www.secureworld.io Open in urlscan Pro
2606:2c40::c73c:671e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Effective URL:
https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Submission Tags: falconsandbox
Submission: On April 04 via api (April 4th 2022, 1:46:50 pm UTC) from US — Scanned from DE

Summary HTTP 145 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 40 IPs in 4 countries across 30 domains to perform 145 HTTP transactions. The main IP is 2606:2c40::c73c:671e, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.secureworld.io. The Cisco Umbrella rank of the primary domain is 675129.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 17th 2021. Valid for: a year.

This is the only time www.secureworld.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 30	2606:2c40::c7... 2606:2c40::c73c:671e	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
11	2a02:26f0:f7:... 2a02:26f0:f7::5c7b:e031	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
4	2606:4700::68... 2606:4700::6811:f2cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	23.210.252.167 23.210.252.167	16625 (AKAMAI-AS) (AKAMAI-AS)
7	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:b649	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.9.66.112 65.9.66.112	16509 (AMAZON-02) (AMAZON-02)
1	104.102.30.13 104.102.30.13	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	99.86.7.26 99.86.7.26	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6810:5605	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:ef:... 2a02:26f0:ef::5c7b:c25a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:cccc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
1	108.157.4.53 108.157.4.53	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:ef:... 2a02:26f0:ef::5c7b:c24c	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
12	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:46b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e8cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.250.211.64 34.250.211.64	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:5505	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
145	40

30 2606:2c40::c73c:671e (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.secureworldexpo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.secureworld.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:26f0:f7::5c7b:e031 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:f2cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7daf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.252.167 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-252-167.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:b649 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-112.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.102.30.13 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-30-13.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.7.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-26.fra6.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5605 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ef::5c7b:c25a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cccc (United States)

ASN13335 (CLOUDFLARENET, US)

api-na1.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

309ab07c9e8b47bab20db4a568d65e05.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-53.dus51.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ef::5c7b:c24c (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:46b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e8cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.211.64 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-211-64.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5505 (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	secureworld.io www.secureworld.io — Cisco Umbrella Rank: 675129	773 KB
19	googlesyndication.com 309ab07c9e8b47bab20db4a568d65e05.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 125 pagead2.googlesyndication.com — Cisco Umbrella Rank: 98	309 KB
14	gstatic.com www.gstatic.com fonts.gstatic.com	557 KB
12	typekit.net use.typekit.net — Cisco Umbrella Rank: 497 p.typekit.net — Cisco Umbrella Rank: 605	145 KB
9	google.com adservice.google.com — Cisco Umbrella Rank: 76 www.google.com — Cisco Umbrella Rank: 7	84 KB
9	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193	145 KB
7	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 11487 app.hubspot.com — Cisco Umbrella Rank: 6633 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 12313 track.hubspot.com — Cisco Umbrella Rank: 2427	6 KB
5	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4981 perf.hsforms.com — Cisco Umbrella Rank: 10586	6 KB
5	linkedin.com 3 redirects platform.linkedin.com — Cisco Umbrella Rank: 3722 px.ads.linkedin.com — Cisco Umbrella Rank: 385 www.linkedin.com — Cisco Umbrella Rank: 595 px4.ads.linkedin.com — Cisco Umbrella Rank: 4868	162 KB
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 624 script.hotjar.com — Cisco Umbrella Rank: 958 vars.hotjar.com — Cisco Umbrella Rank: 1008 in.hotjar.com — Cisco Umbrella Rank: 1743	66 KB
4	addthis.com s7.addthis.com — Cisco Umbrella Rank: 1506 m.addthis.com — Cisco Umbrella Rank: 1443	217 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 169	136 KB
4	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 7397	8 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2344	16 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 579 syndication.twitter.com — Cisco Umbrella Rank: 828	133 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 136	84 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 229	77 KB
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 896	2 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4515	87 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2338	20 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8069	792 B
1	hubapi.com api-na1.hubapi.com — Cisco Umbrella Rank: 25764	795 B
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 1706	873 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 938	3 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 39	349 B
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 374	1 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6987	145 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 431	22 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 70	65 KB
1	secureworldexpo.com 1 redirects www.secureworldexpo.com	811 B
145	30

