL4YdonYfFI0h1pEnBGyN2MJZBQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 5
twitter-icon.png
www.secureworldexpo.com/hubfs/icons/ 		616 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/twitter-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2706e604d16b9785e1a98e631df92c3402eb93e3d8160b6b0959f28d132e3ce

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4236787772,P-2221756,FLS-ALL
age
3429
cf-polished
origFmt=png, origSize=883
edge-cache-tag
F-4236787772,P-2221756,FLS-ALL
status
200
content-disposition
inline; filename="twitter-icon.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 5
x-amz-request-id
C79E59B5593B9284
cf-request-id
043d52e69d0000323339ada200000001
x-cache
RefreshHit from cloudfront
accept-ranges
bytes
last-modified
Sun, 08 Oct 2017 22:59:51 GMT
server
cloudflare
etag
"435d809eb83677f7468e7b683bb64e9d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
x-amz-id-2
qPK5D5RTpACh0mnj1oPI3X00zj/GzSPahxxRPLdRWya+WbM/0aEksV0DaJJ0ch9sR5E7E7Vu8bw=
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=7200, max-age=7200
x-amz-version-id
vxboFQ0o8uHNttXVAk1x4tCcamAImMN6
x-amz-cf-pop
FRA6-C1
content-length
616
cf-ray
5ba8ba842a613233-FRA
x-amz-cf-id
X3Bl5vITwpL69IAZjq_6HzeS_oTZxh3Sqs7yPaYY3ZSiu_IW9qs7Xw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 5
linkedin-icon.png
www.secureworldexpo.com/hubfs/icons/ 		398 B
888 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/linkedin-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
105580db30d3915f2122d4e07a985c069478dd6f64e25d58ff3bf4c6ba7d9200

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 a7dcca466407f1871feceef50bc84272.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4249039716,P-2221756,FLS-ALL
age
3429
cf-polished
origFmt=png, origSize=545
edge-cache-tag
F-4249039716,P-2221756,FLS-ALL
status
200
content-disposition
inline; filename="linkedin-icon.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 5
x-amz-request-id
B4F66C89FF9317F7
cf-request-id
043d52e69d0000323339adb200000001
x-cache
RefreshHit from cloudfront
accept-ranges
bytes
last-modified
Sun, 08 Oct 2017 23:00:01 GMT
server
cloudflare
etag
"f35feef6db03f1de7a0f82ac16331984"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
x-amz-id-2
fX8YX8jX2dpW1Pi3OAhnWo2NARex5jVH0UDsAPSTfvx6mPfPC1QfnMT2nnJL3RQ9CBe18h/Z7eY=
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=7200, max-age=7200
x-amz-version-id
Ca0VlQPn4uRh8ARQvO0BomNcHUPSzg5d
x-amz-cf-pop
FRA6-C1
content-length
398
cf-ray
5ba8ba842a653233-FRA
x-amz-cf-id
iK7yS47uozYVdIaGlAJfVjB2jZu_5v2nngs0QSEdB6Ae2b2DJvK6Rg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 5
youtube-icon.png
www.secureworldexpo.com/hubfs/icons/ 		538 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/youtube-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb84dfde92c3f516c917d8b8a714cbedcb98908c2ca54c47f2eb27cc712ec39e

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 21da0a66bafe2c8de8be4a4d8039346b.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4217507984,P-2221756,FLS-ALL
age
3429
cf-polished
origFmt=png, origSize=740
edge-cache-tag
F-4217507984,P-2221756,FLS-ALL
status
200
content-disposition
inline; filename="youtube-icon.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 4
x-amz-request-id
7Z0ZCRDR3YCTDJBW
cf-request-id
043d52e69d0000323339adc200000001
x-cache
RefreshHit from cloudfront
accept-ranges
bytes
last-modified
Sun, 08 Oct 2017 22:59:44 GMT
server
cloudflare
etag
"cd74c7bacf9b51e0d78450b3a775f1d5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
x-amz-id-2
tcxHqeyi2P+XQRaRWU+xjcsjz/zRrTkBQppHs2TbooxXHWDebtYqlZamssmBXAkTOIr8kA6VHOY=
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=7200, max-age=7200
x-amz-version-id
MZVOTxFc5yM8fhWUGQmM9Ce.Rx4WyYF6
x-amz-cf-pop
FRA6-C1
content-length
538
cf-ray
5ba8ba842a673233-FRA
x-amz-cf-id
z0d03l7XGcF0kc7-o0IDJYNSz3dHMEENgUp4m9OSTUe-Z70xb2IhBA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 4
rss-icon.png
www.secureworldexpo.com/hubfs/icons/ 		692 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/rss-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5925c2d6c0ad64e279e2f90cba407923d8f8a2dc4bea98054296f88ea829ce8

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 e7e7960d7731a7583cedd8f1ff1aca38.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4217507989,P-2221756,FLS-ALL
age
3429
cf-polished
origFmt=png, origSize=936
edge-cache-tag
F-4217507989,P-2221756,FLS-ALL
status
200
content-disposition
inline; filename="rss-icon.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 5
x-amz-request-id
41473177BA15C83C
cf-request-id
043d52e69d0000323339add200000001
x-cache
RefreshHit from cloudfront
accept-ranges
bytes
last-modified
Sun, 08 Oct 2017 22:59:44 GMT
server
cloudflare
etag
"ba9634d8e84bfd7f172da2b890dce500"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
x-amz-id-2
2jQGrda0Vb0ge2HSGNDkqqXPT+vjVDWlQEFQbj0zgakHlG2VaEa2ezGKhaNTUWk6N2OBMv6/EKc=
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=7200, max-age=7200
x-amz-version-id
88.SyS0cTzC0LClKKIA02czWzR1OOcjz
x-amz-cf-pop
FRA6-C1
content-length
692
cf-ray
5ba8ba842a6b3233-FRA
x-amz-cf-id
mVsWcSBNC1geIJ1Z7HMdTPOHckqIDBxQ8OkSOuWZxuK_BHgK693UiQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 5
module_5767375991.min.js
www.secureworldexpo.com/hs-fs/hub/2221756/hub_generated/module_assets/1526415140634/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs-fs/hub/2221756/hub_generated/module_assets/1526415140634/module_5767375991.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e7ae196488d11c550b2c2bdda02ab66d9b30d9ce3428175816fc7529d417b55

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 b4346add631a498bf6cdbf88cbc5ff13.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
2927
x-cache
RefreshHit from cloudfront
status
200
x-amz-cf-pop
IAD89-C1
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 5
content-encoding
br
x-amz-request-id
3450FE67CC701C9A
x-amz-id-2
34ceG2SoVmIZu6PY4LVZbHgs7LAYLhS1VyFxYvWYpuI+p1H0+GMWQVJkCqHiGSL2zs6B36LAmkI=
last-modified
Tue, 15 May 2018 20:12:21 GMT
server
cloudflare
etag
W/"f4b2280c49cfc63c17de571e5c7fc973"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=7200, max-age=7200, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
r6EweSOu4oidIwv_yz3SQArFNSnW.a4T
cf-request-id
043d52e69b0000323339ad4200000001
cf-ray
5ba8ba842a543233-FRA
x-amz-cf-id
UHdO7eX3UITgIe6wyjmHxmVf_Er-ivmJoEBwg-z90hZD1bz6JDHY0g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 5
2221756.js
www.secureworldexpo.com/hs/scriptloader/ 		1 KB
592 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/scriptloader/2221756.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfa022b8d0f861f24b7d9e66d7c1dc966e3b12813911b684baf04240a438fd9f

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
cf-cache-status
EXPIRED
server
cloudflare
x-trace
2B65CC330DA189C79175E15CEBDA2F1E7A3C2EBA82000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
public, max-age=60
access-control-allow-credentials
false
cf-ray
5ba8ba842a6d3233-FRA
cf-request-id
043d52e69d0000323339ade200000001
expires
Wed, 29 Jul 2020 17:59:32 GMT
hotjar-349336.js
static.hotjar.com/c/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-349336.js?sv=5
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.101.5 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress16
Software
/
Resource Hash
040dfe57345c48240e6b336a0ca16f0cb0d368589fd9999dc65c8fc5d0480cd2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
x-content-type-options
nosniff
section-io-tag
hotjarjs
age
0
status
200
section-io-cache
Miss
vary
Accept-Encoding
content-length
1556
cache-control
max-age=60
etag
W/cb6e572e5c185e9e3f56738fa1e826cc
access-control-max-age
600
section-io-origin-status
200
access-control-allow-origin
*
x-cache-hit
1
section-io-origin-time-seconds
0.020
section-io-id
3c0b8441b45a169f8d5380e86eeae016
accept-ranges
bytes
content-type
application/javascript
section-origin-responded
true
secureworld-logo-2.png
cdn2.hubspot.net/hubfs/2221756/
Redirect Chain
  • https://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer

