urlscan.io logo urlscan.io
SecurityTrails logo

www.secureworldexpo.com Open in urlscan Pro
2606:4700::6811:84b4  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Submission: On December 11 via manual from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 34 IPs in 8 countries across 28 domains to perform 105 HTTP transactions. The main IP is 2606:4700::6811:84b4, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.secureworldexpo.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on September 17th 2019. Valid for: a year.
This is the only time www.secureworldexpo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
29 2606:4700::68... 13335 (CLOUDFLAR...)
11 95.100.67.47 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:2800:133... 15133 (EDGECAST)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a04:4e42:3::621 54113 (FASTLY)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2.21.36.164 20940 (AKAMAI-ASN1)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 147.75.33.111 54825 (PACKET)
2 2a00:1450:400... 15169 (GOOGLE)
6 172.217.23.98 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2.21.38.40 20940 (AKAMAI-ASN1)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
1 147.75.101.51 54825 (PACKET)
1 2a02:26f0:eb:... 20940 (AKAMAI-ASN1)
3 2a03:2880:f01... 32934 (FACEBOOK)
2 2606:2800:234... 15133 (EDGECAST)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 2a05:f500:10:... 14413 (LINKEDIN)
1 1 2a05:f500:10:... 14413 (LINKEDIN)
7 2a00:1450:400... 15169 (GOOGLE)
1 147.75.85.99 54825 (PACKET)
1 2a02:26f0:eb:... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
105 34
29    2606:4700::6811:84b4 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.secureworldexpo.com
11    95.100.67.47 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-67-47.deploy.static.akamaitechnologies.com
use.typekit.net
1    2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
1    2606:2800:133:7403:4a68:7eff:710b:1ddf (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
platform.linkedin.com
2    2606:4700::6811:f4cc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn2.hubspot.net
2    2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
unpkg.com
1    2a04:4e42:3::621 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)
cdn.jsdelivr.net
4    2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagservices.com
pagead2.googlesyndication.com
1    2606:4700::6811:4104 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com
3    2.21.36.164 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-36-164.deploy.static.akamaitechnologies.com
s7.addthis.com
v1.addthisedge.com
6    2606:4700::6810:fd05 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
no-cache.hubspot.com
track.hubspot.com
1    147.75.33.111 (Amsterdam, Netherlands)

ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-12
static.hotjar.com
2    2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
adservice.google.de
adservice.google.com
6    172.217.23.98 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s45-in-f2.1e100.net
securepubads.g.doubleclick.net
2    2a00:1450:4001:81b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
1    2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com
1    2.21.38.40 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-38-40.deploy.static.akamaitechnologies.com
z.moatads.com
1    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net
4    2a00:1450:4001:825::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
1    2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google.de
7    2a00:1450:4001:820::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
tpc.googlesyndication.com
1    147.75.101.51 (Central, Hong Kong)

ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-7
script.hotjar.com
1    2a02:26f0:eb:3a3::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
snap.licdn.com
3    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net
staticxx.facebook.com
2    2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
platform.twitter.com
1    2606:4700::6811:cbcc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
api.hubapi.com
1    2606:4700::6811:e9cc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hsleadflows.net
1    2606:4700::6811:44b0 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hs-analytics.net
2    2a05:f500:10:101::b93f:9105 (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)
px.ads.linkedin.com
1    2a05:f500:10:101::b93f:9101 (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)
www.linkedin.com
7    2a00:1450:4001:825::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
cdn.ampproject.org
1    147.75.85.99 (Parsippany, United States)

ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-5
vars.hotjar.com
1    2a02:26f0:eb:1af::19fd (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
p.typekit.net
1    2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.gstatic.com
1    2606:4700::6810:fa05 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
forms.hubspot.com
Domain Requested by
29 www.secureworldexpo.com www.secureworldexpo.com
11 use.typekit.net www.secureworldexpo.com
use.typekit.net
7 cdn.ampproject.org securepubads.g.doubleclick.net
7 tpc.googlesyndication.com securepubads.g.doubleclick.net
www.secureworldexpo.com
cdn.ampproject.org
6 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.secureworldexpo.com
5 track.hubspot.com
4 www.google.com 1 redirects www.secureworldexpo.com
www.gstatic.com
3 pagead2.googlesyndication.com www.secureworldexpo.com
2 px.ads.linkedin.com 1 redirects www.secureworldexpo.com
2 platform.twitter.com www.secureworldexpo.com
platform.twitter.com
2 connect.facebook.net www.secureworldexpo.com
connect.facebook.net
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 s7.addthis.com www.secureworldexpo.com
s7.addthis.com
2 cdnjs.cloudflare.com www.secureworldexpo.com
2 unpkg.com 1 redirects www.secureworldexpo.com
2 cdn2.hubspot.net www.secureworldexpo.com
connect.facebook.net
1 forms.hubspot.com js.hsleadflows.net
1 www.gstatic.com www.google.com
1 p.typekit.net www.secureworldexpo.com
1 staticxx.facebook.com connect.facebook.net
1 vars.hotjar.com static.hotjar.com
1 www.linkedin.com 1 redirects
1 js.hs-analytics.net www.secureworldexpo.com
1 js.hsleadflows.net www.secureworldexpo.com
1 api.hubapi.com www.secureworldexpo.com
1 v1.addthisedge.com s7.addthis.com
1 snap.licdn.com www.secureworldexpo.com
1 script.hotjar.com static.hotjar.com
1 www.google.de www.secureworldexpo.com
1 stats.g.doubleclick.net 1 redirects
1 z.moatads.com s7.addthis.com
1 adservice.google.com www.googletagservices.com
1 adservice.google.de www.googletagservices.com
1 static.hotjar.com www.secureworldexpo.com
1 no-cache.hubspot.com www.secureworldexpo.com
1 www.googletagservices.com www.secureworldexpo.com
1 cdn.jsdelivr.net www.secureworldexpo.com
1 platform.linkedin.com www.secureworldexpo.com
1 www.googletagmanager.com www.secureworldexpo.com
105 39
Subject Issuer Validity Valid
www.secureworldexpo.com
CloudFlare Inc ECC CA-2		 2019-09-17 -
2020-09-16		 a year crt.sh
*.typekit.net
DigiCert SHA2 Secure Server CA		 2018-07-20 -
2020-01-03		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2019-11-13 -
2020-02-05		 3 months crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2019-10-10 -
2021-10-14		 2 years crt.sh
hubspot.net
CloudFlare Inc ECC CA-2		 2019-04-16 -
2020-04-16		 a year crt.sh
ssl714328.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-09-10 -
2020-03-18		 6 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-05-29 -
2020-04-23		 a year crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2019-11-13 -
2020-02-05		 3 months crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-12-05 -
2020-06-12		 6 months crt.sh
odc-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2019-10-10 -
2020-09-04		 a year crt.sh
hubspot.com
CloudFlare Inc ECC CA-2		 2019-12-04 -
2020-10-09		 10 months crt.sh
static.hotjar.com
Let's Encrypt Authority X3		 2019-12-05 -
2020-03-04		 3 months crt.sh
*.google.com
GTS CA 1O1		 2019-11-05 -
2020-01-28		 3 months crt.sh
moatads.com
DigiCert ECC Secure Server CA		 2018-11-10 -
2020-02-09		 a year crt.sh
www.google.de
GTS CA 1O1		 2019-11-05 -
2020-01-28		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2019-11-05 -
2020-01-28		 3 months crt.sh
script.hotjar.com
Let's Encrypt Authority X3		 2019-12-05 -
2020-03-04		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2019-11-06 -
2020-02-04		 3 months crt.sh
*.twimg.com
DigiCert SHA2 High Assurance Server CA		 2019-11-12 -
2020-11-18		 a year crt.sh
ssl817724.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-08-13 -
2020-02-19		 6 months crt.sh
ssl817706.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-08-13 -
2020-02-19		 6 months crt.sh
ssl803670.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-11-06 -
2020-05-14		 6 months crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2019-05-29 -
2021-06-29		 2 years crt.sh
misc-sni.google.com
GTS CA 1O1		 2019-11-05 -
2020-01-28		 3 months crt.sh
vars.hotjar.com
Let's Encrypt Authority X3		 2019-12-05 -
2020-03-04		 3 months crt.sh
www.google.com
GTS CA 1O1		 2019-11-05 -
2020-01-28		 3 months crt.sh

This page contains 9 frames:

Primary Page: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Frame ID: B439A088A69E7244DF6119963A948F5F
Requests: 84 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Frame ID: E61792C432160C6AF7230D702DAA90F8
Requests: 7 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Frame ID: F675879D45B3B29DEDFCB2E0819F860A
Requests: 6 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Frame ID: 5BDBA08BA7C95E9D774742ACCACA3B93
Requests: 7 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.69e02060c7c44baddf1b5629549acc0c.html?origin=https%3A%2F%2Fwww.secureworldexpo.com
Frame ID: B964E121828C335CED9DCBEC7D6550F0
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-b736908ce6b0e933fad3a2e45df61b38.html
Frame ID: 964DDC460462B929C093BFA75BDCEF61
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter.php?version=44
Frame ID: DBC304974E7C9ACE6D165D776F4EC8EA
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGRleHBvLmNvbTo0NDM.&hl=en&v=mhgGrlTs_PbFQOW4ejlxlxZn&size=invisible&badge=inline&cb=bz540k3gfdu7
Frame ID: 168D3B49CF42FE788EF8AD494764E428
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=mhgGrlTs_PbFQOW4ejlxlxZn&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&cb=dfflj6p5dya1
Frame ID: 8D44698C6742282622EAD652284A55BA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /\/\/platform\.twitter\.com\/widgets\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

105
Requests

100 %
HTTPS

80 %
IPv6

28
Domains

39
Subdomains

34
IPs

8
Countries

2149 kB
Transfer

5689 kB
Size

9
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js HTTP 302
  • https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
Request Chain 36
  • https://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
Request Chain 45
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1119850118&t=pageview&_s=1&dl=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&ul=en-us&de=UTF-8&dt=Special%20Security%20Advisory%3A%20%27Ryuk%20Ransomware%20Targeting%20Organizations%20Globally%27&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1610166092&gjid=1293370016&cid=887001811.1576036500&tid=UA-29110626-1&_gid=891731036.1576036500&_r=1&gtm=2ouav9&z=1029409209 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-29110626-1&cid=887001811.1576036500&jid=1610166092&_gid=891731036.1576036500&gjid=1293370016&_v=j79&z=1029409209 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=887001811.1576036500&jid=1610166092&_v=j79&z=1029409209 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=887001811.1576036500&jid=1610166092&_v=j79&z=1029409209&slf_rd=1&random=547773127
Request Chain 66
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1576036500280 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D651962%26url%3Dhttps%253A%252F%252Fwww.secureworldexpo.com%252Findustry-news%252Fhow-ryuk-ransomware-works%26time%3D1576036500280%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1576036500280&liSync=true

105 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request how-ryuk-ransomware-works
www.secureworldexpo.com/industry-news/ 		63 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
db395128dd116cef7513746c475c6ae953a98db6f4b189f89b50ae0de8d00019
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=0