	Domain	Requested by
29	www.secureworld.io	www.secureworld.io
12	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
11	use.typekit.net	www.secureworld.io
9	www.gstatic.com	www.google.com www.gstatic.com
9	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.secureworld.io
8	www.google.com	securepubads.g.doubleclick.net www.secureworld.io www.gstatic.com www.google.com tpc.googlesyndication.com
6	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
5	fonts.gstatic.com	www.google.com
4	track.hubspot.com
4	perf.hsforms.com	www.secureworld.io
4	www.googletagservices.com	www.secureworld.io securepubads.g.doubleclick.net
4	cdn2.hubspot.net	www.secureworld.io
3	js.hs-banner.com	www.secureworld.io js.hs-banner.com
3	s7.addthis.com	www.secureworld.io s7.addthis.com
2	px.ads.linkedin.com	2 redirects
2	platform.twitter.com	www.secureworld.io platform.twitter.com
2	connect.facebook.net	www.secureworld.io connect.facebook.net
2	cdnjs.cloudflare.com	www.secureworld.io cdnjs.cloudflare.com
2	unpkg.com	1 redirects www.secureworld.io
1	in.hotjar.com	script.hotjar.com
1	js.hsleadflows.net	www.secureworld.io
1	js.hs-analytics.net	www.secureworld.io
1	syndication.twitter.com	platform.twitter.com
1	px4.ads.linkedin.com	www.secureworld.io
1	www.linkedin.com	1 redirects
1	p.typekit.net	www.secureworld.io
1	vars.hotjar.com	static.hotjar.com
1	309ab07c9e8b47bab20db4a568d65e05.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	cta-service-cms2.hubspot.com	www.secureworld.io
1	api-na1.hubapi.com	www.secureworld.io
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	app.hubspot.com	www.secureworld.io
1	snap.licdn.com	www.secureworld.io
1	forms.hsforms.com	www.secureworld.io
1	www.google-analytics.com	www.googletagmanager.com
1	script.hotjar.com	static.hotjar.com
1	z.moatads.com	s7.addthis.com
1	static.hotjar.com	www.secureworld.io
1	js.hsforms.net	www.secureworld.io
1	no-cache.hubspot.com	www.secureworld.io
1	cdn.jsdelivr.net	www.secureworld.io
1	platform.linkedin.com	www.secureworld.io
1	www.googletagmanager.com	www.secureworld.io
1	www.secureworldexpo.com	1 redirects
145	47

This site contains links to these domains. Also see Links.

Domain
info.secureworld.io
www.ncsc.gov.uk
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
www.secureworldexpo.com
www.addthis.com

Subject Issuer	Validity	Valid
www.secureworld.io Cloudflare Inc ECC CA-3	`2021-07-17` - `2022-07-16`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2022-03-07` - `2023-04-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2021-09-10` - `2022-09-10`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2021-06-04` - `2022-06-03`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-03` - `2022-07-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-11` - `2022-04-11`	3 months	crt.sh
platform.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-29` - `2022-07-29`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2021-06-07` - `2022-06-06`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Frame ID: 04CFCB2356C98047AB57242895E861E2
Requests: 95 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: B1B7FAAC52397AE9438D3F121D40F7C6
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 047563E110EC2BA1BF7EC9521481A8CD
Requests: 1 HTTP requests in this frame