Response headers

date
Wed, 29 Jul 2020 17:58:33 GMT
via
1.1 baaf38f0a0d54e4834bf934fa5189ceb.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
x-amz-meta-cache-tag
F-4248998301,P-2221756,FLS-ALL
x-amz-cf-pop
FRA50-C1
cf-polished
origFmt=png, origSize=8991
edge-cache-tag
F-4248998301,P-2221756,FLS-ALL
status
200
content-disposition
inline; filename="secureworld-logo-2.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 55
x-amz-request-id
1A75FB32B09FD276
cf-request-id
043d52e69d0000d6e1a0bee200000001
x-cache
Miss from cloudfront
accept-ranges
bytes
last-modified
Sun, 08 Oct 2017 23:00:00 GMT
server
cloudflare
etag
"a2bea9973108d135d0e2ed91ee7a4863"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
8C7sadi_1ki1QqvhHVTxlDSccXzvI9qc
content-length
5778
cf-ray
5ba8ba842be0d6e1-FRA
x-amz-cf-id
KRw4SiivKvCdePzBaTxecVf-X3fRsn_JlX_LvCvwdpJhGUVuhKpMog==
x-amz-id-2
QGf8u/DkNPoJ3rLNRfy9E50Tpikl3RSZ3wUNbmm/RKPwiDyiluSCRcfHD1Yy7DUjoNImyRGFj84=
l
use.typekit.net/af/bb3775/00000000000000000001569e/27/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/bb3775/00000000000000000001569e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
nginx /
Resource Hash
dcb769d61497a5dce38c3348ae7c237fd9be1942f7c042911d704717c1605ff9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
server
nginx
etag
"99f07ce58bc0e353bcdc4fa21533dd7a9de930b5"
status
200
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
16476
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/fonts/ 		70 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
8344173
status
200
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
71896
cf-request-id
043d52e6bc00000eb7b72bc200000001
served-in-seconds
0.000
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:19:53 GMT
server
cloudflare
etag
"5afd4939-118d8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
5ba8ba846bf30eb7-FRA
expires
Mon, 19 Jul 2021 17:58:32 GMT
ransomware-money-shutterstock.jpg
www.secureworldexpo.com/hubfs/ 		63 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/ransomware-money-shutterstock.jpg
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
704f84a622dabfc7383e86edb279e71978305eca2edc39585f1fbad6bee6d419

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 1af918bb74ca14562ee109e74044387e.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-6240528961,P-2221756,FLS-ALL
age
8194
cf-polished
degrade=85, origSize=101932, status=webp_bigger
edge-cache-tag
F-6240528961,P-2221756,FLS-ALL
status
200
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 7
x-amz-request-id
8EAC5A093322A4ED
cf-request-id
043d52e6cc0000323339ae1200000001
accept-ranges
bytes
last-modified
Thu, 27 Sep 2018 16:54:25 GMT
server
cloudflare
etag
"14ba9e55fff9cbc2d9153319ae2914fd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-amz-id-2
+SZs/rjVrp3/Hj9UkZN6s2eGTjLLkyrURfVRdhPUr6+pUjYvLXsPIJ2jPEr3WFxsd7KcTJrxbo4=
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
llsIThycd9s.ve7OtbUbitaho.Zf9PS7
x-amz-cf-pop
ATL52-C1
content-length
64519
cf-ray
5ba8ba847b573233-FRA
x-amz-cf-id
1umBNQs3OfRrCgaewSrBsFibrV09uzKjdwnIJ8xOoD45pX7j97jXqA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 7
l
use.typekit.net/af/7e7807/00000000000000003b9adf8d/27/ 		11 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/7e7807/00000000000000003b9adf8d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
nginx /
Resource Hash
eddf849cf62612e5e4562a7cdc14184f9b62ff3ce9304d9cb6c2f3a0b56f8efc

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
server
nginx
etag
"5eae00594a6e4389351e7799a5ec80c9177b17d7"
status
200
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11724
l
use.typekit.net/af/a6f15d/00000000000000000001569d/27/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/a6f15d/00000000000000000001569d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
nginx /
Resource Hash
04a7f69900ec09547b919c8a44e52a13933b9e4de1ebd97337d037f48e2b0209

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
server
nginx
etag
"d09f966d69c26891fac2c4897662016d1e2cf038"
status
200
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
18764
l
use.typekit.net/af/394c5a/0000000000000000000156a1/27/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/394c5a/0000000000000000000156a1/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
nginx /
Resource Hash
487a1c1be7c36bf6d6263d1f0b698d2efab5b4a7d1c0e258a8d6f6ab2bccbbb5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
server
nginx
etag
"e8d3b4137e5c88f1f7df47c8f7c2d7e34fbe5f19"
status
200
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
17996
moatframe.js
z.moatads.com/addthismoatframe568911941483/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
FBAF69B7861DE212
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=55147
accept-ranges
bytes
content-length
948
x-amz-id-2
mINJDBnKUfP83RzDJ6hQaYSGPvMPOM770jd+gXVSD8LFScfPdVPaVzI4W2IwmrtEKhDna93Nv9A=
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-29110626-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
6173
date
Wed, 29 Jul 2020 16:15:39 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Wed, 29 Jul 2020 18:15:39 GMT
integrator.js
adservice.google.de/adsid/ 		109 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.secureworldexpo.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.secureworldexpo.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
pubads_impl_2020072301.js
securepubads.g.doubleclick.net/gpt/ 		253 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072301.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f130.1e100.net
Software
sffe /
Resource Hash
be31d790c31b5492e47a666b767d66be19e5b03bf9d37754ca793ba38feb0210
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 23 Jul 2020 13:07:56 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
91416
x-xss-protection
0
expires
Wed, 29 Jul 2020 17:58:32 GMT
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 63F4 		0
0
f9c697eb-4f35-4c94-a6fd-0f0abceafced
www.secureworldexpo.com/_hcms/forms/embed/v3/form/2221756/ 		20 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/_hcms/forms/embed/v3/form/2221756/f9c697eb-4f35-4c94-a6fd-0f0abceafced?callback=hs_reqwest_0&hutk=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e2e74509e4baaade4db0bb4a69930ca981f2627bed2a90b203b41d89300a63e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
x-trace
2B67D3CFF95C45FFD280E0145D59E797D39E9E4A88000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
content-disposition
attachment; filename=no-rfd.txt
cf-ray
5ba8ba85bdd33233-FRA
cf-request-id
043d52e78f0000323339aeb200000001
de00eec1-d1e4-4ed7-92a5-513850f7168f
www.secureworldexpo.com/_hcms/forms/embed/v3/form/2221756/ 		3 KB
975 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/_hcms/forms/embed/v3/form/2221756/de00eec1-d1e4-4ed7-92a5-513850f7168f?callback=hs_reqwest_1&hutk=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b14cc2e3fbba5348c7a2862cade95f0e35add318d02547550770dda5ed846119
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
x-trace
2BE0414E0B0D482959964AE5C998F06021A2B65367000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
content-disposition
attachment; filename=no-rfd.txt
cf-ray
5ba8ba85bdda3233-FRA
cf-request-id
043d52e7900000323339aec200000001
insight.min.js
snap.licdn.com/li.lms-analytics/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:eb:385::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 29 Jul 2020 17:58:32 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=41554
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
all.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9e819b6f1c2517d5009831fc8a28097c27be0415f918dc9c770392528b9f8fc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
aAGXek9NfojfSoVqDXzFaQ==
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1779
etag
"c6ee118be1f03ffc5a5233ff8a38438e"
x-fb-debug
XA4Rc6yY6Mxs1J7J9q6Ljsc7TI9Pq02udqIwpe4u+4wNilcTHGHHgBptX3DcULwGlCLUvvxOjjMPOd0ymiPCCg==
x-fb-trip-id
664085054
x-fb-content-md5
f6fd24afcc9aea574bae622441d60ad1
x-frame-options
DENY
date
Wed, 29 Jul 2020 17:58:32 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 29 Jul 2020 18:12:24 GMT
widgets.js
platform.twitter.com/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
99ab6fd805e3873aa0a5adedd4b27e9c74becff9cd70b5ae1e96d420379736b0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
gzip
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
28903
x-served-by
cache-bwi5136-BWI, cache-hhn4035-HHN
last-modified
Tue, 30 Jun 2020 18:28:19 GMT
etag
"39da0b876a64ee1b6bc99d214750b9f3+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=1800
accept-ranges
bytes
tw-cdn
FT
l
use.typekit.net/af/3ad3aa/00000000000000000001569b/27/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/3ad3aa/00000000000000000001569b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
nginx /
Resource Hash
1e54331d7158f9a0abb6782f264ae9461fa13459fd6062ffabe1dd26c35ce1e0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
server
nginx
etag
"fefd3dbe8b7ef1626c87462aa1d1e79b3dcd6e47"
status
200
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
17452
l
use.typekit.net/af/9e46ec/00000000000000003b9adf8a/27/ 		11 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/9e46ec/00000000000000003b9adf8a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
nginx /
Resource Hash
b1e1b7aa534882af2611627bea86667e9aa6382f1afaf501c92d52cfe800f9a1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
server
nginx
etag
"4cf766f30cb354bace1fc993c9fac290fcb99d54"
status
200
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11672
l
use.typekit.net/af/cc82c8/00000000000000003b9adf93/27/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/cc82c8/00000000000000003b9adf93/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
nginx /
Resource Hash
9f4ae93de936fb5a15eec738abbb037cd8e5cc4e632a383701ad6d65462a432c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
server
nginx
etag
"18e006d1293afebbc42e8c739f3b1591ba611d5a"
status
200
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11812
l
use.typekit.net/af/78f875/00000000000000003b9adf90/27/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/78f875/00000000000000003b9adf90/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
nginx /
Resource Hash
3c82ee60664a2e794f5085023f75a11a962ace069300ab54b13332b6a2b49272