Request headers

:method
GET
:authority
www.secureworldexpo.com
:scheme
https
:path
/industry-news/how-ryuk-ransomware-works
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
date
Wed, 11 Dec 2019 03:54:59 GMT
content-type
text/html;charset=utf-8
set-cookie
__cfduid=d09de3eeeb1cf06c8ed11d1302f96cbc51576036499; expires=Fri, 10-Jan-20 03:54:59 GMT; path=/; domain=.www.secureworldexpo.com; HttpOnly __cfruid=de1546f3cb25d0a899619a4a93c99d1c00dd8709-1576036499; path=/; domain=.www.secureworldexpo.com; HttpOnly
cf-ray
5434853a8cf4cbc8-VIE
cache-control
s-maxage=120,max-age=5
link
</hs/hsstatic/HubspotToolsMenu/static-1.47/js/index.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.10/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.3/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.64/js/comment_listing_asset.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
strict-transport-security
max-age=0
vary
Accept-Encoding
cf-cache-status
MISS
access-control-allow-credentials
false
content-security-policy
upgrade-insecure-requests
edge-cache-tag
CT-10855193339,CG-2221756,P-2221756,L-4217464939,L-4217501659,L-4327754887,L-4453182780,CW-5767375991,E-4263571273,MENU-4263609498,MENU-4404484415,PGS-ALL,SW-0,SD-6
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-hs-cache-config
BrowserCache-5s-EdgeCache-120s
x-hs-combine-css
Retry
x-hs-content-id
10855193339
x-hs-hub-id
2221756
x-powered-by
HubSpot
x-trace
2B4BB27E69578DEBECE8B5AC168A6F1425E3E576B6000000000000000000
server
cloudflare
content-encoding
br
cf-h2-pushed
</hs/hsstatic/HubspotToolsMenu/static-1.47/js/index.js>,</hs/hsstatic/cos-i18n/static-1.10/bundles/project.js>,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.3/bundles/project.js>,</hs/hsstatic/AsyncSupport/static-1.64/js/comment_listing_asset.js>,</_hcms/forms/v2.js>
index.js
www.secureworldexpo.com/hs/hsstatic/HubspotToolsMenu/static-1.47/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/HubspotToolsMenu/static-1.47/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
75b857fc1e6ed070dffbbbf67e18a4e99ff49d805f5a924a0417ff0138ddf6d8

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
via
1.1 fed66e6ba2cb68c8ee66c75c4798daf8.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
748502
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Mon, 04 Nov 2019 16:40:20 GMT
server
cloudflare
etag
W/"54b13e36e568fb12dcb53751d3045f0e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
Oye6KN0Ikl1ArcIW0aXcJXP_s4jLsAe8
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD79-C3
cf-ray
5434853c3f04cbc8-VIE
x-amz-cf-id
-veY7sqzDgcuONGl8gqNHKIvgfm2CvYHX6LYNQbhkEDJqwnRMOLd_A==
project.js
www.secureworldexpo.com/hs/hsstatic/cos-i18n/static-1.10/bundles/ 		1 KB
979 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/cos-i18n/static-1.10/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab449241b50123673e76dbcd70f869ae11d26920f0ce1670fdfd266308058179

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
via
1.1 0a12845a71fd243bd8b2ed480b652910.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
1180882
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Wed, 13 Sep 2017 02:51:30 GMT
server
cloudflare
etag
W/"0011aaf4067b097bcbfd9dc99a4b94c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
p6iak7Gl9Xyg7crK_8XyTwctOBvKD1DL
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD79-C3
cf-ray
5434853c3f05cbc8-VIE
x-amz-cf-id
JWEEQbrgcjxMVGM6E-4crgnn_ju_Xxz48yjfqgcdvCn1zdtOKj6nKw==
project.js
www.secureworldexpo.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.3/bundles/ 		2 KB
848 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.3/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
09f439b49fd8ccd1abd10c152ca30c78bb690ecd5f0e556eb01a08f352a14158

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
via
1.1 c9bcf1ef5ff6ccbffc94a95572996803.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
748502
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Mon, 02 Jul 2018 13:11:21 GMT
server
cloudflare
etag
W/"c7e3582e33ff653f3eb6b0b5068c6425"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
3zHbwEdez_RyA8.10bTabAs8HfuAS5gs
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD79-C3
cf-ray
5434853c3f06cbc8-VIE
x-amz-cf-id
ys20FfMCEJ1fyhdiTeVdUXbPUqPOnfIxKydcdtJRJMZ_zYJE3E8FJA==
comment_listing_asset.js
www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.64/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.64/js/comment_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c788eb6f164f76552b96cd75349f0a88b81be7472775a19f74436d711153a237

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
via
1.1 86cbb00f1764c01bb52636b360589754.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
1421837
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Tue, 24 Sep 2019 21:57:47 GMT
server
cloudflare
etag
W/"556ce6dfa7bd54d0e05bfefc6ea807ed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
vHA4N9mgKXfajS53OjsbyOur7uYKFr5U
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD79-C1
cf-ray
5434853c3f07cbc8-VIE
x-amz-cf-id
5TOqXltuwrmHU6A4KsR39WjCUM6gkvPeSajfPQdKB5K5n8h2pXrJXw==
v2.js
www.secureworldexpo.com/_hcms/forms/ 		418 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1e54f3fe3290ecc4c8474d7bee91ecdb173921702de9a8f127ac28a18bacdcf

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 427271f19372c1be0d143a1d4c76a128.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
x-amz-cf-pop
IAD89-C2
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Tue, 10 Dec 2019 03:41:57 GMT
server
cloudflare
etag
W/"dc174e11f10c1ab65b7ec8796e0f0477"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
rSLg1kM0E2wc3M1ChjIUpj5ak3JTv4Dg
cache-control
max-age=600
access-control-allow-credentials
false
cf-ray
5434853c3f08cbc8-VIE
x-amz-cf-id
t46bZuSmkiGJSjA5u_13DLGjH9D5ZJ1qb5tnq39azk9KZrmv39Sd8g==
jquery-1.7.1.js
www.secureworldexpo.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 		92 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
via
1.1 836d15812518886911b1ae2be813f462.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
889490
x-cache
Hit from cloudfront
status
200
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD79-C1
cf-ray
5434853c5f35cbc8-VIE
x-amz-cf-id
OINUxOTICV3GRgYrrD56y-vz66cAEKf0reWlQ7qbDjUzSj2NFgyVsg==
comments_listing_asset.css
www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.64/sass/ 		1 KB
648 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.64/sass/comments_listing_asset.css
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c92b3367b5fe4043730b6978e65a2cfbe6c0fa7a2eeadf0e904435aa9354877f

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
via
1.1 237bd7e86f7f99cead16dc4ecb5fed20.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
1180882
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
text/css
last-modified
Tue, 24 Sep 2019 21:57:47 GMT
server
cloudflare
etag
W/"bff3608e1efab0c0b3f7a0eb6c143971"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
agzpJFgAaeAe3I75BIpW14YYVvgFSIqC
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C2
cf-ray
5434853c5f34cbc8-VIE
x-amz-cf-id
e6SSp6Eul44bGUTRX-0Lba-fxm4mWI9GPeVJMZI3aZmcrDVovVGqsQ==
cfm6mzj.js
use.typekit.net/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/cfm6mzj.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
51ccb84a0673c43c2b479d6d1b9065ff1275c01c93ab5d4274ddb469661cfcf8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
server
nginx
access-control-allow-origin
*
date
Wed, 11 Dec 2019 03:55:00 GMT
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
status
200
cache-control
public, max-age=600, stale-while-revalidate=604800
timing-allow-origin
*
content-length
7721
js
www.googletagmanager.com/gtag/ 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-29110626-1
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
eb40924d40106287255b0142fc4efbd597edc8fbcdb79685f7d1e096d53bc1c4
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
content-encoding
br
last-modified
Wed, 11 Dec 2019 03:00:00 GMT
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
27665
x-xss-protection
0
expires
Wed, 11 Dec 2019 03:54:59 GMT
in.js
platform.linkedin.com/ 		181 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:7403:4a68:7eff:710b:1ddf , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F0A) /
Resource Hash
3121654d547b73efc2d57bfe186968625b9955660891bfeb43248eb3f3ba5dbd

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 11 Dec 2019 03:54:59 GMT
Content-Encoding
gzip
X-CDN-CLIENT-IP-VERSION
IPV6
X-CDN
ECST
X-Cache
HIT
X-CDN-Proto
HTTP1
X-Li-Pop
prod-edc2
Content-Length
55595
X-LI-UUID
HlUBVzsz3xXwqqAInSsAAA==
Last-Modified
Wed, 11 Dec 2019 03:25:24 GMT
Server
ECAcc (frc/8F0A)
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Cache-Control
public, max-age=3600
Accept-Ranges
bytes
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
Expires
Wed, 11 Dec 2019 04:25:24 GMT
layout.min.css
cdn2.hubspot.net/hub/-1/hub_generated/template_assets/1495141902003/hubspot_default/shared/responsive/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/-1/hub_generated/template_assets/1495141902003/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f4cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
content-encoding
gzip
cf-cache-status
HIT
age
123784
status
200
x-amz-meta-md5-hash
0b0c633d59ab0af9553a98c0e7d97349
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
last-modified
Thu, 18 May 2017 21:11:43 GMT
server
cloudflare
etag
W/"0b0c633d59ab0af9553a98c0e7d97349"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
s-maxage=1209600, max-age=1209600
x-amz-cf-pop
IAD79-C3
cf-ray
5434853c8c2acbc0-VIE
Sw-2016.min.css
www.secureworldexpo.com/hs-fs/hub/2221756/hub_generated/template_assets/4263571273/1570561295473/Coded_files/Custom/page/Secureworld_2016/ 		91 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs-fs/hub/2221756/hub_generated/template_assets/4263571273/1570561295473/Coded_files/Custom/page/Secureworld_2016/Sw-2016.min.css
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
01238c0b3d70f0c96d84be0f867fd8e55c97a1545345310f7ca35feabd685915

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
9047F93B1DBCBA6A
status
200
content-type
text/css
x-amz-id-2
l9URW/Y/iGNY9wZCygBm7B10kivG7gYK3S2V0qelrLgPpBR4nmbBYtka4LE2Q623ldOCqGUy9OE=
last-modified
Tue, 08 Oct 2019 19:01:36 GMT
server
cloudflare
etag
W/"1ed2ffd1cb4fe8b34349e906f7d2681f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
u.S1AwSFzI9ZTgt_RhhxGnOMGalq.3HE
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
5434853c5f38cbc8-VIE
jquery.slides.min.js
www.secureworldexpo.com/hubfs/js/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hubfs/js/jquery.slides.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
59ec733cb38ee1c685cda9409cc5502f2ea47dd072f70b30146f5494dbe32ba8

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
via
1.1 f1944380c787841c28b16df91c1ec34e.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
1180882
x-cache
Miss from cloudfront
status
200
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
content-encoding
br
x-amz-request-id
3A428879508CDADD
x-amz-id-2
0uKjxN/obN+e/h+xSoqo6sd15lL9oP+ZDyhVD+meKKY9Y1RSFAC78kqs4DWEInmgbUnCsEl4ngw=
last-modified
Mon, 11 Jul 2016 21:39:09 GMT
server
cloudflare
etag
W/"58f295f0c2cc45fb57ab5fe958f93eeb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
oAXa_7l104Cf5Y8HYZhqFUOFvtaey45r
x-amz-cf-pop
VIE50-C1
cf-ray
5434853c5f39cbc8-VIE
x-amz-cf-id
a2CZL7CkgZJInXlIQRS0iFD8hi0u8JSSLzP8EBheDazo6GYcuHMTdA==
masonry.pkgd.min.js
www.secureworldexpo.com/hubfs/js/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hubfs/js/masonry.pkgd.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e7e1ec94cb98f8ee2f2f9d4549030b15bf4198419cfab1b5eab13c13ecf26ff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
via
1.1 f78fee2989d34e40cb45ddfbcb9ba346.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
889490
x-cache
Miss from cloudfront
status
200
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
content-encoding
br
x-amz-request-id
831FDD8A5C188B45
x-amz-id-2
lTY7DGSOk8q1u1l0GMOrdORln3BUbt6iBlxvdJU+inSsw7DC8Bh6VQboKSEnyTc/gSLIoPlVEkQ=
last-modified
Tue, 12 Jul 2016 17:33:54 GMT
server
cloudflare
etag
W/"d5761132889fee4a606e54d26675d2ea"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
p01HdefR.thGzQP58gPWMqi14.QGjgok
x-amz-cf-pop
VIE50-C1
cf-ray
5434853c5f3bcbc8-VIE
x-amz-cf-id
Cjm6JtJcnDGCjYZbyP0oNSAUDXVsTmTEo94Ria5BR8rWiGSg3QJaqw==
jquery-ui.min.js
www.secureworldexpo.com/hubfs/js/ 		247 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hubfs/js/jquery-ui.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
78613a6e5bab939b078feae691fb0661e2b2671dcce1b1be66517203b2a7b3b1