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
server
nginx
etag
"69acc88dceb338052e5f2d097c4a9fc618ff0d48"
status
200
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
10780
l
use.typekit.net/af/66bb45/00000000000000003b9adf8b/27/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/66bb45/00000000000000003b9adf8b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
nginx /
Resource Hash
16c387cb1f0e7daac69f16408a334a4301300f4b62b1bc224d70b164155a6928

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
server
nginx
etag
"aab15115f34bdbbf651dee6879b1b18d8cd54b11"
status
200
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11180
l
use.typekit.net/af/1db353/00000000000000003b9adf8f/27/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/1db353/00000000000000003b9adf8f/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
nginx /
Resource Hash
3aef1fcf1a2eae7be06e1aec6d79c322385f74fb3e284428679e46af3b49a0b2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
server
nginx
etag
"9a26f87008ff7b9f0fbd10d7b7ef46650877431d"
status
200
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11260
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-57a915b0b3a6bc42/ 		2 KB
848 B 		Script
General
Check archive.org
Download Go to
Full URL
https://v1.addthisedge.com/live/boost/ra-57a915b0b3a6bc42/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4cc6481fb0583f3d9b32262df669b6c24097720e50ab8a5fa49205eb0e02921a

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
gzip
etag
569385478--gzip
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
public, max-age=59, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
672
300lo.json
m.addthis.com/live/red_lojson/ 		90 B
250 B 		Script
General
Check archive.org
Download Go to
Full URL
https://m.addthis.com/live/red_lojson/300lo.json?si=5f21b8c8c775bf4f&bkl=0&bl=1&pdt=702&sid=5f21b8c8c775bf4f&pub=ra-57a915b0b3a6bc42&rev=v8.28.7-wp&ln=en&pc=men&cb=0&ab=-&dp=www.secureworldexpo.com&fp=industry-news%2Fhow-ryuk-ransomware-works&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1596045512618&jsl=1&uvs=5f21b8c8bc20217d000&skipb=1&callback=addthis.cbs.jsonp__147095900333733320
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0f93ee526a8ae841700fc02d76e3eaaa1b758eabf23a8c9c797b199d051ec599

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
pragma
no-cache
date
Wed, 29 Jul 2020 17:58:32 GMT
cache-control
max-age=0, no-cache, no-store, no-transform
content-disposition
attachment; filename=1.txt
content-length
90
content-type
application/javascript;charset=utf-8
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame AA93 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
s7.addthis.com
:scheme
https
:path
/static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
server
nginx/1.15.8
content-type
text/html
last-modified
Mon, 09 Sep 2019 15:34:57 GMT
etag
W/"5d767121-1115f"
timing-allow-origin
*
cache-control
public, max-age=86313600
p3p
CP="NON ADM OUR DEV IND COM STA"
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
content-length
25412
date
Wed, 29 Jul 2020 17:58:32 GMT
vary
Accept-Encoding
x-host
s7.addthis.com
has-permission
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 		0
426 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=2221756&callback=jsonpHandler
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/hsstatic/HubspotToolsMenu/static-1.72/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-trace
2B26CB7F464C0913C08315983CE22425B0CA99DA47000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
status
204
cache-control
max-age=0
access-control-allow-credentials
false
cf-ray
5ba8ba85ea17d6cd-FRA
cf-request-id
043d52e7b20000d6cd8b34d200000001
public
api.hubapi.com/comments/v3/comments/thread/ 		75 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/comments/v3/comments/thread/public?portalId=2221756&offset=0&limit=1000&contentId=10855193339&collectionId=4214485368&callback=jsonp_1596045512624_62314
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.81/js/comment_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dfccefcea42ec7a6b36609a1a58dfde0f8f03228ace1cc3fc11936cd975f9c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
x-trace
2BA36CD97A62B182009D81C967138C970D14AD6305000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
5ba8ba861aaa9730-FRA
cf-request-id
043d52e7cb0000973043a75200000001
modules.1624cd159d280bc0abdd.js
script.hotjar.com/ 		367 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.1624cd159d280bc0abdd.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-349336.js?sv=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.101.5 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress16
Software
/
Resource Hash
08a861dd65c2b510e187c3460cd12218bb1ffd865ca508de1ada2b89fa78fb8e

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
age
119110
status
200
section-io-cache
Hit
content-length
71516
last-modified
Tue, 28 Jul 2020 08:50:08 GMT
etag
"6ac34916f76acee78b79454b70a7eed0"
vary
Accept-Encoding
section-io-origin-status
200
access-control-allow-origin
*
cache-control
max-age=31536000
section-io-origin-time-seconds
0.026
section-io-id
a04e96610a6224f272a9bf5356b86260
accept-ranges
bytes
content-type
application/javascript
section-origin-responded
true
leadflows.js
js.hsleadflows.net/ 		401 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/scriptloader/2221756.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:e6cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0dd8e3c80fde83e3490dfc7c73960f19a751419aa0ac6d6f96f1d804fe0e5329

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
via
1.1 738984066968793a5714282f49fe0ab9.cloudfront.net (CloudFront)
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
HIT
age
36970
x-amz-server-side-encryption
AES256
cf-ray
5ba8ba861dbe05cc-FRA
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
cf-request-id
043d52e7d3000005cc09b50200000001
last-modified
Fri, 10 Jul 2020 12:21:49 UTC
server
cloudflare
etag
W/"f007144f3d6494a9cd817569e127a504"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
P3rDtiJD7HKnxeSZdufzjpsEiajovPfK
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-amz-cf-pop
IAD89-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
RDFNTc3w5zcmX5QGFAEUYg4lwRjBlA1m23kP1h_Fe25rVXv2HRHNxw==
2221756.js
js.hs-banner.com/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/2221756.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/scriptloader/2221756.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d344f362dcebb971a7505cae2f7c359c4164c7aea9bb2c90a30000edbcca60b4

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash
crc32c=UqYVEA==, md5=IDqi6ZepkanX0h5Xm04eyg==
date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-guploader-uploadid
AAANsUn4q2U_jqA8qWUraG-tE-F_tqyfZ10fE8Iv2hqbUYF6nxuCyqnGEYgWzO1KMruoqFiSGggoie8WrCb4FQ5PDQ
x-goog-storage-class
STANDARD
status
200
access-control-max-age
604800
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/javascript
cf-request-id
043d52e7d30000dff744a7f200000001
timing-allow-origin
*
last-modified
Fri, 17 Jul 2020 21:51:02 GMT
server
cloudflare
etag
W/"203aa2e997a991a9d7d21e579b4e1eca"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-goog-generation
1595022662737552
access-control-allow-origin
https://www.secureworldexpo.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
x-goog-stored-content-length
23079
cf-ray
5ba8ba86193adff7-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Wed, 29 Jul 2020 18:03:32 GMT
2221756.js
js.hs-analytics.net/analytics/1596045300000/ 		59 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1596045300000/2221756.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/scriptloader/2221756.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:46b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57f574ef32f1005dda15a1322991f68aa2bf75f37c574598a2dda626d341dd02

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
160C38445BC715FD
x-amz-server-side-encryption
AES256
cf-ray
5ba8ba866eb297d2-FRA
status
200
x-amz-id-2
RGO7RPcHnklgCTL6ySNS6Os7tZjfwTRZ8bX4S2A8cxxByiH5SA1NN9hpkdSpkQip0p7J2XD6PMQ=
last-modified
Mon, 20 Jul 2020 14:11:06 GMT
server
cloudflare
etag
W/"7112bd8c73e122905cf857f5392bab01"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
cf-request-id
043d52e805000097d29ca65200000001
content-type
text/javascript
expires
Wed, 29 Jul 2020 18:03:32 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=343230341&t=pageview&_s=1&dl=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&ul=en-us&de=UTF-8&dt=Special%2...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-29110626-1&cid=1927368728.1596045513&jid=1305446125&_gid=610101161.1596045513&gjid=2051460167&_v=j83&z=257475982
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=1927368728.1596045513&jid=1305446125&_v=j83&z=257475982
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=1927368728.1596045513&jid=1305446125&_v=j83&z=257475982&slf_rd=1&random=3365329826
42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=1927368728.1596045513&jid=1305446125&_v=j83&z=257475982&slf_rd=1&random=3365329826
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Jul 2020 17:58:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Jul 2020 17:58:32 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=1927368728.1596045513&jid=1305446125&_v=j83&z=257475982&slf_rd=1&random=3365329826
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
all.js
connect.facebook.net/en_US/ 		192 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js?hash=ace303d52a6a75d39e70f06d0d0f24a4&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8c91373ba782321d4e33f02afc5d8c8c91c35b81a69fd958cbf542e0b6de0d88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
0xqRzQOewk7pjx1zvjjJKg==
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
58769
etag
"c8ec89cf63c981b5661ba9e3c89ab597"
x-fb-debug
312gO1jhWeCbajGJix7NPWjQWi/I0PnbSHMxvu1BOrROvKPF8eoKGJVoHe5eYRBfHA6Z2aIPQd/BHA+wlbi50A==
x-fb-trip-id
664085054
x-fb-content-md5
d38ca2a0612ccc5470e9250c9bcec5e1
x-frame-options
DENY
date
Wed, 29 Jul 2020 17:58:32 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
expires
Thu, 29 Jul 2021 16:24:13 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1596045512680
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D651962%26url%3Dhttps%253A%252F%252Fwww.secureworldexpo.com%252Findustry-news%252F...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1596045512680&liSync=true
0
82 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1596045512680&liSync=true
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:33 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
+kydI/BKJhbQzSwP+ioAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options
nosniff
linkedin-action
1
status
302
content-length
0
x-li-uuid
JZ4bG/BKJhYwSgVCGSsAAA==
pragma
no-cache
x-li-pop
afd-prod-lor1
x-msedge-ref
Ref A: A340A0DE5AB44D2C953E8B7028D2D2F1 Ref B: FRAEDGE1213 Ref C: 2020-07-29T17:58:32Z
x-frame-options
sameorigin
date
Wed, 29 Jul 2020 17:58:32 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1596045512680&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 69A2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-349336.js?sv=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.102.13 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress3
Software
/
Resource Hash

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
date
Wed, 29 Jul 2020 17:58:32 GMT
content-type
text/html
content-length
851
last-modified
Mon, 27 Jul 2020 17:12:24 GMT
etag
"d594f1d4c3e5dbd6b556c60d34e0daea"
cache-control
max-age=31536000
content-encoding
br
section-io-origin-status
200
section-io-origin-time-seconds
0.031
section-origin-responded
true
age
146746
vary
Accept-Encoding
section-io-cache
Hit
accept-ranges
bytes
section-io-id
9e26d430bb1faa11da0dd900d89b5f6c
ads
securepubads.g.doubleclick.net/gampad/ 		54 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4400818564302340&correlator=240180601451377&output=ldjh&impl=fifs&adsid=NT&eid=21065517%2C44723444&vrg=2020072301&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200729&iu_parts=562063608%2CBB1%2CBB2%2CBannerAd&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=300x250%2C300x250%2C970x90&cookie_enabled=1&bc=31&abxe=1&lmt=1596045512&dt=1596045512723&dlt=1596045512096&idt=607&frm=20&biw=1600&bih=1200&oid=3&adxs=1044%2C1044%2C315&adys=647%2C2048%2C115&adks=615754453%2C1619671624%2C2061276719&ucis=1%7C2%7C3&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&dssz=66&icsg=69315118301183&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=362x250%7C362x250%7C1150x90&msz=300x-1%7C300x-1%7C1150x90&ga_vid=1927368728.1596045513&ga_sid=1596045513&ga_hid=343230341&fws=0%2C0%2C0&ohw=0%2C0%2C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f130.1e100.net
Software
cafe /
Resource Hash
bfb1427dfa877187fbd4bc43ef673510d2b062757c80690eb7c311f31ed9c8e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8235
x-xss-protection
0
google-lineitem-id
5428476182,5265606850,5428190398
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138317613174,138300245341,138317575763
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.secureworldexpo.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
9b37ec61a1956211135da73c0128c504.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://9b37ec61a1956211135da73c0128c504.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
widget_iframe.c4b33f07650267db9f8a72eaac551cac.html
platform.twitter.com/widgets/ Frame D09E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.c4b33f07650267db9f8a72eaac551cac.html?origin=https%3A%2F%2Fwww.secureworldexpo.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

:method
GET
:authority
platform.twitter.com
:scheme
https
:path
/widgets/widget_iframe.c4b33f07650267db9f8a72eaac551cac.html?origin=https%3A%2F%2Fwww.secureworldexpo.com
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
last-modified
Tue, 30 Jun 2020 18:26:55 GMT
cache-control
public, max-age=315360000
content-type
text/html; charset=utf-8
etag
"9fa476ae827f556d5b037fe43632370d+gzip"
content-encoding
gzip
access-control-allow-methods
GET
access-control-allow-origin
*
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges
bytes
date
Wed, 29 Jul 2020 17:58:32 GMT
x-served-by
cache-bwi5149-BWI, cache-hhn4035-HHN
x-cache
HIT, HIT
vary
Accept-Encoding
tw-cdn
FT
content-length
5825
p.gif
p.typekit.net/ 		35 B
182 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.typekit.net/p.gif?s=1&k=cfm6mzj&ht=tk&h=www.secureworldexpo.com&f=24349.24352.24354.24355.27887.27970.28026.27954.27958.28025&a=657783&js=1.19.4&app=typekit&e=js&_=1596045512793
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:eb:1af::19fd , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
last-modified
Wed, 24 Jun 2020 20:59:18 GMT
server
nginx
etag
"5ef3bea6-23"
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
35
amp4ads-v0.js
cdn.ampproject.org/rtv/012007210634000/ Frame 14B8 		206 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c30c656a67a3c902072c7c839344fbe793788edbbaebb4f7a59b4c3c6750897
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
18379
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
57364
x-xss-protection
0
server
sffe
date
Wed, 29 Jul 2020 12:52:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"da4645546e0fb9cb"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 29 Jul 2021 12:52:13 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 14B8 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012007210634000/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fb199303a3c6c4ec7d96d3135a9798cf63f52e829aba12d2ae8c30f01425281a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
18378
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29699
x-xss-protection
0
server
sffe
date
Wed, 29 Jul 2020 12:52:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ff583ae049a1bccf"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 29 Jul 2021 12:52:14 GMT
truncated
/ Frame 14B8 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
70acd0b88c3f56cf11a1159948d425f391e9efed8acc3ca2f49f5ca93eca9871

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-v0.js
cdn.ampproject.org/rtv/012007210634000/ Frame A12E 		206 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c30c656a67a3c902072c7c839344fbe793788edbbaebb4f7a59b4c3c6750897
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
18379
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
57364
x-xss-protection
0
server
sffe
date
Wed, 29 Jul 2020 12:52:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"da4645546e0fb9cb"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 29 Jul 2021 12:52:13 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012007210634000/v0/ Frame A12E 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012007210634000/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fb199303a3c6c4ec7d96d3135a9798cf63f52e829aba12d2ae8c30f01425281a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
18378
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29699
x-xss-protection
0
server
sffe
date
Wed, 29 Jul 2020 12:52:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ff583ae049a1bccf"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 29 Jul 2021 12:52:14 GMT
truncated
/ Frame A12E 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3dcedf4ff2f6c88125017008138f8f1b5e366af59c7533cfb4cd959ada1e0d9d

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-v0.js
cdn.ampproject.org/rtv/012007210634000/ Frame 8FEE 		206 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c30c656a67a3c902072c7c839344fbe793788edbbaebb4f7a59b4c3c6750897
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
18379
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
57364
x-xss-protection
0
server
sffe
date
Wed, 29 Jul 2020 12:52:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"da4645546e0fb9cb"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 29 Jul 2021 12:52:13 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 8FEE 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012007210634000/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fb199303a3c6c4ec7d96d3135a9798cf63f52e829aba12d2ae8c30f01425281a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
18378
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29699
x-xss-protection
0
server
sffe
date
Wed, 29 Jul 2020 12:52:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ff583ae049a1bccf"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 29 Jul 2021 12:52:14 GMT
truncated
/ Frame 8FEE 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a341bf0f4b083526be7694a2a7ae85f1413c07f43f09ebf7fb425a15fd74f44