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
via
1.1 f1a23d3ef0f9fd221ae2e300de878916.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
889490
x-cache
Miss from cloudfront
status
200
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
content-encoding
br
x-amz-request-id
04EF625267497149
x-amz-id-2
TuygPwmhswOi5cvXu6EnSaXk0Ttv0iHdvTkGmgsM0YiX5Go7x9ZUfcVmHWNXCxUgHu+bqnzaZag=
last-modified
Thu, 14 Jul 2016 17:45:45 GMT
server
cloudflare
etag
W/"8cbf62fc02083afe12a90787cb8f9e3c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
3i9pp9ZRYVIn0GLzROYg8mObVjOyRJSc
x-amz-cf-pop
VIE50-C1
cf-ray
5434853c5f3ccbc8-VIE
x-amz-cf-id
ZHzW-hRc7jPmL0kbXRHB2P4qd4bPprByK9SnyzfaSp7Qcb7Q42pvBQ==
imagesloaded.pkgd.min.js
unpkg.com/imagesloaded@4.1.4/
Redirect Chain
  • https://unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js
  • https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
96abf166b3cbb5f7df525d86fdeeeccea4af3c120b19bc26b0613530a94e8b44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
2878833
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Tue, 02 Jan 2018 16:53:35 GMT
server
cloudflare
etag
W/"15da-bT4RF04iZo5p3yNuXEVCFo98v+w"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
a12ce6de65019677eb57da313e5220ad
cache-control
public, max-age=31536000
cf-ray
5434853ca82ecba8-VIE

Redirect headers

date
Wed, 11 Dec 2019 03:54:59 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
190
status
302
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
66
server
cloudflare
location
/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
7f5c42c3eff30ad1aacd03212023eb0d
cache-control
public, s-maxage=600, max-age=60
cf-ray
5434853c8ff7cba8-VIE
handlebars.min.js
cdn.jsdelivr.net/npm/handlebars@4.0.10/dist/ 		74 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/handlebars@4.0.10/dist/handlebars.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
d096836c66515e5ce415b57c5e2f19847ff367a41033463774291867b258ab7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
date
Wed, 11 Dec 2019 03:54:59 GMT
content-length
22694
x-served-by
cache-ams21046-AMS, cache-fra19174-FRA
etag
W/"12630-EKA6xd0OO5UHmP0bY9EiNnZapJc"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
gpt.js
www.googletagservices.com/tag/js/ 		51 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
22824fe13f4f30dd81e278c927464ddf7888c554f1fe5d35c9dc1b84cfd38de9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"363 / 280 of 1000 / last-modified: 1576004307"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
15802
x-xss-protection
0
expires
Wed, 11 Dec 2019 03:54:59 GMT
hamburger.png
www.secureworldexpo.com/hubfs/ 		178 B
807 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/hamburger.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e85e480856bd1bfc6c8f2782e1cffcb33b19837fcbc24cc8b25ed969d30bbd11

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 c4005d49d3278d7f5583e8e506f5ced0.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4228641034,P-2221756,FLS-ALL
age
22122
cf-polished
origFmt=png, origSize=678
edge-cache-tag
F-4228641034,P-2221756,FLS-ALL
status
200
content-length
178
content-disposition
inline; filename="hamburger.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
E4D32661FB5BC828
x-amz-id-2
gmaXgFegKgyQABUJZth3fUx1hB0hN2TaLKFkWCfh+RsCQzNen41X1yOgGoJDsVPmiCT7+TdCi6w=
x-cache
Miss from cloudfront
last-modified
Sun, 08 Oct 2017 22:59:50 GMT
server
cloudflare
etag
"d3bd09f40d4f357af913c143adca587d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
4m0X8x7SQCsWrf.U9R26NzzJ2LVMVSnV
x-amz-cf-pop
BRU50-C1
accept-ranges
bytes
cf-ray
5434853d1828cbc8-VIE
x-amz-cf-id
R3AAm0ghVAwB581FmlEY9BwMb9UH51W0upltdpP2IFdWryLgt50I4Q==
cf-bgj
imgq:85
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/ 		28 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
content-encoding
br
cf-cache-status
HIT
age
19141969
cf-ray
5434853c7fb6595e-VIE
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:19:12 GMT
server
cloudflare
etag
W/"5afd4910-7187"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Mon, 30 Nov 2020 03:54:59 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.002
Bruce_Sussman.jpg
www.secureworldexpo.com/hubfs/speakers/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/speakers/Bruce_Sussman.jpg
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba9b45bb0dae052dfa016312364839c1fe3001edaf01d24c5f83a85ce6559224

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 ea746bedab5384bb22e11a760a21dc93.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-5560419284,FD-4142850703,P9Jym,FLS
age
882767
cf-polished
qual=85, origFmt=jpeg, origSize=18664
edge-cache-tag
F-5560419284,FD-4142850703,P9Jym,FLS
status
200
content-length
8878
content-disposition
inline; filename="Bruce_Sussman.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
1CD7C84E28498EEF
x-amz-id-2
zDZ5fv1IzmiisNa64jq18+YnUeoo1k05/A/sGKf8zT58Ab//oKe79vqerWH+LReCgr88WkEXUTM=
x-cache
Miss from cloudfront
last-modified
Mon, 05 Feb 2018 20:09:16 GMT
server
cloudflare
etag
"a46d51259cd51646fc6c18f08c0ef843"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
p73a5uGwwrkN1ptLWmfVeAejhQ8KLb.H
x-amz-cf-pop
PRG50
accept-ranges
bytes
cf-ray
5434853d88accbc8-VIE
x-amz-cf-id
CRD62t4ZHnzSqhNeGWhYln_EGsjfPK4SIwrZb1vD7QQebIrIRD92fw==
cf-bgj
imgq:85
chain_red_link_broken_insider_threat_shutterstock_32832901.jpg
www.secureworldexpo.com/hubfs/Blog_images/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/Blog_images/chain_red_link_broken_insider_threat_shutterstock_32832901.jpg
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7ac2143db4b55bb491d0942494a9cecb601c3001e67a868ef99ee1f7ce5d3a9

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 7d12bef71f48487e9202b581d949876e.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-11632045304,FD-4415468373,P-2221756,FLS-ALL
age
22122
cf-polished
qual=85, origFmt=jpeg, origSize=105583
edge-cache-tag
F-11632045304,FD-4415468373,P-2221756,FLS-ALL
status
200
content-length
12644
content-disposition
inline; filename="chain_red_link_broken_insider_threat_shutterstock_32832901.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
ABDA9D0BDFAAF8BB
x-amz-id-2
np4TbVMdPnkOKHuIP0wDJ39mclTwPVuDcQoJOZHvCF2lGnBAwq8QTyxgToupNsXwbNMr3SeeyMg=
x-cache
Miss from cloudfront
last-modified
Fri, 26 Jul 2019 18:32:43 GMT
server
cloudflare
etag
"d23fc82adc0c1cafd3a14f69db0a88af"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
k4Dfn_QvgYzvvcmtiiKir5qwRpTAl7R_
x-amz-cf-pop
BRU50-C1
accept-ranges
bytes
cf-ray
5434853d88aecbc8-VIE
x-amz-cf-id
tBR2cj5vlrYt2YE0UZFqSBBzqNrsgIZ9ZDgoZcBf-cGf2dQ2ZxMJqQ==
cf-bgj
imgq:85
pentesters-arrested.png
www.secureworldexpo.com/hubfs/ 		269 KB
269 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/pentesters-arrested.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f982f91c6508edb5cbc2bde7417645eddc564172c93cd0c8d0ef4f4948c7b15

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 8cd844bacbbb108386530e3df2e139e0.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-13314460514,P-2221756,FLS-ALL
age
22123
cf-polished
origFmt=png, origSize=706863
edge-cache-tag
F-13314460514,P-2221756,FLS-ALL
status
200
content-length
275124
content-disposition
inline; filename="pentesters-arrested.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
C2AB6E8FAB450353
x-amz-id-2
Gxpf1FsQBA8pDWTz+FwW2JcakxTb2xG0Q4iaUJcpTv60X6JBP2h620ZDrfkkSmgbzfhsRFpGfqs=
x-cache
Miss from cloudfront
last-modified
Fri, 13 Sep 2019 22:06:33 GMT
server
cloudflare
etag
"1c26d4d84b5fa5e819bb6b3ae5511716"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
9CEfom2kej85KpOMhDDeh3P5CySoyxSc
x-amz-cf-pop
BRU50-C1
accept-ranges
bytes
cf-ray
5434853d88afcbc8-VIE
x-amz-cf-id
WYxm91aCEmH7DlWISSsiPu7eoNsSbDzLsCXvigWh9TZTkoyjUuEQVw==
cf-bgj
imgq:85
addthis_widget.js
s7.addthis.com/js/300/ 		349 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 30 Oct 2019 19:35:04 GMT
server
nginx/1.15.8
etag
"5db9e5e8-57446"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
status
200
cache-control
public, max-age=600
date
Wed, 11 Dec 2019 03:54:59 GMT
x-host
s7.addthis.com
content-length
114924
5b11748c-d8d9-47fd-b704-d273971b3380.png
no-cache.hubspot.com/cta/default/2221756/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/2221756/5b11748c-d8d9-47fd-b704-d273971b3380.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0f8dc01b870f4220bb68c5ece91eb9aa5d2b459d84ae795567d9b068184bc54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
cf-cache-status
DYNAMIC
last-modified
Thu, 08 Sep 2016 23:38:22 GMT
server
cloudflare
x-amz-request-id
012C1B8C3BEE7708
etag
"a0bf93e49385d55d2b06b74a0483880e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
5434853d8de25946-VIE
content-length
1720
x-amz-id-2
pwPIHSvhhs/gx2bxMKU4fMGs0ZvHT+EVN8brcEg6UJylYczXiGaZ/fBX/7Mu528bOf/3skpMxDs=
current.js
www.secureworldexpo.com/hs/cta/cta/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/cta/cta/current.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff499634fbd1bb5508090af0449aab64d40cb5299dbd1c2e482ad4bb168e1b17

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 936f33bed45438343f0ef2adff442815.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
x-amz-cf-pop
IAD89-C1
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Thu, 05 Dec 2019 02:00:52 GMT
server
cloudflare
etag
W/"4065d447430e3a4550393b48931950d6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
5L1r65RVhOKwk2Qjr88Y4p.8.MmiJz_H
cache-control
max-age=600
access-control-allow-credentials
false
cf-ray
5434853c9f81cbc8-VIE
x-amz-cf-id
bvgZZoEGeDv6dZsIWtZQsrd27B3JTLcGOF9YInucifpmY8PUvnnQBQ==
facebook-icon.png
www.secureworldexpo.com/hubfs/icons/ 		266 B
771 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/facebook-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
45d8a712ca77cd325fcaaf66940adab8fc7d87692dfab6795f4fe8af5761bbc2