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
15794070589447921224
tpc.googlesyndication.com/simgad/ Frame 14B8 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/15794070589447921224
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
35073e4455cdee6277704362735669288ffb08a2ccb039d5e8cb92cb41fc839c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 22 Jul 2020 00:29:19 GMT
x-content-type-options
nosniff
age
667753
x-dns-prefetch-control
off
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32255
x-xss-protection
0
last-modified
Tue, 21 Jul 2020 19:23:26 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 22 Jul 2021 00:29:19 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 14B8 		0
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvWJUPOXGfnCg6tK6Sx1Uyd9UiCogHI4RizwfRUiQWP_M-YxgvWri6EqUiGYLEQM-GCAsVYE0Akgxx6L3M39TKCN_wGPn5TwOk2hT5Xmynnx11vmDR94xeT1cDqRXt0HA00gObfmQ3RWrhqpz1vTXpvFQNsw-YgmndQicPH0XawbwP-0o--3GhDUjpA-Ni3u7k11GXQZQ7-mdKaXn6Voe771lbqUQilwHHqY8LRHj0gk6ad5l_m9AFGBS3tMkHJYCay-tXl&sai=AMfl-YTmZAQ61Lp24TMd5Fed-su0rUi_g0RXHA63-542s_6v-rqpfttUumDHQ_L9soDr6qX_nd2LOaSK2wTDPdw0zTuW78YXZrvbt_D3Aun1gBnFiafMWVkH0zFW2ceh4yY&sig=Cg0ArKJSzBBVwV9Tr3J1EAE&adurl=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f130.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Jul 2020 17:58:32 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Wed, 29 Jul 2020 17:58:32 GMT
8777349368690554872
tpc.googlesyndication.com/simgad/ Frame A12E 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/8777349368690554872
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
49462e62ffdc3a5261d6bb9f3cef2762629baf831d6825d18c5b4ad1b897143e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 23 Jul 2020 19:01:11 GMT
x-content-type-options
nosniff
age
514641
x-dns-prefetch-control
off
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53356
x-xss-protection
0
last-modified
Wed, 08 Jan 2020 19:54:57 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 23 Jul 2021 19:01:11 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame A12E 		0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstDJH0RqPMutOe17hk1zoxza0zD_78en4Ms5OWywvgYTfp85FK_xtIUbHcrGED2Xs3BlYzH5oXSmtE_Lv6qQAPPiKf6rTGjnwkCr8PPTQPFTx8mY7Jevlm8hJ1UEowJltV4haSeX-9KoWOYGokk99GT5egtGyLej7Zl2M_83AjEUpFATBNMg-4HMDV6UBBXAPQ_84iEgYVwrQ_Iy765iw71fiKfTGGGx6Hx-ymrg6SA2QgJNOwTNMD3e2kw9Nvm6GiW3FdY&sai=AMfl-YTXr-G-O5lADFX2Wen9j3PGtgdm32t7KqQ93Qrgqqy4nf5vVBpk5c21-89nIHXCdcoUeFpIlUJThC863_oZNlujvRWoUoqLP1FIb-USoNeH9bULcMi8VjALHNtR5rw&sig=Cg0ArKJSzLqFX88XosInEAE&adurl=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f130.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Jul 2020 17:58:32 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Wed, 29 Jul 2020 17:58:32 GMT
l
www.google.com/ads/measurement/ Frame A12E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaT-_SJU-J5cXmv3-IcPTeZ9_-j9cD0BPNx5O0yeW_7LCyoGsSN7opLqqsAk1-8qUa-AXwRv
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
18184162732492577883
tpc.googlesyndication.com/simgad/ Frame 8FEE 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/18184162732492577883
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea4a9f0a2e2f97cb238705e3d6f85c5c99c06e667783757243c721708e4d66bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 22 Jul 2020 06:53:53 GMT
x-content-type-options
nosniff
age
644679
x-dns-prefetch-control
off
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36672
x-xss-protection
0
last-modified
Tue, 21 Jul 2020 19:19:37 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 22 Jul 2021 06:53:53 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 8FEE 		0
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvc6BH8zrQxuDr8V_KwZ1e8FMwl1QWJDEvrC5bQwQadFagbxxBqnzET_-hjRAmKe1RS_JpROUfgc8v-EbJqEXXxvwMPjlnwevbx93EZxWpuPq2ZOOKq5GQPrVbNf3azm_0IZjUhR97dvj8RL-WrW5uQUtmFzpEktc-xMhODr0t4UTlFkI-jdSOwul6LJIZ_oGDhA9gUqsKnOz6exjpJQNYoPDxv6OAI-0WcJb-xqP3L4a8zWPyB0lSXZGLjqUK4DW-xMu2BOyPQkw4&sai=AMfl-YRYgQ-CQ6aCq0M_LRo1-GjQxUq5Pd5ZzIDUqe2BFY8LWap2Z2YHiQuc5R3DWKiIgUbdhmeGeYHN7C_MiB7a9VYxaIuojvGTDsMMkMa_Uf9m5R6s0pCIzUyERtMpUQE&sig=Cg0ArKJSzBD8KQ4QFsfKEAE&adurl=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f130.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Jul 2020 17:58:32 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Wed, 29 Jul 2020 17:58:32 GMT
l
www.google.com/ads/measurement/ Frame 8FEE 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRb6sDFcvA8_ACQIWvCSnusXXDHDiQ5CPvrIf3EjMLqr8nibrNQURyE7ehBUA9PoTB1BDbC
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
api.js
www.google.com/recaptcha/ 		742 B
571 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
857a13a1d6e65e51e709e78c3a673cc966e91f016474f7ada25158070a930dd4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
473
x-xss-protection
1; mode=block
expires
Wed, 29 Jul 2020 17:58:32 GMT
layers.33f5b85045a5f2308467.js
s7.addthis.com/static/ 		263 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/layers.33f5b85045a5f2308467.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Thu, 04 Jun 2020 15:49:19 GMT
server
nginx/1.15.8
etag
W/"5ed917ff-41b9f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Wed, 29 Jul 2020 17:58:32 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77540
recaptcha__en.js
www.gstatic.com/recaptcha/releases/AFBwIe6h0oOL7MOVu88LHld-/ 		329 KB
130 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/AFBwIe6h0oOL7MOVu88LHld-/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f19d89cdbffedb9bd8a76d2423a06280ddd513070445f2c11a1a5f6af8834f65
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 27 Jul 2020 16:27:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 27 Jul 2020 04:05:59 GMT
server
sffe
age
178241
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
133012
x-xss-protection
0
expires
Tue, 27 Jul 2021 16:27:51 GMT
anchor
www.google.com/recaptcha/api2/ Frame 91A5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGRleHBvLmNvbTo0NDM.&hl=en&v=AFBwIe6h0oOL7MOVu88LHld-&size=invisible&badge=inline&cb=28jgn76ff4l3
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/AFBwIe6h0oOL7MOVu88LHld-/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-AaomZZmrWqFZJTXx9CHvUg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGRleHBvLmNvbTo0NDM.&hl=en&v=AFBwIe6h0oOL7MOVu88LHld-&size=invisible&badge=inline&cb=28jgn76ff4l3
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 29 Jul 2020 17:58:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-AaomZZmrWqFZJTXx9CHvUg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
10244
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
530 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=2221756
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:33 GMT
cf-cache-status
MISS
server
cloudflare
x-trace
2BB557A4D75706A0A5ACECB3041FE4EE64020F4BC3000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
cf-ray
5ba8ba891bb6dfb7-FRA
content-length
35
cf-request-id
043d52e9b00000dfb70d324200000001
truncated
/ 		443 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
15794070589447921224
tpc.googlesyndication.com/simgad/ Frame 14B8 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/15794070589447921224
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
35073e4455cdee6277704362735669288ffb08a2ccb039d5e8cb92cb41fc839c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 22 Jul 2020 00:29:19 GMT
x-content-type-options
nosniff
age
667754
x-dns-prefetch-control
off
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32255
x-xss-protection
0
last-modified
Tue, 21 Jul 2020 19:23:26 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 22 Jul 2021 00:29:19 GMT
8777349368690554872
tpc.googlesyndication.com/simgad/ Frame A12E 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/8777349368690554872
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
49462e62ffdc3a5261d6bb9f3cef2762629baf831d6825d18c5b4ad1b897143e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 23 Jul 2020 19:01:11 GMT
x-content-type-options
nosniff
age
514642
x-dns-prefetch-control
off
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53356
x-xss-protection
0
last-modified
Wed, 08 Jan 2020 19:54:57 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 23 Jul 2021 19:01:11 GMT
18184162732492577883
tpc.googlesyndication.com/simgad/ Frame 8FEE 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/18184162732492577883
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea4a9f0a2e2f97cb238705e3d6f85c5c99c06e667783757243c721708e4d66bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 22 Jul 2020 06:53:53 GMT
x-content-type-options
nosniff
age
644680
x-dns-prefetch-control
off
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36672
x-xss-protection
0
last-modified
Tue, 21 Jul 2020 19:19:37 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 22 Jul 2021 06:53:53 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 14B8 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsurwUt8ZzdIgrIvfDg7RfqObHnB7jTJnr2G62vFtcGgMJzYlXGLg16sECnexGEtyDeirhi8JISli1oIr6bohW1PNrrDL5gbSHhhej6IApg7xPb05LGEo6IaWSCKGG6cfzNNA5oXCtFTUqCmzR0J0DlUGxTi0_qRRnJPQP4Es4rBjUlG2cABmT_6QMNuHa_1zdxHzLxAwLPa1gQE4Duyw6uKJpWlwQjfjcPBF59kMriiGlSoAz1bJzWC_aYPs1_6zJjFRxbdSxU&sai=AMfl-YTGpkFvgceUVzIu8Gb2xlLDfp84G1wkMEhyJl0YwdnCkszUFqSx8cZ0W_GRuYM5MAyoCWEGOIij2dGx5NPkGtbN0V0RwqVj4bhBSX3MgUXtN4RDOo5KZ_89jUqwcx0&sig=Cg0ArKJSzBeSUG7YcgUAEAE&adurl=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f130.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Jul 2020 17:58:33 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 8FEE 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssm70mBCMtTqHNypa7uXqw_GP_eBlfzj4GyZhn6rj1LUpwLnwIx5NoaEMxicqvvD28ebI-wuDKuvlTGbAzXMxWEN5mOq1--bkqi0frkklv0wwXiAeqVHIZi6d36N121A3DpSDxKJ7OW6gy4rbxzxJFM8_eSdUlNPApWp2yPAj0mph9iY3k6UDJk_b9_V0jYXk8vg-yCVFz3RHLNPZtV2fP99j8RgYnBPpv4gMfXeYVhI174XcyNqo_PKbrkowK2J9LapslAYhAA5NFlkw&sai=AMfl-YQYpeKPV2wnMh312wmkc5e8GiXNLFhev93G0NbG9KvsDD0sG0Z9hoxaC0wgVea5BNV4maEcT6PCkycSC3oyrdMa_vdXguIPJIvZAQTZUwoVQpDWv20G0DIdgzke9LI&sig=Cg0ArKJSzGeYfPtKNrpfEAE&adurl=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f130.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Jul 2020 17:58:33 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame A12E 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvAbgblnmb1WeSOoRPweniypZXapQ7RHLW-1HgT4fkdMVICnksRLKw3v6zKExruDZW8-7-EZGwWhtw1TNzzGvWKy6xXefKjGJmJncjcLpiMYj_qw2e4jarkm6NPtbu2B7DDBpVeCScoc7qTAs8OzqCGahmwN-3aHOmFs0DRPtkW-Z2bi-1HfHB_siSDETYOJvT1I9Dz8SIXcxYvsyhndblvlDfbrTQjjh1O-_AAwKgxOZP5Py9U_gwOhZRbg4UDaRM0K7nWST4&sai=AMfl-YT0XM5JpoVWQJfsRwOXI8t0-pzeQUOULGNXgBGQF7mPWd4c6905HfGK5skxmUPC6Gq1NL-VgUj4Hn4WDsRK0lIBeaU5woddMLZvO_eAF_PGeBfGkoE-n9Ft01Z9xaw&sig=Cg0ArKJSzBrd-Of_BXNXEAE&adurl=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f130.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Jul 2020 17:58:33 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
bframe
www.google.com/recaptcha/api2/ Frame DA71 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=AFBwIe6h0oOL7MOVu88LHld-&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&cb=bzehky8lpuna
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/AFBwIe6h0oOL7MOVu88LHld-/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-xiNN6W911kWZaLdgbeStDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/bframe?hl=en&v=AFBwIe6h0oOL7MOVu88LHld-&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&cb=bzehky8lpuna
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 29 Jul 2020 17:58:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-xiNN6W911kWZaLdgbeStDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1174
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/getconfig/ 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020072301&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2c3ab15b29df9137aace730bf2dc8d9e76c52a02d1fc5d24f3f6862810273670
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Jul 2020 17:58:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5581
x-xss-protection
0
loader-v2.js
www.secureworldexpo.com/hs/cta/ctas/v2/public/cs/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&__hsfp=2017058934&__hssc=133074001.1.1596045513478&__hstc=133074001.ba44ea0c6c7078a99654f36f26882517.1596045513478.1596045513478.1596045513478.1&canon=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&hsutk=ba44ea0c6c7078a99654f36f26882517&pageId=10855193339&contentType=blog-post&pg=5b11748c-d8d9-47fd-b704-d273971b3380&pid=2221756&sv=static-1.4&lag=946&rdy=1&cos=1&df=a
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da5b3915fea298d86d29ec675fc10aff902580d5699d55474a1cb48c1965d50a