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 b48fca327a980187d93a198e7530195c.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4217507994,P-2221756,FLS-ALL
age
22124
cf-polished
origFmt=png, origSize=341
edge-cache-tag
F-4217507994,P-2221756,FLS-ALL
status
200
content-length
266
content-disposition
inline; filename="facebook-icon.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
C98431302744E470
x-amz-id-2
mtRqV+5OHy5CdJuBkb+9cwnKcImK+9pxZWZzBQToMrK93KivK/ihDADO9m0v7FaqAFr/swjdY8s=
x-cache
Miss from cloudfront
last-modified
Sun, 08 Oct 2017 22:59:45 GMT
server
cloudflare
etag
"382d93a10bf4c2b421daabc50181cee3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
cpGeMT3J5tMnUJqYR3Q0N_7QYVZ9aPqE
x-amz-cf-pop
VIE50-C1
accept-ranges
bytes
cf-ray
5434853d88b0cbc8-VIE
x-amz-cf-id
J2zwJ5RMA9JaY4D914c0Ocqgkmvgo8FP3HAyLG3ltBC13GnGJ-8e7A==
cf-bgj
imgq:85
twitter-icon.png
www.secureworldexpo.com/hubfs/icons/ 		616 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/twitter-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2706e604d16b9785e1a98e631df92c3402eb93e3d8160b6b0959f28d132e3ce

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 ccc2e147947b6e1dcaa206a56faa4bb5.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4236787772,P-2221756,FLS-ALL
age
22124
cf-polished
origFmt=png, origSize=883
edge-cache-tag
F-4236787772,P-2221756,FLS-ALL
status
200
content-length
616
content-disposition
inline; filename="twitter-icon.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
76BED3C6D0652DA5
x-amz-id-2
PK9qEfOsgmTXpAlOdBzWPl2fTq1BhCyEPYFj/049LdzJlEN8pH2kEx7RFrL87bmEWOl538OewA4=
x-cache
Miss from cloudfront
last-modified
Sun, 08 Oct 2017 22:59:51 GMT
server
cloudflare
etag
"435d809eb83677f7468e7b683bb64e9d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
vxboFQ0o8uHNttXVAk1x4tCcamAImMN6
x-amz-cf-pop
VIE50-C1
accept-ranges
bytes
cf-ray
5434853d88b1cbc8-VIE
x-amz-cf-id
feJxlXrSCVkGXhJUFRFgrlpJm2n0SckaAbcB8_4nMc8dtFd441hDMw==
cf-bgj
imgq:85
linkedin-icon.png
www.secureworldexpo.com/hubfs/icons/ 		398 B
830 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/linkedin-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
105580db30d3915f2122d4e07a985c069478dd6f64e25d58ff3bf4c6ba7d9200

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 854e69d09dba9252a1cd2401bf2be25e.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4249039716,P-2221756,FLS-ALL
age
22123
cf-polished
origFmt=png, origSize=545
edge-cache-tag
F-4249039716,P-2221756,FLS-ALL
status
200
content-length
398
content-disposition
inline; filename="linkedin-icon.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
6AC88FA2911B7DA9
x-amz-id-2
STEC3gfZR0WRAcaMugwRHhHcWY1RlWJNOksywh98IrbJCL6gWZQF7miRlM3HiEraFNdXey0wz1Q=
x-cache
Miss from cloudfront
last-modified
Sun, 08 Oct 2017 23:00:01 GMT
server
cloudflare
etag
"f35feef6db03f1de7a0f82ac16331984"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
Ca0VlQPn4uRh8ARQvO0BomNcHUPSzg5d
x-amz-cf-pop
BRU50-C1
accept-ranges
bytes
cf-ray
5434853d88b3cbc8-VIE
x-amz-cf-id
ucPZjQBoUyDigf09wpK_DzC_VP-VJ5AtGZb9jzngwkXVJpKo7vbSyw==
cf-bgj
imgq:85
youtube-icon.png
www.secureworldexpo.com/hubfs/icons/ 		538 B
978 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/youtube-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb84dfde92c3f516c917d8b8a714cbedcb98908c2ca54c47f2eb27cc712ec39e

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 e279a0a92436000a16e18086b0298533.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4217507984,P-2221756,FLS-ALL
age
22122
cf-polished
origFmt=png, origSize=740
edge-cache-tag
F-4217507984,P-2221756,FLS-ALL
status
200
content-length
538
content-disposition
inline; filename="youtube-icon.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
FB7975B188EC050C
x-amz-id-2
ZwWjEinGKLH6JFG2aFNoncVOIbHLITrFuoxS5AUVneIZenpHm/3ofV12OuQt3YQhbSftjLsl9JQ=
x-cache
Miss from cloudfront
last-modified
Sun, 08 Oct 2017 22:59:44 GMT
server
cloudflare
etag
"cd74c7bacf9b51e0d78450b3a775f1d5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
MZVOTxFc5yM8fhWUGQmM9Ce.Rx4WyYF6
x-amz-cf-pop
BRU50-C1
accept-ranges
bytes
cf-ray
5434853d88b5cbc8-VIE
x-amz-cf-id
fU8CkY8o89aJnXFNyZjiREVC9DeiQpuDhbZf8rs0Pv5n6btEngKAgA==
cf-bgj
imgq:85
module_5767375991.min.js
www.secureworldexpo.com/hs-fs/hub/2221756/hub_generated/module_assets/1526415140634/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs-fs/hub/2221756/hub_generated/module_assets/1526415140634/module_5767375991.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e7ae196488d11c550b2c2bdda02ab66d9b30d9ce3428175816fc7529d417b55

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
FA18A44FB40FB2D7
status
200
content-type
application/javascript; charset=utf-8
x-amz-id-2
T2CZdaB/9JCZj/xHkl8xKDu7MhpEUS8J7I9RAw17/xsschdvM6TSE7eoOGbVmnbDKkjhDJ5Y4bc=
last-modified
Tue, 15 May 2018 20:12:21 GMT
server
cloudflare
etag
W/"f4b2280c49cfc63c17de571e5c7fc973"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
r6EweSOu4oidIwv_yz3SQArFNSnW.a4T
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
5434853ccfc9cbc8-VIE
2221756.js
www.secureworldexpo.com/hs/scriptloader/ 		860 B
559 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/scriptloader/2221756.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fff0df5e9d8db0b89d72d4f0f069cac9e433c0bebb3459be242f408199734365

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
server
cloudflare
x-trace
2B32C7F76B89240A772C42808456B44FE50970FA36000000000000000000
cf-polished
origSize=1057
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
public, max-age=60
access-control-allow-credentials
false
cf-ray
5434853d88b6cbc8-VIE
expires
Wed, 11 Dec 2019 03:41:54 GMT
hotjar-349336.js
static.hotjar.com/c/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-349336.js?sv=5
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.33.111 Amsterdam, Netherlands, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS
pkt-ams-k1-12
Software
openresty /
Resource Hash
c81a3428c383ad677051cd33d0f5a60072918d4a234860721386931e3dc4412e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript
section-io-tag
hotjar
age
0
status
200
access-control-max-age
600
section-io-cache
Miss
content-length
1581
x-cache-hit
1
server
openresty
x-frame-options
SAMEORIGIN
etag
W/1f42f26eb74a73b1530dc09e42cdb8d4
vary
Accept-Encoding
section-io-origin-status
304
access-control-allow-origin
*
cache-control
max-age=60
section-io-origin-time-seconds
0.071
accept-ranges
bytes
section-io-id
4348f9c2287c306b1144b0f8711e1d10
integrator.js
adservice.google.de/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.secureworldexpo.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.secureworldexpo.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
pubads_impl_2019120201.js
securepubads.g.doubleclick.net/gpt/ 		166 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js?21065311
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
sffe /
Resource Hash
f93d1d7d700f850328abfcc87e394dfb26fe1183249925434f8870fba994bc96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 02 Dec 2019 14:08:04 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
62423
x-xss-protection
0
expires
Wed, 11 Dec 2019 03:55:00 GMT
secureworld-logo-2.png
cdn2.hubspot.net/hubfs/2221756/
Redirect Chain
  • https://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
23 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=21dec5bcd6564460218ff5628e81417f&ua=modern_es6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f4cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a8ff50036f20394f742977e90d27f633f8fbad3fe3778aaecb3b542671344bc

Request headers

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 a01b7aca64c6d4b437b814f64422d6c8.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4248998301,P-2221756,FLS-ALL
age
205546
cf-polished
origFmt=png, origSize=8991
edge-cache-tag
F-4248998301,P-2221756,FLS-ALL
status
200
content-length
5776
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
41C8A69038F7990A
x-amz-id-2
a1UZSEUnd5jfjNDFoR08FbgnCQIo2NR/rYbvj8K4kNjzas2Uy6kOpD8p+m7WnbeP5fqVvuESYfc=
last-modified
Sun, 08 Oct 2017 23:00:00 GMT
server
cloudflare
etag
"a2bea9973108d135d0e2ed91ee7a4863"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
content-disposition
inline; filename="secureworld-logo-2.webp"
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
8C7sadi_1ki1QqvhHVTxlDSccXzvI9qc
x-amz-cf-pop
VIE50-C1
accept-ranges
bytes
cf-ray
5434853d9da9cbc0-VIE
x-amz-cf-id
VUtv96wz2DpEvLXcVtNpUJ9W-MskM_CSkXxKA7DakTZ4jAiURsyj6w==
cf-bgj
imgq:85
l
use.typekit.net/af/bb3775/00000000000000000001569e/27/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/bb3775/00000000000000000001569e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
dcb769d61497a5dce38c3348ae7c237fd9be1942f7c042911d704717c1605ff9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
server
nginx
access-control-allow-origin
*
etag
"99f07ce58bc0e353bcdc4fa21533dd7a9de930b5"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
16476
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-29110626-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
4883
date
Wed, 11 Dec 2019 02:33:37 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Wed, 11 Dec 2019 04:33:37 GMT
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/fonts/ 		70 KB
71 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
cf-cache-status
HIT
age
1735931
cf-ray
5434853dde38cbb8-VIE
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-23=":443"; ma=86400
content-length
71896
last-modified
Thu, 17 May 2018 09:19:12 GMT
server
cloudflare
etag
"5afd4910-118d8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
expires
Mon, 30 Nov 2020 03:55:00 GMT
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
served-in-seconds
0.001
ransomware-money-shutterstock.jpg
www.secureworldexpo.com/hubfs/ 		100 KB
100 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/ransomware-money-shutterstock.jpg
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cb83b420a56223fdb308d5756d06d6112a639d9d592758a5cc82b5da81b86eb

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 19e8b9893b6330d5d62599a448aea7db.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-amz-meta-cache-tag
F-6240528961,P-2221756,FLS-ALL
x-amz-cf-pop
VIE50-C1
edge-cache-tag
F-6240528961,P-2221756,FLS-ALL
status
200
content-length
101932
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
063D23CDCB9FD372
x-amz-id-2
qlUctXDW4BkJR5xckBRINJ0+3SxKTRzszzvuVDJJkvYmhT8K3a5j1ienHftS0CgTEPd9AGVlhqI=
last-modified
Thu, 27 Sep 2018 16:54:25 GMT
server
cloudflare
etag
"14ba9e55fff9cbc2d9153319ae2914fd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
llsIThycd9s.ve7OtbUbitaho.Zf9PS7
accept-ranges
bytes
cf-ray
5434853dc905cbc8-VIE
x-amz-cf-id
Nyj-OUTnbdf8_qjwjmf6vhAI0X14o9fPxCoZVsMN0SwZWKzk1IjONQ==
l
use.typekit.net/af/7e7807/00000000000000003b9adf8d/27/ 		11 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/7e7807/00000000000000003b9adf8d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
eddf849cf62612e5e4562a7cdc14184f9b62ff3ce9304d9cb6c2f3a0b56f8efc