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:33 GMT
content-encoding
gzip
cf-cache-status
MISS
cf-ray
5ba8ba8b4c6f3233-FRA
status
200
content-length
2434
cf-request-id
043d52eb080000323339b1c200000001
server
cloudflare
x-trace
2B8E0DEAA4C9B4243DED6786CD320AAF95B3E64383000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
noindex, follow
__ptq.gif
track.hubspot.com/ 		45 B
129 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=f9c697eb-4f35-4c94-a6fd-0f0abceafced&fci=350485ab-ecef-4a0d-8419-ff6cbc63a63a&ft=4&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2017058934&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1596045513484&vi=ba44ea0c6c7078a99654f36f26882517&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5ba8ba8b58d9d6cd-FRA
date
Wed, 29 Jul 2020 17:58:33 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/gif
content-length
45
cf-request-id
043d52eb150000d6cd8b393200000001
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
351 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=de00eec1-d1e4-4ed7-92a5-513850f7168f&fci=2d2607f3-d886-414d-91ea-0e384380e4dd&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2017058934&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1596045513488&vi=ba44ea0c6c7078a99654f36f26882517&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5ba8ba8b58dbd6cd-FRA
date
Wed, 29 Jul 2020 17:58:33 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/gif
content-length
45
cf-request-id
043d52eb150000d6cd8b394200000001
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
129 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2017058934&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1596045513489&vi=ba44ea0c6c7078a99654f36f26882517&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5ba8ba8b58ddd6cd-FRA
date
Wed, 29 Jul 2020 17:58:33 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/gif
content-length
45
cf-request-id
043d52eb150000d6cd8b395200000001
x-robots-tag
none
sodar2.js
tpc.googlesyndication.com/sodar/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1591403518460474"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5540
x-xss-protection
0
expires
Wed, 29 Jul 2020 17:58:33 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame 6C6B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/210/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4590
date
Wed, 29 Jul 2020 16:30:20 GMT
expires
Thu, 29 Jul 2021 16:30:20 GMT
last-modified
Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
5293
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
__ptq.gif
track.hubspot.com/ 		45 B
129 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%225b11748c-d8d9-47fd-b704-d273971b3380%22%2C%223421d639-a5fd-4eaf-9f96-d0a7d7573a86%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2017058934&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1596045513646&vi=ba44ea0c6c7078a99654f36f26882517&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5ba8ba8c4badd6cd-FRA
date
Wed, 29 Jul 2020 17:58:33 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/gif
content-length
45
cf-request-id
043d52ebb10000d6cd8b39f200000001
x-robots-tag
none
cta-loaded.js
www.secureworldexpo.com/hs/cta/ctas/v2/public/cs/ 		0
157 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2221756&pg=5b11748c-d8d9-47fd-b704-d273971b3380&lt=1596045512533&dt=1596045513479&at=1596045513656&ae=1&sl=1&an=1
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:33 GMT
cf-cache-status
MISS
server
cloudflare
x-trace
2B10A5E9AF9C0006BE2F837E0816CECEC907F32BDD000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
status
200
cache-control
no-cache, no-store, no-transform, max-age=0
access-control-allow-credentials
false
cf-ray
5ba8ba8c5f3a3233-FRA
cf-request-id
043d52ebba0000323339b28200000001
x-robots-tag
noindex, follow
gen_204
pagead2.googlesyndication.com/pagead/ 		0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gpt_2020072301&jk=4400818564302340&bg=!ERKlEgpY3WDtypvmuWcCAAAAQVIAAAANmQGOIvBWM5U8x1ZTyfsnHbvCtlnzwInXTwf4hR9h1UEnKvCIY4qQ8mQAsWqRjAxszlAGcDR-ir3PkSczEwtaLE-OVhX3O2x7nBpWrE6OMpQSUdKv2Gty8W65Ez00vLgA0g_5YeZfUZ9pZmzovhd7L_W6NjUStm1TpQYMFDx0pBQAxDE77CJTU_b4gLtw2-HQQypHs-7mQOEizuxbcUpDSIIOmfHoXPFOtBZ0l1T4MWItJMwVX2e-cBTY6_NbDnm2Vs-R6eCf5Vp1wlcjQPeSQVRM80G_R9wk-g1XDfTh_w7U2-zrD9LNmFu8OHHItB6ltiCDd9BYOZnr18NHvqCWE8LpxsccHzfBKE8sp2gpPOqXQXL9_6iNTSetjErFWiuRP96Xy-sYw7kHoy55gYN-oy3gZcS3Qc9IoUvZBqCSqhP5n5H9eIsbrMHHfMZAmpX9XYzZ1b4_vqC8IE6aVGpYxhupFTfX1sZxuTHFdKJ1wjdxll7x-lgqkRaNGzO99d_0Tb1YSPcXUlxTEKJ7fN0Btis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Jul 2020 17:58:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 14B8 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstTsyvtsvwe6z95N76A5Nnkt5mJVcWIBDOsnkG5AaOjaSFXrydBYNxBq-9TL4_02wE0nJm5E-IlSituu_rG4Fz7TOUgimLUXNiqdV48Wbg&sig=Cg0ArKJSzNRozPecpmznEAE&id=ampim&o=1044,647&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=189&tls=1189&g=100&h=100&tt=1189&r=v&avms=ampa&adk=615754453
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Jul 2020 17:58:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 8FEE 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssIjicBmEhwr_4PrxG1SJdY4XJoyKrwbli8Or9WglaQwt0XbvjUwvOu2lWz64M3YzME_0cd-qzKgOzO8fJ9ueRfNH6csYtYrbJmxd3djMk&sig=Cg0ArKJSzO_Vmm9J24ByEAE&id=ampim&o=315,115&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=178&tls=1178&g=100&h=100&tt=1178&r=v&avms=ampa&adk=2061276719
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Jul 2020 17:58:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
perf
www.secureworldexpo.com/_hcms/ 		2 B
191 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/_hcms/perf
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:87b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/json