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
server
nginx
access-control-allow-origin
*
etag
"5eae00594a6e4389351e7799a5ec80c9177b17d7"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11724
l
use.typekit.net/af/a6f15d/00000000000000000001569d/27/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/a6f15d/00000000000000000001569d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
04a7f69900ec09547b919c8a44e52a13933b9e4de1ebd97337d037f48e2b0209

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
server
nginx
access-control-allow-origin
*
etag
"d09f966d69c26891fac2c4897662016d1e2cf038"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
18764
l
use.typekit.net/af/394c5a/0000000000000000000156a1/27/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/394c5a/0000000000000000000156a1/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
487a1c1be7c36bf6d6263d1f0b698d2efab5b4a7d1c0e258a8d6f6ab2bccbbb5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
server
nginx
access-control-allow-origin
*
etag
"e8d3b4137e5c88f1f7df47c8f7c2d7e34fbe5f19"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
17996
moatframe.js
z.moatads.com/addthismoatframe568911941483/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.21.38.40 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-38-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 11 Dec 2019 03:55:00 GMT
Content-Encoding
gzip
Last-Modified
Fri, 08 Nov 2019 20:13:52 GMT
Server
AmazonS3
x-amz-request-id
AF22121AC17E2DF8
ETag
"f14b4e1f799b14f798a195f43cf58376"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=26495
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
948
x-amz-id-2
XWpXS9CeT4Nor0jdYlfrU6129qO866TH1jpFP4T3d5FUiMoUI6quPa/ZeAL++wpKWJvW9IlixBw=
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1119850118&t=pageview&_s=1&dl=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&ul=en-us&de=UTF-8&dt=Special%...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-29110626-1&cid=887001811.1576036500&jid=1610166092&_gid=891731036.1576036500&gjid=1293370016&_v=j79&z=1029409209
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=887001811.1576036500&jid=1610166092&_v=j79&z=1029409209
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=887001811.1576036500&jid=1610166092&_v=j79&z=1029409209&slf_rd=1&random=547773127
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=887001811.1576036500&jid=1610166092&_v=j79&z=1029409209&slf_rd=1&random=547773127
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 11 Dec 2019 03:55:00 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 11 Dec 2019 03:55:00 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=887001811.1576036500&jid=1610166092&_v=j79&z=1029409209&slf_rd=1&random=547773127
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		46 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1846661051017011&correlator=3108654995944629&output=ldjh&impl=fifs&adsid=NT&eid=21065270%2C21065311%2C21062752%2C21064169%2C21064549%2C21065203%2C21065272&vrg=2019120201&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A536903688%2C8%3A134250504&sc=1&sfv=1-0-37&ecs=20191211&iu_parts=562063608%2CBB1%2CBB2%2CBannerAd&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=300x250%2C300x250%2C970x90&cookie_enabled=1&bc=31&abxe=1&lmt=1576036500&dt=1576036500212&dlt=1576036499887&idt=312&frm=20&biw=1585&bih=1200&oid=3&adxs=1037%2C1037%2C308&adys=702%2C2235%2C115&adks=615754453%2C1619671624%2C2061276719&ucis=1%7C2%7C3&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&dssz=33&icsg=3225356963&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=362x250%7C362x250%7C1150x90&msz=300x-1%7C300x-1%7C1150x90&ga_vid=887001811.1576036500&ga_sid=1576036500&ga_hid=1119850118&fws=0%2C0%2C0&ohw=0%2C0%2C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js?21065311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
cafe /
Resource Hash
e745d03a8319e05b2b0688e432483e7ede543e76fb7e5d8b0a3df27e25a986c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
6651
x-xss-protection
0
google-lineitem-id
5172625137,4756107021,5172625869
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138287794027,138240330104,138287794057
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.secureworldexpo.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2019120201.js
securepubads.g.doubleclick.net/gpt/ 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js?21065311
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js?21065311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
sffe /
Resource Hash
1008ae8c93c140845bf5bfa6d0c6e0a048ff8906a4fa0081196fd99f1613f65a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 02 Dec 2019 14:08:04 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
24817
x-xss-protection
0
expires
Wed, 11 Dec 2019 03:55:00 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js?21065311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
modules.702d0ed6bd7b9f074e9c.js
script.hotjar.com/ 		399 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.702d0ed6bd7b9f074e9c.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-349336.js?sv=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.101.51 Central, Hong Kong, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS
pkt-ams-k1-7
Software
/
Resource Hash
d64807919e69f57d50f4894ab8eba5d89cfde9dc37895fbd0f136aa779fe29e1

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:54:59 GMT
content-encoding
br
last-modified
Tue, 10 Dec 2019 17:02:51 GMT
access-control-allow-origin
*
etag
"720c91d03ad7d41592b26c8e9b9f518f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=31536000
section-io-origin-time-seconds
0.025
section-io-origin-status
200
accept-ranges
bytes
section-io-id
adf4a438f3ef3e1cee79034a4c583d6e
content-length
70939
f9c697eb-4f35-4c94-a6fd-0f0abceafced
www.secureworldexpo.com/_hcms/forms/embed/v3/form/2221756/ 		19 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/_hcms/forms/embed/v3/form/2221756/f9c697eb-4f35-4c94-a6fd-0f0abceafced?callback=hs_reqwest_0&hutk=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
642f2738797c63f62ee9ad695e4925e4d1e80c1724d5d75a68c4cbcd7a6a92c2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
x-trace
2B597A9D891CCC5B36C33F9972FF9BF9A39AF5DDB2000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
content-disposition
attachment; filename=no-rfd.txt
cf-ray
5434853eaa43cbc8-VIE
de00eec1-d1e4-4ed7-92a5-513850f7168f
www.secureworldexpo.com/_hcms/forms/embed/v3/form/2221756/ 		3 KB
920 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/_hcms/forms/embed/v3/form/2221756/de00eec1-d1e4-4ed7-92a5-513850f7168f?callback=hs_reqwest_1&hutk=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6256adff5493964d90999cd3c34a8c1314cbd0572bbecb1dd73db436af1f50a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
x-trace
2B15E01B54AE3BC359C7B0552D310FF3D1ABD772B3000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
content-disposition
attachment; filename=no-rfd.txt
cf-ray
5434853eaa45cbc8-VIE
insight.min.js
snap.licdn.com/li.lms-analytics/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:eb:3a3::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 11 Dec 2019 03:55:00 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=61183
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
all.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
b461435a1846fe9fa247cf6906c104b6540f46edae3b66ecd13d36e6c61376e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
9k/El4DyF4rdTltZeOu0zQ==
status
200
date
Wed, 11 Dec 2019 03:55:00 GMT
expires
Wed, 11 Dec 2019 04:14:44 GMT
alt-svc
h3-24=":443"; ma=3600
content-length
1779
x-ua-compatible
IE=edge
x-fb-debug
Db3JrjdohF6PQGU95IGiloNGhAR1AstsoThFIHhc/euByQhbQDOC76wIMS+22QBbEpbtB/vPXiZh/Cto3GoeOw==
x-fb-trip-id
420120009
x-fb-content-md5
71d1ae857e22bc80eeed407e737c7e15
etag
"86f6a5fae2b059a0bc64ae16a9041175"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
widgets.js
platform.twitter.com/ 		95 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40F9) /
Resource Hash
ff6a67b5b4c91cf683b9168393ce7aa41d64326a40b928809cdf7e15d0b3c8b8

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 11 Dec 2019 03:55:00 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 Dec 2019 23:46:10 GMT
Server
ECS (fcn/40F9)
Etag
"a41dba1e30b9426e9a69c373d2c94042+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-control-allow-origin
*
Cache-Control
public, max-age=1800
X-Cache
HIT
Content-Type
application/javascript; charset=utf-8
Content-Length
28837
l
use.typekit.net/af/3ad3aa/00000000000000000001569b/27/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/3ad3aa/00000000000000000001569b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1e54331d7158f9a0abb6782f264ae9461fa13459fd6062ffabe1dd26c35ce1e0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
server
nginx
access-control-allow-origin
*
etag
"fefd3dbe8b7ef1626c87462aa1d1e79b3dcd6e47"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
17452
l
use.typekit.net/af/9e46ec/00000000000000003b9adf8a/27/ 		11 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/9e46ec/00000000000000003b9adf8a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b1e1b7aa534882af2611627bea86667e9aa6382f1afaf501c92d52cfe800f9a1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
server
nginx
access-control-allow-origin
*
etag
"4cf766f30cb354bace1fc993c9fac290fcb99d54"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11672
l
use.typekit.net/af/cc82c8/00000000000000003b9adf93/27/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/cc82c8/00000000000000003b9adf93/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
9f4ae93de936fb5a15eec738abbb037cd8e5cc4e632a383701ad6d65462a432c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
server
nginx
access-control-allow-origin
*
etag
"18e006d1293afebbc42e8c739f3b1591ba611d5a"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11812
l
use.typekit.net/af/78f875/00000000000000003b9adf90/27/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/78f875/00000000000000003b9adf90/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3c82ee60664a2e794f5085023f75a11a962ace069300ab54b13332b6a2b49272

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
server
nginx
access-control-allow-origin
*
etag
"69acc88dceb338052e5f2d097c4a9fc618ff0d48"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
10780
l
use.typekit.net/af/66bb45/00000000000000003b9adf8b/27/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/66bb45/00000000000000003b9adf8b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
16c387cb1f0e7daac69f16408a334a4301300f4b62b1bc224d70b164155a6928

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
server
nginx
access-control-allow-origin
*
etag
"aab15115f34bdbbf651dee6879b1b18d8cd54b11"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11180
l
use.typekit.net/af/1db353/00000000000000003b9adf8f/27/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/1db353/00000000000000003b9adf8f/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3aef1fcf1a2eae7be06e1aec6d79c322385f74fb3e284428679e46af3b49a0b2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
server
nginx
access-control-allow-origin
*
etag
"9a26f87008ff7b9f0fbd10d7b7ef46650877431d"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11260
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-57a915b0b3a6bc42/ 		2 KB
918 B 		Script
General
Check archive.org
Download Go to
Full URL
https://v1.addthisedge.com/live/boost/ra-57a915b0b3a6bc42/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.8.v20180619) /
Resource Hash
4fe02c4eb93ca44809f5c71605bfaaf4fca2007b17eea829b0d3a59fd9314bb8

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
gzip
surrogate-key
ra-57a915b0b3a6bc42
server
Jetty(9.4.8.v20180619)
etag
81691266--gzip
vary
Accept-Encoding
cache-tag
ra-57a915b0b3a6bc42
status
200
cache-control
public, max-age=59, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-type
application/javascript;charset=utf-8
content-length
673
public
api.hubapi.com/comments/v3/comments/thread/ 		75 B
503 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/comments/v3/comments/thread/public?portalId=2221756&offset=0&limit=1000&contentId=10855193339&collectionId=4214485368&callback=jsonp_1576036500269_23826
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.64/js/comment_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2f51f1bafd3338c5b79c08e0c297dd0eaf93b474b533060c5f1f49d74af858d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
x-trace
2B4106198762A3F5B8ACC552AE87CDCDE0816269AF000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
5434853ee8bccbc4-VIE
leadflows.js
js.hsleadflows.net/ 		377 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/scriptloader/2221756.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:e9cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a55c02888038e59252778d81b592f942ea904c3dca19f539e3376b4a0a0c6b2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
via
1.1 3ba4f1633675322ba2a091472486bb3a.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
x-amz-cf-pop
IAD89-C2
x-cache
Miss from cloudfront
status
200
access-control-max-age
3000
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Fri, 01 Nov 2019 01:52:48 GMT
server
cloudflare
etag
W/"54006d8d669ba60aff038448ad347c84"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
x-amz-version-id
Mo8RDmG1YId30ggWGmkBlVvLfaalQv4Q
access-control-allow-origin
*
cache-control
max-age=600
cf-ray
5434853eca68cbc8-VIE
x-amz-cf-id
3b_hL9lqr8cWmfwPEFYpmsQB9j1yj3m3-W9Wxjag24Zo_5KRywMiUg==
2221756.js
js.hs-analytics.net/analytics/1576035600000/ 		74 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1576035600000/2221756.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/scriptloader/2221756.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
348f4dd27f5bce30f5bb1ca0139d7b87249fb30aad77431cd22c25e53991361d