Response headers

cf-ray
5ba8ba9db9c53233-FRA
date
Wed, 29 Jul 2020 17:58:36 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-trace
2B07E2B3B1366BBE0F1DD3F847010390B5A622ABA2000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
status
200
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
content-length
2
cf-request-id
043d52f6900000323339bc7200000001
json
forms.hubspot.com/lead-flows-config/v1/config/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=2221756&contentId=10855193339&currentUrl=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c416daf99e5d6f5dd2dca20be34dc2ce1385ec6dd7f5065f2ecad3be02cd7fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 29 Jul 2020 17:58:42 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-request-id
043d530f7e0000c2f4c6292200000001
x-robots-tag
none
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.secureworldexpo.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
cf-ray
5ba8bac59bddc2f4-FRA
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
__ptq.gif
track.hubspot.com/ 		45 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=16&fi=ddf8f101-3ef8-40f5-b822-072637c16780&lfi=313458&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2017058934&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1596045522970&vi=ba44ea0c6c7078a99654f36f26882517&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5ba8bac6993ed6cd-FRA
date
Wed, 29 Jul 2020 17:58:42 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/gif
content-length
45
cf-request-id
043d53101e0000d6cd8b270200000001
x-robots-tag
none

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s7.addthis.com
URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

152 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| hsjQuery object| _hsq object| Typekit function| hj object| _hjSettings function| gtag object| dataLayer object| __core-js_shared__ object| Sslac object| IN function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry function| imagesLoaded object| Handlebars boolean| stickySideCTADisplayed object| jQuery171010978504486134955 object| googletag object| gptAdSlots function| stickyHeader object| featuredTopics object| google_tag_manager function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| google_tag_data string| GoogleAnalyticsObject function| ga object| hbspt object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage undefined| module_2866626 function| i18n_getmessage function| i18n_getlanguage object| hsCommentListing function| hsPopulateCommentsFeed function| hsPopulateCommentFormOnFormReady function| hsPopulateCommentFormOnFormSubmitted function| hsPopulateCommentFormGetExtraMetaDataBeforeSubmit function| hsOnReadyPopulateCommentsFeed function| bindToWindowOnError object| globalRoot function| hns object| hubspot object| __hsRoot object| hspreserve undefined| React undefined| reqwest function| OutpostErrorReporter function| hmerge undefined| ReactDOM undefined| require undefined| requirejs undefined| module undefined| bootstrap object| HSFR function| hs_reqwest_0 function| hs_reqwest_1 object| hsVars string| _linkedin_partner_id object| _linkedin_data_partner_ids object| addthis_share object| addthis_config function| jsonpHandler function| jsonp_1596045512624_62314 object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| gaplugins object| gaGlobal object| gaData boolean| __@@##MUH object| FB function| lintrk boolean| _already_called_lintrk number| google_srt function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing number| __google_ad_urls_id number| google_unique_id object| __twttrll object| twttr object| __twttr function| defineProperties object| leadflows boolean| popupPoliceActive function| hns2 undefined| jade undefined| I18n undefined| hubspot_mailcheck undefined| Pikaday undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN object| _hsp boolean| _hspb_loaded function| hsRecaptchaLoadCallback number| RECAPTCHA_INTERVAL object| _paq boolean| _hstc_loaded object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| _atw string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks object| recaptcha object| closure_lm_544773 number| len boolean| _hspb_ran boolean| _hstc_ran string| __hsUserToken number| expireDateTime object| GoogleGcLKhOms string| default_css string| cta_css object| google_image_requests boolean| LEAD_FLOW_DOCUMENT_READY_RAN

11 Cookies

Domain/Path Name / Value
.addthis.com/ Name: loc
Value: MDAwMDBFVUNIWkgyMjc1MTg4NzAwMDAwMDBDSA==
.secureworldexpo.com/ Name: _hjid
Value: 3fa87e48-6967-4eaa-a1d2-695623fe921d
.secureworldexpo.com/ Name: _gat_gtag_UA_29110626_1
Value: 1
.secureworldexpo.com/ Name: __gads
Value: ID=60f8c9e0bd4acf29-22208c29a5b600c4:T=1596045512:S=ALNI_MYfifQY1uAjGmZXkuKbqRRCwtCV2w
.secureworldexpo.com/ Name: _gid
Value: GA1.2.610101161.1596045513
www.secureworldexpo.com/ Name: __atuvs
Value: 5f21b8c8bc20217d000
www.secureworldexpo.com/ Name: __atuvc
Value: 1%7C31
.secureworldexpo.com/ Name: _ga
Value: GA1.2.1927368728.1596045513
.addthis.com/ Name: uvc
Value: 1%7C31
.www.secureworldexpo.com/ Name: __cfduid
Value: d36a8028e41e69e5c8e48ab5f0358fa331596045512
.www.secureworldexpo.com/ Name: __cfruid
Value: 7d44f1a3db7fe10bf708b2989a8b6f8d9d575d6a-1596045512