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
gzip
cf-cache-status
MISS
x-amz-request-id
ABF6CE91E1EB8654
status
200
content-type
text/javascript
x-amz-id-2
NqfxvyQ3Ftsmyx7B7NId4BVcILp+WgyAWDIGUReaNHrsAbqlZ6haX5DEnvP+/qfEOiViUm3xWrE=
last-modified
Tue, 29 Oct 2019 20:31:02 GMT
server
cloudflare
etag
W/"4cb978d9c0a6dd8df15d47327c995a26"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
cf-ray
5434853eb8238c92-VIE
expires
Wed, 11 Dec 2019 04:00:00 GMT
all.js
connect.facebook.net/en_US/ 		187 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js?hash=21dec5bcd6564460218ff5628e81417f&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
0245a67f3945987d2e2f58174d7eb20223f197367797688f1553e87ee383c685
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
F76APQWrAWyhR3EwrAf6Vg==
status
200
date
Wed, 11 Dec 2019 03:55:00 GMT
expires
Thu, 10 Dec 2020 03:00:40 GMT
alt-svc
h3-24=":443"; ma=3600
content-length
56905
x-fb-debug
mGdYARn7xJ2aYmLTD/OKoPvtiHhbj7LSe5PgFLYQWvqJATYYKRiUp9yRnFjYrTP0PBgyXvzYwPYVu5PGFfsjmA==
x-fb-trip-id
420120009
x-fb-content-md5
e5730ce1ceb9c4d05320b92a1329e3e5
etag
"653a594663837e673fc87bee2ed0a0b6"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1576036500280
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D651962%26url%3Dhttps%253A%252F%252Fwww.secureworldexpo.com%252Findustry-news%252F...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1576036500280&liSync=true
0
70 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1576036500280&liSync=true
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
gzip
server
Play
vary
Accept-Encoding
x-li-fabric
prod-lva1
status
200
x-li-proto
http/2
x-li-pop
prod-efr5
content-type
application/javascript
content-length
20
x-li-uuid
IkBR19g03xUAYGB9qysAAA==

Redirect headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
302
x-li-pop
prod-efr5
content-length
20
x-li-uuid
XvLDz9g03xWg+COdiisAAA==
pragma
no-cache
server
Play
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary
Accept-Encoding
strict-transport-security
max-age=2592000
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1576036500280&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
amp4ads-host-v0.js
cdn.ampproject.org/rtv/011911070201440/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js?21065311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
866a1264b956a58da8e640a6191453d62f20d8676f63f193d2786318f83f6422
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
21092
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7132
x-xss-protection
0
server
sffe
date
Tue, 10 Dec 2019 22:03:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"796f98bb73f13f89"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Dec 2020 22:03:28 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/011911070201440/ Frame E617 		200 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js?21065311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
7a52d4e3f541e459f9069f6f596242684704eeaca5a95f05285d16e2e609927d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
35795
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
55611
x-xss-protection
0
server
sffe
date
Tue, 10 Dec 2019 17:58:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d3c4309c2c9fce1d"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Dec 2020 17:58:25 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/011911070201440/v0/ Frame E617 		151 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js?21065311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
e4ad56bd91f08203b208a3db86c463c7952fad443a239de6454c73b7ce669657
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
35831
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
41358
x-xss-protection
0
server
sffe
date
Tue, 10 Dec 2019 17:57:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ed96f4a845755c74"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Dec 2020 17:57:49 GMT
truncated
/ Frame E617 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4b09b9b5fb3b33a07770b98af0dad52a7d522102bd8414df2e558a6cf6f7845d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-v0.js
cdn.ampproject.org/rtv/011911070201440/ Frame F675 		200 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js?21065311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
7a52d4e3f541e459f9069f6f596242684704eeaca5a95f05285d16e2e609927d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
35795
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
55611
x-xss-protection
0
server
sffe
date
Tue, 10 Dec 2019 17:58:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d3c4309c2c9fce1d"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Dec 2020 17:58:25 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/011911070201440/v0/ Frame F675 		151 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js?21065311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
e4ad56bd91f08203b208a3db86c463c7952fad443a239de6454c73b7ce669657
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
35831
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
41358
x-xss-protection
0
server
sffe
date
Tue, 10 Dec 2019 17:57:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ed96f4a845755c74"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Dec 2020 17:57:49 GMT
truncated
/ Frame F675 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2a745527bcbac6d00f8010a94516ce54cf574bb6347e95659910d8598cf4f2cc

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-v0.js
cdn.ampproject.org/rtv/011911070201440/ Frame 5BDB 		200 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js?21065311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
7a52d4e3f541e459f9069f6f596242684704eeaca5a95f05285d16e2e609927d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
35795
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
55611
x-xss-protection
0
server
sffe
date
Tue, 10 Dec 2019 17:58:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d3c4309c2c9fce1d"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Dec 2020 17:58:25 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/011911070201440/v0/ Frame 5BDB 		151 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js?21065311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
e4ad56bd91f08203b208a3db86c463c7952fad443a239de6454c73b7ce669657
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
35831
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
41358
x-xss-protection
0
server
sffe
date
Tue, 10 Dec 2019 17:57:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ed96f4a845755c74"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Dec 2020 17:57:49 GMT
truncated
/ Frame 5BDB 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9033e9d326a978b20ee737470c377fc363c0158404fd95b140d04e04835faf08

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
3409914271416419436
tpc.googlesyndication.com/simgad/ Frame E617 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/3409914271416419436
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ba12a8ee9971c32341f389860186a732e54cf36637f6824c439c29b08d7bda0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 18:55:01 GMT
x-content-type-options
nosniff
age
1673999
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29781
x-xss-protection
0
last-modified
Sat, 14 Sep 2019 00:27:06 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 20 Nov 2020 18:55:01 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame E617 		0
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstTM83mrLaC3vv7POTYdnf0NMzLy4FkWXGX1AuAVIgH4hxMpmsIoTAZkENtHKOjDJDp0LrEe_rnH5BYAykhvb1WMNIZ0l6mXKcSGOkmoIQ2bjvCHjj51CN1dMrIgVQFxplcZFiO8-xybDBWZ8x4QTfPH5ewQqGkLHCJldAWWmpZYBo576yrQuLXAE9OBeqRV9fR9ETAf6iX3_ikeL0QeZ8cbDUGhFKIqOi8Yz1d3juFMCi6dPBys90OgSV3Z6qqFkHOKSB4&sai=AMfl-YRY2GQLTqi-H-ECOLPSaxuc9GNp27R8BT2EAtclkUonInY7iuksTuQNgl0ZWfKT7HUsq_D7Eh81GkY-UrvYpkJbMLBtWtJLahpgTm4b_g&sig=Cg0ArKJSzAeck-HNnG7tEAE&adurl=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 11 Dec 2019 03:55:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=1846661051017011&r=300x250&w=300&h=250
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 11 Dec 2019 03:55:00 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
4697575992943871195
tpc.googlesyndication.com/simgad/ Frame F675 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/4697575992943871195
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
73ff3f1e5637a839bd7e41cb4251b459f3df299694aa0d586719cb1a52a2ff0a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 20 Nov 2019 11:50:38 GMT
x-content-type-options
nosniff
age
1785862
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
45046
x-xss-protection
0
last-modified
Thu, 02 Aug 2018 19:56:34 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 19 Nov 2020 11:50:38 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame F675 		0
278 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss4qOzwB3UFkiDjxYXO2oxcZUr2obgnVde_jsqaEcgPvoogeUgsapYIDD1Uaz7N297rykqSGwRxWHWgUbRaqOve-Dr9T4SdZgA7Z2_349RuREXyXptmxJEF_4SAIOof3CYlxd7DTavOll9AS0wr2P4bwsp57XElCes0MBuiesXg8FDfkzZHkfb060b48PRbJpDFHDNYf9HkUctQ_sDbnpI_JlOnzkLss7nprg37vQzI-3d4-RQ7P6m8oJSPg-sGaJ37JneC&sai=AMfl-YSN2BxzqTYyIc1TmyIi_LeGGK2jNv7LtO34Dk2sD-GTL1GojDTj51uDzY9yJ2971FyJ3FestDaISVdgfRtsh5-NtCAf-j0RZgWovIt66A&sig=Cg0ArKJSzMtXJfJvMJQ5EAE&adurl=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 11 Dec 2019 03:55:00 GMT
2485239255674101961
tpc.googlesyndication.com/simgad/ Frame 5BDB 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2485239255674101961
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
bcbb9237d68f426ee0eb18f5b24b249d26d0b9fece09fbae9344158bb851b5d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 24 Nov 2019 10:43:22 GMT
x-content-type-options
nosniff
age
1444298
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
32902
x-xss-protection
0
last-modified
Sat, 14 Sep 2019 00:28:15 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 23 Nov 2020 10:43:22 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 5BDB 		0
254 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssi8ghcqP0By6Q8XLhzqTkoU9Uq3rf0MXM4WIi9H5mAa3QMZumH1hEdafm_I5r8gVBeaF7nuUDZqzBqc7aidb4xAFgzBpWSYAUBNW-xSmwyiSp5IkcwQa3VK8z1cvhKrkhO4KDmZrZxhfnPC_8L9ivmQLyebWVpVgHlaMJltCmIGqm1TCKwxIP9vmuMCUNqNx2AUrWGexdyf1cT1OfYGte3Sxa-sQdrbtM4lVQTglWV7NI3YvTHa4Y3VE5w1KFsKAPkMltUmL8RLhU&sai=AMfl-YQlb54rfYJLMxfJFp-jlpeWgITPLXBoC2evGuxYbY7XzKlazHHwdc_SuXwPcSIlc1j9VLHkmowxGMzLNOChkbpyd_ijcCq1u6k_A1l9DQ&sig=Cg0ArKJSzFxYLDh-3J6UEAE&adurl=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 11 Dec 2019 03:55:00 GMT
widget_iframe.69e02060c7c44baddf1b5629549acc0c.html
platform.twitter.com/widgets/ Frame B964 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.69e02060c7c44baddf1b5629549acc0c.html?origin=https%3A%2F%2Fwww.secureworldexpo.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40DA) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

Content-Encoding
gzip
ACCESS-CONTROL-ALLOW-METHODS
GET
Access-control-allow-origin
*
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Wed, 11 Dec 2019 03:55:00 GMT
Etag
"4b563298f37eb3ef2a2f8897be83c714+gzip"
Last-Modified
Tue, 10 Dec 2019 23:44:55 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/40DA)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
5825
box-b736908ce6b0e933fad3a2e45df61b38.html
vars.hotjar.com/ Frame 964D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-b736908ce6b0e933fad3a2e45df61b38.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-349336.js?sv=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.85.99 Parsippany, United States, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS
pkt-ams-k1-5
Software
/
Resource Hash

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-b736908ce6b0e933fad3a2e45df61b38.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
date
Wed, 11 Dec 2019 03:55:00 GMT
content-type
text/html
content-length
808
cache-control
max-age=31536000
content-encoding
br
last-modified
Thu, 28 Nov 2019 17:38:31 GMT
etag
"ed7551919779fd07dbfe6d776c643379"
section-io-origin-status
200
section-io-origin-time-seconds
0.026
vary
Accept-Encoding
accept-ranges
bytes
section-io-id
6f175a142c1747ba407f0c48c98e8ae4
xd_arbiter.php
staticxx.facebook.com/connect/ Frame DBC3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://staticxx.facebook.com/connect/xd_arbiter.php?version=44
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=21dec5bcd6564460218ff5628e81417f&ua=modern_es6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter.php?version=44
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
content-type
text/html; charset=utf-8
expires
Wed, 09 Dec 2020 23:14:36 GMT
strict-transport-security
max-age=15552000; preload
content-encoding
br
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cache-control
public,max-age=31536000,immutable
x-fb-debug
MkfjcRXJE+THBTvGb17X9C8KP4uTRgDpCpJdMr5uhW90ZuU1IPLYRa1L+fMTJiFLDmfa6l9oFLbjE0b4hzrOKg==
content-length
12404
x-fb-trip-id
420120009
date
Wed, 11 Dec 2019 03:55:00 GMT
alt-svc
h3-24=":443"; ma=3600
p.gif
p.typekit.net/ 		35 B
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.typekit.net/p.gif?s=1&k=cfm6mzj&ht=tk&h=www.secureworldexpo.com&f=24349.24352.24354.24355.27887.27970.28026.27954.27958.28025&a=657783&js=1.19.2&app=typekit&e=js&_=1576036500459
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:eb:1af::19fd , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 11 Dec 2019 03:55:00 GMT
Last-Modified
Mon, 21 Oct 2019 19:03:10 GMT
Server
nginx
ETag
"5dae00ee-23"
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
35
Expires
Thu, 12 Dec 2019 02:59:44 GMT
api.js
www.google.com/recaptcha/ 		797 B
585 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
62d3cbc2b344c97501046a7684cc86e2574a6879f137115457b72fd8d2393071
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
489
x-xss-protection
1; mode=block
expires
Wed, 11 Dec 2019 03:55:00 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn/ 		254 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
c2cca14e4dbf2994f90b91ef01ec4d6eb6b560b429d028317d624d9b5f4bdcb0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 09 Dec 2019 17:50:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 09 Dec 2019 05:03:14 GMT
server
sffe
age
122685
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
92878
x-xss-protection
0
expires
Tue, 08 Dec 2020 17:50:15 GMT
3409914271416419436
tpc.googlesyndication.com/simgad/ Frame E617 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/3409914271416419436
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ba12a8ee9971c32341f389860186a732e54cf36637f6824c439c29b08d7bda0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 18:55:01 GMT
x-content-type-options
nosniff
age
1673999
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29781
x-xss-protection
0
last-modified
Sat, 14 Sep 2019 00:27:06 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 20 Nov 2020 18:55:01 GMT
4697575992943871195
tpc.googlesyndication.com/simgad/ Frame F675 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/4697575992943871195
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
73ff3f1e5637a839bd7e41cb4251b459f3df299694aa0d586719cb1a52a2ff0a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 20 Nov 2019 11:50:38 GMT
x-content-type-options
nosniff
age
1785862
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
45046
x-xss-protection
0
last-modified
Thu, 02 Aug 2018 19:56:34 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 19 Nov 2020 11:50:38 GMT
2485239255674101961
tpc.googlesyndication.com/simgad/ Frame 5BDB 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2485239255674101961
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
bcbb9237d68f426ee0eb18f5b24b249d26d0b9fece09fbae9344158bb851b5d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 24 Nov 2019 10:43:22 GMT
x-content-type-options
nosniff
age
1444298
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
32902
x-xss-protection
0
last-modified
Sat, 14 Sep 2019 00:28:15 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 23 Nov 2020 10:43:22 GMT
anchor
www.google.com/recaptcha/api2/ Frame 168D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGRleHBvLmNvbTo0NDM.&hl=en&v=mhgGrlTs_PbFQOW4ejlxlxZn&size=invisible&badge=inline&cb=bz540k3gfdu7
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7izsAEYm3mks0OYStyvsfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGRleHBvLmNvbTo0NDM.&hl=en&v=mhgGrlTs_PbFQOW4ejlxlxZn&size=invisible&badge=inline&cb=bz540k3gfdu7
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 11 Dec 2019 03:55:00 GMT
content-security-policy
script-src 'report-sample' 'nonce-7izsAEYm3mks0OYStyvsfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
9050
server
GSE
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
layers.ab5cd98fe1b9a38a4a9f.js
s7.addthis.com/static/ 		263 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 18 Sep 2019 14:16:17 GMT
server
nginx/1.15.8
etag
W/"5d823c31-41b9f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Wed, 11 Dec 2019 03:55:00 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77528
bframe
www.google.com/recaptcha/api2/ Frame 8D44 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=mhgGrlTs_PbFQOW4ejlxlxZn&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&cb=dfflj6p5dya1
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-+PeoZMVZmBrX5g+pj7VquQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/bframe?hl=en&v=mhgGrlTs_PbFQOW4ejlxlxZn&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&cb=dfflj6p5dya1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 11 Dec 2019 03:55:00 GMT
content-security-policy
script-src 'report-sample' 'nonce-+PeoZMVZmBrX5g+pj7VquQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1114
server
GSE
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
loader-v2.js
www.secureworldexpo.com/hs/cta/ctas/v2/public/cs/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&__hsfp=2430194794&__hssc=133074001.1.1576036500798&__hstc=133074001.297c38008896df2b0b3723ad1224fece.1576036500797.1576036500797.1576036500797.1&canon=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&hsutk=297c38008896df2b0b3723ad1224fece&pageId=10855193339&contentType=blog-post&pg=5b11748c-d8d9-47fd-b704-d273971b3380&pid=2221756&sv=static-1.209&lag=571&rdy=1&cos=1&df=a
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e671859bade288ad05e0b7bbe85abf69cd79bab9c16b6efff1efbd2b3810e4c4

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
content-encoding
gzip
cf-cache-status
MISS
server
cloudflare
x-trace
2B314444A90A7055BDA018F771240CEF28D82CDC15000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
543485420ebecbc8-VIE
content-length
2424
x-robots-tag
noindex, follow
__ptq.gif
track.hubspot.com/ 		45 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1576036500800&vi=297c38008896df2b0b3723ad1224fece&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
543485421f485946-VIE
content-type
image/gif
content-length
45
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=de00eec1-d1e4-4ed7-92a5-513850f7168f&fci=d871e023-e0fc-42f7-948f-b704a925350a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1576036500802&vi=297c38008896df2b0b3723ad1224fece&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
543485421f495946-VIE
content-type
image/gif
content-length
45
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=f9c697eb-4f35-4c94-a6fd-0f0abceafced&fci=aa481017-f9ff-47f9-8640-2c75c40f3ff7&ft=4&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1576036500803&vi=297c38008896df2b0b3723ad1224fece&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:00 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
543485421f4a5946-VIE
content-type
image/gif
content-length
45
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%225b11748c-d8d9-47fd-b704-d273971b3380%22%2C%223421d639-a5fd-4eaf-9f96-d0a7d7573a86%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1576036501000&vi=297c38008896df2b0b3723ad1224fece&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:01 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
543485434f865946-VIE
content-type
image/gif
content-length
45
x-robots-tag
none
cta-loaded.js
www.secureworldexpo.com/hs/cta/ctas/v2/public/cs/ 		0
149 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2221756&pg=5b11748c-d8d9-47fd-b704-d273971b3380&lt=1576036500228&dt=1576036500799&at=1576036501010&ae=1&sl=1&an=1
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:01 GMT
cf-cache-status
MISS
server
cloudflare
x-trace
2BA68E9E6E3D0D9F99A6E4DF5310BEAD35F1D85B2B000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
status
200
cache-control
no-cache, no-store, no-transform, max-age=0
access-control-allow-credentials
false
cf-ray
54348543586bcbc8-VIE
x-robots-tag
noindex, follow
truncated
/ 		443 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
activeview
pagead2.googlesyndication.com/pcs/ Frame E617 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu7TsIQpUDKNp6_8YZ_xRsl8mkaXg5BwblBneb2O21PuHWmfKSKSbDSfwGT_qF0LuplFMNBJx4zadThlxrX2DUz9SbtVFiG04-bqIiNxLI&sig=Cg0ArKJSzFZno0FGu497EAE&id=ampim&o=1037,647&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=177&tls=1177&g=100&h=100&tt=1177&r=v&adk=615754453&avms=ampa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 11 Dec 2019 03:55:01 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 5BDB 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstziXMj3d0_Ci-szziJ11tdgRHmDG6O-4alKLntUXSUaly4rJpqv3XRBxX-QpkQSZ5kfrc9-dQOw4Xgx-DKZG0EZQmXLHBZyjbOW6JlW44&sig=Cg0ArKJSzPnU2v6aSgHwEAE&id=ampim&o=308,115&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=157&tls=1158&g=100&h=100&tt=1158&r=v&adk=2061276719&avms=ampa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 11 Dec 2019 03:55:01 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
perf
www.secureworldexpo.com/_hcms/ 		2 B
389 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/_hcms/perf
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
application/json

Response headers

cf-ray
54348554b8b0cbc8-VIE
date
Wed, 11 Dec 2019 03:55:03 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-trace
2B32A49F36A39A496273912ADC8DCE176A24034584000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
status
200
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
content-length
2
json
forms.hubspot.com/lead-flows-config/v1/config/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=2221756&contentId=10855193339&currentUrl=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fa05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
633a4ba866cb6b207a64c4fbb3696179a1e255ff8578b7d7a4009557acb376f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Wed, 11 Dec 2019 03:55:10 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
cf-ray
543485807d54cbac-VIE
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.secureworldexpo.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
__ptq.gif
track.hubspot.com/ 		45 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=16&fi=ddf8f101-3ef8-40f5-b822-072637c16780&lfi=313458&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1576036510933&vi=297c38008896df2b0b3723ad1224fece&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Dec 2019 03:55:10 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
543485816e1d5946-VIE
content-type
image/gif
content-length
45
x-robots-tag
none