6 Console Messages

Source Level URL
Text
console-api info URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js(Line 421)
Message:
Powered by AMP ⚡ HTML – Version 2007210634000 https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
console-api info URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js(Line 421)
Message:
Powered by AMP ⚡ HTML – Version 2007210634000 https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
console-api info URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js(Line 421)
Message:
Powered by AMP ⚡ HTML – Version 2007210634000 https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
console-api warning URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js(Line 21)
Message:
[amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsurwUt8ZzdIgrIvfDg7RfqObHnB7jTJnr2G62vFtcGgMJzYlXGLg16sECnexGEtyDeirhi8JISli1oIr6bohW1PNrrDL5gbSHhhej6IApg7xPb05LGEo6IaWSCKGG6cfzNNA5oXCtFTUqCmzR0J0DlUGxTi0_qRRnJPQP4Es4rBjUlG2cABmT_6QMNuHa_1zdxHzLxAwLPa1gQE4Duyw6uKJpWlwQjfjcPBF59kMriiGlSoAz1bJzWC_aYPs1_6zJjFRxbdSxU&sai=AMfl-YTGpkFvgceUVzIu8Gb2xlLDfp84G1wkMEhyJl0YwdnCkszUFqSx8cZ0W_GRuYM5MAyoCWEGOIij2dGx5NPkGtbN0V0RwqVj4bhBSX3MgUXtN4RDOo5KZ_89jUqwcx0&sig=Cg0ArKJSzBeSUG7YcgUAEAE&adurl=
console-api warning URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js(Line 21)
Message:
[amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssm70mBCMtTqHNypa7uXqw_GP_eBlfzj4GyZhn6rj1LUpwLnwIx5NoaEMxicqvvD28ebI-wuDKuvlTGbAzXMxWEN5mOq1--bkqi0frkklv0wwXiAeqVHIZi6d36N121A3DpSDxKJ7OW6gy4rbxzxJFM8_eSdUlNPApWp2yPAj0mph9iY3k6UDJk_b9_V0jYXk8vg-yCVFz3RHLNPZtV2fP99j8RgYnBPpv4gMfXeYVhI174XcyNqo_PKbrkowK2J9LapslAYhAA5NFlkw&sai=AMfl-YQYpeKPV2wnMh312wmkc5e8GiXNLFhev93G0NbG9KvsDD0sG0Z9hoxaC0wgVea5BNV4maEcT6PCkycSC3oyrdMa_vdXguIPJIvZAQTZUwoVQpDWv20G0DIdgzke9LI&sig=Cg0ArKJSzGeYfPtKNrpfEAE&adurl=
console-api warning URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js(Line 21)
Message:
[amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvAbgblnmb1WeSOoRPweniypZXapQ7RHLW-1HgT4fkdMVICnksRLKw3v6zKExruDZW8-7-EZGwWhtw1TNzzGvWKy6xXefKjGJmJncjcLpiMYj_qw2e4jarkm6NPtbu2B7DDBpVeCScoc7qTAs8OzqCGahmwN-3aHOmFs0DRPtkW-Z2bi-1HfHB_siSDETYOJvT1I9Dz8SIXcxYvsyhndblvlDfbrTQjjh1O-_AAwKgxOZP5Py9U_gwOhZRbg4UDaRM0K7nWST4&sai=AMfl-YT0XM5JpoVWQJfsRwOXI8t0-pzeQUOULGNXgBGQF7mPWd4c6905HfGK5skxmUPC6Gq1NL-VgUj4Hn4WDsRK0lIBeaU5woddMLZvO_eAF_PGeBfGkoE-n9Ft01Z9xaw&sig=Cg0ArKJSzBrd-Of_BXNXEAE&adurl=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9b37ec61a1956211135da73c0128c504.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
api.hubapi.com
app.hubspot.com
cdn.ampproject.org
cdn.jsdelivr.net
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
forms.hubspot.com
js.hs-analytics.net
js.hs-banner.com
js.hsleadflows.net
m.addthis.com
no-cache.hubspot.com
p.typekit.net
pagead2.googlesyndication.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
s7.addthis.com
script.hotjar.com
securepubads.g.doubleclick.net
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
tpc.googlesyndication.com
track.hubspot.com
unpkg.com
use.typekit.net
v1.addthisedge.com
vars.hotjar.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.secureworldexpo.com
z.moatads.com
s7.addthis.com
147.75.101.5
147.75.102.13
151.101.112.157
172.217.16.130
23.210.248.44
23.210.250.213
2606:4700::6810:5605
2606:4700::6810:7daf
2606:4700::6810:85e5
2606:4700::6811:46b0
2606:4700::6811:87b4
2606:4700::6811:cbcc
2606:4700::6811:e6cc
2606:4700::6811:f3cc
2606:4700::6812:14bf
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1450:4001:801::2001
2a00:1450:4001:801::2002
2a00:1450:4001:801::2004
2a00:1450:4001:80b::2003
2a00:1450:4001:814::2002
2a00:1450:4001:816::2008
2a00:1450:4001:816::200e
2a00:1450:4001:818::2003
2a00:1450:4001:819::2001
2a00:1450:4001:81f::2001
2a00:1450:400c:c01::9d
2a01:4a0:1338:28::c38a:ff08
2a01:4a0:1338:28::c38a:ff0b
2a02:26f0:eb:1af::19fd
2a02:26f0:eb:385::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a04:4e42:1b::621
2a05:f500:11:101::b93f:9005
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
00b4ac92df8e97444b57434487f2b4edd4a991d912324750bd041105b61cdfb3
01238c0b3d70f0c96d84be0f867fd8e55c97a1545345310f7ca35feabd685915
040dfe57345c48240e6b336a0ca16f0cb0d368589fd9999dc65c8fc5d0480cd2
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
04a7f69900ec09547b919c8a44e52a13933b9e4de1ebd97337d037f48e2b0209
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
08a861dd65c2b510e187c3460cd12218bb1ffd865ca508de1ada2b89fa78fb8e
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
0dd8e3c80fde83e3490dfc7c73960f19a751419aa0ac6d6f96f1d804fe0e5329
0f93ee526a8ae841700fc02d76e3eaaa1b758eabf23a8c9c797b199d051ec599
105580db30d3915f2122d4e07a985c069478dd6f64e25d58ff3bf4c6ba7d9200
137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be
16c387cb1f0e7daac69f16408a334a4301300f4b62b1bc224d70b164155a6928
1bd7c3200bda02262090f6ca46a5928d152bfdd6201ab98f4041f9d3c2447167
1c416daf99e5d6f5dd2dca20be34dc2ce1385ec6dd7f5065f2ecad3be02cd7fe
1e54331d7158f9a0abb6782f264ae9461fa13459fd6062ffabe1dd26c35ce1e0
2c3ab15b29df9137aace730bf2dc8d9e76c52a02d1fc5d24f3f6862810273670
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
35073e4455cdee6277704362735669288ffb08a2ccb039d5e8cb92cb41fc839c
3aef1fcf1a2eae7be06e1aec6d79c322385f74fb3e284428679e46af3b49a0b2
3c82ee60664a2e794f5085023f75a11a962ace069300ab54b13332b6a2b49272
3dcedf4ff2f6c88125017008138f8f1b5e366af59c7533cfb4cd959ada1e0d9d
3e7ae196488d11c550b2c2bdda02ab66d9b30d9ce3428175816fc7529d417b55
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
45d8a712ca77cd325fcaaf66940adab8fc7d87692dfab6795f4fe8af5761bbc2
487a1c1be7c36bf6d6263d1f0b698d2efab5b4a7d1c0e258a8d6f6ab2bccbbb5
49462e62ffdc3a5261d6bb9f3cef2762629baf831d6825d18c5b4ad1b897143e
4cc6481fb0583f3d9b32262df669b6c24097720e50ab8a5fa49205eb0e02921a
557ad452a06d522c1a395625dad86562395f613b0e5be6d4d064227cba3177fc
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57f574ef32f1005dda15a1322991f68aa2bf75f37c574598a2dda626d341dd02
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
59ec733cb38ee1c685cda9409cc5502f2ea47dd072f70b30146f5494dbe32ba8
5a341bf0f4b083526be7694a2a7ae85f1413c07f43f09ebf7fb425a15fd74f44
6538840bab88e62f8898546a9d45bd0bff56f2809e6921c4bbe98e29ea3d0138
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6dfccefcea42ec7a6b36609a1a58dfde0f8f03228ace1cc3fc11936cd975f9c3
6e2e74509e4baaade4db0bb4a69930ca981f2627bed2a90b203b41d89300a63e
704f84a622dabfc7383e86edb279e71978305eca2edc39585f1fbad6bee6d419
70acd0b88c3f56cf11a1159948d425f391e9efed8acc3ca2f49f5ca93eca9871
7449c1e3f354cb62fc458fdc2d374d80a3efa24d03b0dc4a80c8f42d3e96a869
78613a6e5bab939b078feae691fb0661e2b2671dcce1b1be66517203b2a7b3b1
7c30c656a67a3c902072c7c839344fbe793788edbbaebb4f7a59b4c3c6750897
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
857a13a1d6e65e51e709e78c3a673cc966e91f016474f7ada25158070a930dd4
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
8c91373ba782321d4e33f02afc5d8c8c91c35b81a69fd958cbf542e0b6de0d88
93a04dd5b3ffd721e1efd7f37f0abae74486c53afafd22f68a4c95a5ae29a1e0
96abf166b3cbb5f7df525d86fdeeeccea4af3c120b19bc26b0613530a94e8b44
99ab6fd805e3873aa0a5adedd4b27e9c74becff9cd70b5ae1e96d420379736b0
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9c74966498bd2a74ba2cf4fbcf0229ed6b161caf55f63c8fba4093286d7b8b54
9e7e1ec94cb98f8ee2f2f9d4549030b15bf4198419cfab1b5eab13c13ecf26ff
9e819b6f1c2517d5009831fc8a28097c27be0415f918dc9c770392528b9f8fc2
9f4ae93de936fb5a15eec738abbb037cd8e5cc4e632a383701ad6d65462a432c
a9fa043d6cebef7ba5637d07a949d71e1c4104521a2f30e94f11d31601eb85c6
aa10a7c683329e90a3d8e3bf19a6ef64264b10ccfd99d865c64271e67879ca3c
b14cc2e3fbba5348c7a2862cade95f0e35add318d02547550770dda5ed846119
b1e1b7aa534882af2611627bea86667e9aa6382f1afaf501c92d52cfe800f9a1
be31d790c31b5492e47a666b767d66be19e5b03bf9d37754ca793ba38feb0210
bfa022b8d0f861f24b7d9e66d7c1dc966e3b12813911b684baf04240a438fd9f
bfb1427dfa877187fbd4bc43ef673510d2b062757c80690eb7c311f31ed9c8e6
c2c02e9614363683f8e388045ca9fd63a691125c5904c17ae76bb61994a46fda
c4e90b6531466a2c4be221d416cc7c96e9fbddb38df9a99858707762a73db202
c5925c2d6c0ad64e279e2f90cba407923d8f8a2dc4bea98054296f88ea829ce8
c92b3367b5fe4043730b6978e65a2cfbe6c0fa7a2eeadf0e904435aa9354877f
cb84dfde92c3f516c917d8b8a714cbedcb98908c2ca54c47f2eb27cc712ec39e
d096836c66515e5ce415b57c5e2f19847ff367a41033463774291867b258ab7e
d0f8dc01b870f4220bb68c5ece91eb9aa5d2b459d84ae795567d9b068184bc54
d2706e604d16b9785e1a98e631df92c3402eb93e3d8160b6b0959f28d132e3ce
d344f362dcebb971a7505cae2f7c359c4164c7aea9bb2c90a30000edbcca60b4
da5b3915fea298d86d29ec675fc10aff902580d5699d55474a1cb48c1965d50a
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc53889df8e39fce04b75adf5e004cf9644428f46b97f31a773804dffbeaf306
dcb769d61497a5dce38c3348ae7c237fd9be1942f7c042911d704717c1605ff9
ddf85c0a55c7d03f4e3a1cce43da67eb89317d6ccf537a05135001d855c79d1c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e85e480856bd1bfc6c8f2782e1cffcb33b19837fcbc24cc8b25ed969d30bbd11
e8d357fe2d42c42524852717e660a0d21b07dc960f70f1709e40795b9971d25b
ea4a9f0a2e2f97cb238705e3d6f85c5c99c06e667783757243c721708e4d66bb
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
eddf849cf62612e5e4562a7cdc14184f9b62ff3ce9304d9cb6c2f3a0b56f8efc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f19d89cdbffedb9bd8a76d2423a06280ddd513070445f2c11a1a5f6af8834f65
fb199303a3c6c4ec7d96d3135a9798cf63f52e829aba12d2ae8c30f01425281a
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955