Verdicts & Comments Add Verdict or Comment

158 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery function| hsjQuery object| _hsq object| Typekit function| hj object| _hjSettings function| gtag object| dataLayer object| __core-js_shared__ object| Sslac object| IN function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry function| imagesLoaded object| Handlebars boolean| stickySideCTADisplayed object| jQuery171010745153992183853 object| googletag object| gptAdSlots object| google_tag_manager object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken function| stickyHeader string| GoogleAnalyticsObject function| ga object| featuredTopics function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| google_tag_data object| gaplugins object| gaGlobal object| gaData number| google_srt undefined| google_measure_js_timing boolean| google_noFetch number| __google_ad_urls_id number| google_unique_id object| google_reactive_ads_global_state object| hbspt object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage undefined| module_2866626 function| i18n_getmessage function| i18n_getlanguage object| hsCommentListing function| hsPopulateCommentsFeed function| hsPopulateCommentFormOnFormReady function| hsPopulateCommentFormOnFormSubmitted function| hsPopulateCommentFormGetExtraMetaDataBeforeSubmit function| hsOnReadyPopulateCommentsFeed object| globalRoot function| hns object| hubspot object| __hsRoot object| hspreserve undefined| React undefined| reqwest function| OutpostErrorReporter function| hmerge undefined| ReactDOM undefined| require undefined| requirejs undefined| module undefined| bootstrap object| HSFR function| hs_reqwest_0 function| hs_reqwest_1 object| hsVars string| _linkedin_partner_id object| _linkedin_data_partner_ids object| addthis_share object| addthis_config function| jsonp_1576036500269_23826 boolean| __@@##MUH object| FB function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| lintrk boolean| _already_called_lintrk object| __google_ad_urls object| ampInaboxIframes object| ampInaboxPendingMessages object| google_image_requests object| __twttrll object| twttr object| __twttr object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP object| _paq boolean| _hstc_loaded function| hsRecaptchaLoadCallback number| RECAPTCHA_INTERVAL object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client object| recaptcha object| closure_lm_435115 object| _atw function| defineProperties object| leadflows boolean| popupPoliceActive function| hns2 undefined| jade undefined| I18n undefined| hubspot_mailcheck undefined| Pikaday undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN boolean| _hstc_ran string| __hsUserToken number| expireDateTime string| default_css string| cta_css string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks number| len

9 Cookies

Domain/Path Name / Value
.secureworldexpo.com/ Name: _hjid
Value: 795c8359-a1d2-46f5-b974-f07f67e8e5aa
www.secureworldexpo.com/ Name: __atuvs
Value: 5df06894d43d66f4000
www.secureworldexpo.com/ Name: __atuvc
Value: 1%7C50
.secureworldexpo.com/ Name: _gat_gtag_UA_29110626_1
Value: 1
.secureworldexpo.com/ Name: __gads
Value: ID=886f0fed135bd117:T=1576036500:S=ALNI_Maiqh1b7tlkntUfAsmpM2D1qD7cwQ
.secureworldexpo.com/ Name: _gid
Value: GA1.2.891731036.1576036500
.www.secureworldexpo.com/ Name: __cfruid
Value: 14ff1e2f83d26117d60fd416ad2ab0f5c0f96c46-1576036500
.secureworldexpo.com/ Name: _ga
Value: GA1.2.887001811.1576036500
.www.secureworldexpo.com/ Name: __cfduid
Value: d09de3eeeb1cf06c8ed11d1302f96cbc51576036499

3 Console Messages

Source Level URL
Text
console-api info URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js(Line 411)
Message:
Powered by AMP ⚡ HTML – Version 1911070201440 https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
console-api info URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js(Line 411)
Message:
Powered by AMP ⚡ HTML – Version 1911070201440 https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
console-api info URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js(Line 411)
Message:
Powered by AMP ⚡ HTML – Version 1911070201440 https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
api.hubapi.com
cdn.ampproject.org
cdn.jsdelivr.net
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
forms.hubspot.com
js.hs-analytics.net
js.hsleadflows.net
no-cache.hubspot.com
p.typekit.net
pagead2.googlesyndication.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
s7.addthis.com
script.hotjar.com
securepubads.g.doubleclick.net
snap.licdn.com
static.hotjar.com
staticxx.facebook.com
stats.g.doubleclick.net
tpc.googlesyndication.com
track.hubspot.com
unpkg.com
use.typekit.net
v1.addthisedge.com
vars.hotjar.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.secureworldexpo.com
z.moatads.com
147.75.101.51
147.75.33.111
147.75.85.99
172.217.23.98
2.21.36.164
2.21.38.40
2606:2800:133:7403:4a68:7eff:710b:1ddf
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700::6810:7daf
2606:4700::6810:fa05
2606:4700::6810:fd05
2606:4700::6811:4004
2606:4700::6811:4104
2606:4700::6811:44b0
2606:4700::6811:84b4
2606:4700::6811:cbcc
2606:4700::6811:e9cc
2606:4700::6811:f4cc
2a00:1450:4001:808::2008
2a00:1450:4001:814::2002
2a00:1450:4001:816::2002
2a00:1450:4001:81b::200e
2a00:1450:4001:81f::2003
2a00:1450:4001:820::2001
2a00:1450:4001:825::2001
2a00:1450:4001:825::2003
2a00:1450:4001:825::2004
2a00:1450:400c:c00::9b
2a02:26f0:eb:1af::19fd
2a02:26f0:eb:3a3::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a04:4e42:3::621
2a05:f500:10:101::b93f:9101
2a05:f500:10:101::b93f:9105
95.100.67.47
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
01238c0b3d70f0c96d84be0f867fd8e55c97a1545345310f7ca35feabd685915
0245a67f3945987d2e2f58174d7eb20223f197367797688f1553e87ee383c685
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
04a7f69900ec09547b919c8a44e52a13933b9e4de1ebd97337d037f48e2b0209
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
09f439b49fd8ccd1abd10c152ca30c78bb690ecd5f0e556eb01a08f352a14158
1008ae8c93c140845bf5bfa6d0c6e0a048ff8906a4fa0081196fd99f1613f65a
105580db30d3915f2122d4e07a985c069478dd6f64e25d58ff3bf4c6ba7d9200
16c387cb1f0e7daac69f16408a334a4301300f4b62b1bc224d70b164155a6928
1e54331d7158f9a0abb6782f264ae9461fa13459fd6062ffabe1dd26c35ce1e0
22824fe13f4f30dd81e278c927464ddf7888c554f1fe5d35c9dc1b84cfd38de9
2a745527bcbac6d00f8010a94516ce54cf574bb6347e95659910d8598cf4f2cc
3121654d547b73efc2d57bfe186968625b9955660891bfeb43248eb3f3ba5dbd
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
348f4dd27f5bce30f5bb1ca0139d7b87249fb30aad77431cd22c25e53991361d
3aef1fcf1a2eae7be06e1aec6d79c322385f74fb3e284428679e46af3b49a0b2
3c82ee60664a2e794f5085023f75a11a962ace069300ab54b13332b6a2b49272
3e7ae196488d11c550b2c2bdda02ab66d9b30d9ce3428175816fc7529d417b55
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
45d8a712ca77cd325fcaaf66940adab8fc7d87692dfab6795f4fe8af5761bbc2
487a1c1be7c36bf6d6263d1f0b698d2efab5b4a7d1c0e258a8d6f6ab2bccbbb5
4b09b9b5fb3b33a07770b98af0dad52a7d522102bd8414df2e558a6cf6f7845d
4fe02c4eb93ca44809f5c71605bfaaf4fca2007b17eea829b0d3a59fd9314bb8
51ccb84a0673c43c2b479d6d1b9065ff1275c01c93ab5d4274ddb469661cfcf8
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
59ec733cb38ee1c685cda9409cc5502f2ea47dd072f70b30146f5494dbe32ba8
5f982f91c6508edb5cbc2bde7417645eddc564172c93cd0c8d0ef4f4948c7b15
62d3cbc2b344c97501046a7684cc86e2574a6879f137115457b72fd8d2393071
633a4ba866cb6b207a64c4fbb3696179a1e255ff8578b7d7a4009557acb376f7
642f2738797c63f62ee9ad695e4925e4d1e80c1724d5d75a68c4cbcd7a6a92c2
73ff3f1e5637a839bd7e41cb4251b459f3df299694aa0d586719cb1a52a2ff0a
75b857fc1e6ed070dffbbbf67e18a4e99ff49d805f5a924a0417ff0138ddf6d8
78613a6e5bab939b078feae691fb0661e2b2671dcce1b1be66517203b2a7b3b1
7a52d4e3f541e459f9069f6f596242684704eeaca5a95f05285d16e2e609927d
7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4
7cb83b420a56223fdb308d5756d06d6112a639d9d592758a5cc82b5da81b86eb
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
866a1264b956a58da8e640a6191453d62f20d8676f63f193d2786318f83f6422
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
9033e9d326a978b20ee737470c377fc363c0158404fd95b140d04e04835faf08
96abf166b3cbb5f7df525d86fdeeeccea4af3c120b19bc26b0613530a94e8b44
9a55c02888038e59252778d81b592f942ea904c3dca19f539e3376b4a0a0c6b2
9a8ff50036f20394f742977e90d27f633f8fbad3fe3778aaecb3b542671344bc
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9e7e1ec94cb98f8ee2f2f9d4549030b15bf4198419cfab1b5eab13c13ecf26ff
9f4ae93de936fb5a15eec738abbb037cd8e5cc4e632a383701ad6d65462a432c
ab449241b50123673e76dbcd70f869ae11d26920f0ce1670fdfd266308058179
b1e1b7aa534882af2611627bea86667e9aa6382f1afaf501c92d52cfe800f9a1
b461435a1846fe9fa247cf6906c104b6540f46edae3b66ecd13d36e6c61376e8
b6256adff5493964d90999cd3c34a8c1314cbd0572bbecb1dd73db436af1f50a
ba12a8ee9971c32341f389860186a732e54cf36637f6824c439c29b08d7bda0f
ba9b45bb0dae052dfa016312364839c1fe3001edaf01d24c5f83a85ce6559224
bcbb9237d68f426ee0eb18f5b24b249d26d0b9fece09fbae9344158bb851b5d5
c2cca14e4dbf2994f90b91ef01ec4d6eb6b560b429d028317d624d9b5f4bdcb0
c788eb6f164f76552b96cd75349f0a88b81be7472775a19f74436d711153a237
c81a3428c383ad677051cd33d0f5a60072918d4a234860721386931e3dc4412e
c92b3367b5fe4043730b6978e65a2cfbe6c0fa7a2eeadf0e904435aa9354877f
cb84dfde92c3f516c917d8b8a714cbedcb98908c2ca54c47f2eb27cc712ec39e
d096836c66515e5ce415b57c5e2f19847ff367a41033463774291867b258ab7e
d0f8dc01b870f4220bb68c5ece91eb9aa5d2b459d84ae795567d9b068184bc54
d1e54f3fe3290ecc4c8474d7bee91ecdb173921702de9a8f127ac28a18bacdcf
d2706e604d16b9785e1a98e631df92c3402eb93e3d8160b6b0959f28d132e3ce
d64807919e69f57d50f4894ab8eba5d89cfde9dc37895fbd0f136aa779fe29e1
d7ac2143db4b55bb491d0942494a9cecb601c3001e67a868ef99ee1f7ce5d3a9
db395128dd116cef7513746c475c6ae953a98db6f4b189f89b50ae0de8d00019
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcb769d61497a5dce38c3348ae7c237fd9be1942f7c042911d704717c1605ff9
e2f51f1bafd3338c5b79c08e0c297dd0eaf93b474b533060c5f1f49d74af858d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ad56bd91f08203b208a3db86c463c7952fad443a239de6454c73b7ce669657
e671859bade288ad05e0b7bbe85abf69cd79bab9c16b6efff1efbd2b3810e4c4
e745d03a8319e05b2b0688e432483e7ede543e76fb7e5d8b0a3df27e25a986c6
e85e480856bd1bfc6c8f2782e1cffcb33b19837fcbc24cc8b25ed969d30bbd11
eb40924d40106287255b0142fc4efbd597edc8fbcdb79685f7d1e096d53bc1c4
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
eddf849cf62612e5e4562a7cdc14184f9b62ff3ce9304d9cb6c2f3a0b56f8efc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f93d1d7d700f850328abfcc87e394dfb26fe1183249925434f8870fba994bc96
ff499634fbd1bb5508090af0449aab64d40cb5299dbd1c2e482ad4bb168e1b17
ff6a67b5b4c91cf683b9168393ce7aa41d64326a40b928809cdf7e15d0b3c8b8
fff0df5e9d8db0b89d72d4f0f069cac9e433c0bebb3459be242f408199734365