Frame: https://309ab07c9e8b47bab20db4a568d65e05.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9D338804748AD641ED66ED92AE2C8836
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: C76E177DE3E9BCC33CB63E1E4B291C8C
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.0af76c3310098d2f8f428367b62351b8.html?origin=https%3A%2F%2Fwww.secureworld.io
Frame ID: 3119E1C5BF491DE2A9820640235D8BCE
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuI0kb2wVYa67Ce_WPXUK68p90GAfa27NpJpVltfgz8PSARzr5Fx9nZ8jI9w533p0VNc9W5fLyXSE5TjUElVYaNBdd_ey0g2gRhU4855tPRWGkgcUd3oY-HgosmHEBwp1HqXMbdLV8A17ASv8R673IcxFE_nixGqE54jHFK8bTeUeUmLSwo81742Tx4-0_PBJFO0aqtOdImhKJI8m0-T7lNHTG8MgBW4aaTupOR914CWuy6Q0dc3FpOSnk6E78waz_6dcJv2RlVDbDTSysxYfJowguk3f2Yr0MP4U1I9KxH-NCUQic&sai=AMfl-YSZV-HfSH6uDXuZfwYx-G1rzYSxFxodJj9QwDVBeV4tfqKEBA1w2tM-gv-vPjswIhGi4in8WHKmy9vdKt-pTrV04jE33LrnlK27BeGjn_YWtqRcdU7jDPnJPzRYPNMv&sig=Cg0ArKJSzMIoVbiY50LqEAE&uach_m=[UACH]&adurl=
Frame ID: 51197A1F65B5AC0FA004DC36544610B3
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvCD52hU2vbZ6OwHO1PGmXpzBPJsPhBLhyKoGnspJsGQhgJcNmTFaNsksm8iqdnLhi4ZyjzjsSRUIw0nTFRiG8p-mZr1Jkw4OlJnWP-qUJCnkGGmZTxba9j576DBFqDpoKeQxEQkKiD54hx0cBPBaAd9RJK0mpX-ypAp5wMbd9zk--Y58_UF5HCCIYOoO5mfO0W4RYYAbhE4dwfekpcciInCq9r-O7wXMqEBhz2ha6X49xu_L7AjfJw-OEOYwn6cpOc3rR2H8bmovZjh_MwyM8hvPYihTNUuCkYHuvu1Mq-REGbLkw&sai=AMfl-YR9N_NvWnOXUpCdYaYj_J-8vDoqzFG7jXdzHyx1VfLSLYM2cgRf23oopEULLSaA46BNdGdQH16amqCQP6uWGOGIBo55aQgEkotZHWfrBhhKay6RMWmNG-Fe6nyZDNDP&sig=Cg0ArKJSzL__Pnn4JNitEAE&uach_m=[UACH]&adurl=
Frame ID: 8AC3BCD81AE9694A11945071DFC37807
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsslI8iuk7UM3mMqFQAC5xFC5y0lH60vOe07dN4BR1j0HDftR25IxO8nZgFrvALzK5MJwmeSVD7RsRu2ajJviBrCWoOZR8G4LSkW3ISoFOKgNxz_hGxmYlj6eNSTv_BBembFGmQmU36bWb8CRHwsDSXLADmZbUwQEQ8t0gakOYhpZGu4-QjEnO76_rXgKe6nFbUBdwap9vcIT1N5xOTUKy7Xq_FVD9wUxT4uv9_Fi_OX8ROb31aIZk0sa8ewnxEuiTK6x6XWWHxyla2kvQBfvwjw41R_rU7CwIkEDQC4Ggl2yt3G_hbsiHD5&sai=AMfl-YShcsbFPeGRTP5XmJEpjY5xWRc9LQPrnqG_yQ007ro-nS1QqXbXT8Kl1kjs-UeyslPnQBvJoIcM3EDcSssm-QC5rkmg7UH4fTg3VTy1ny4JTQ1NsB5H1gZw1V4nZC11&sig=Cg0ArKJSzP1IslGT5iyeEAE&uach_m=[UACH]&adurl=
Frame ID: D84B7B7FF913167A0861C1A93EBC5A92
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGQuaW86NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=invisible&badge=inline&cb=q2r62yu1u6br
Frame ID: B5D6844AFE796892293501FBE6E0C53C
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: 8D523E62112FE2781A5FE625B82CEC01
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 73EDB78B54161483675AF6D8CDE39EE0
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C4FFC09F1E917E8322B7A16C1B83E6AE
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Special Security Advisory: 'Ryuk Ransomware Targeting Organizations Globally'FacebookTwitterLinkedInEmailPinterestLinkedInFacebookTwitter

Page URL History Show full URLs

https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works HTTP 301
https://www.secureworld.io/industry-news/how-ryuk-ransomware-works Page URL

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Handlebars (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

handlebars(?:\.runtime)?(?:-v([\d.]+?))?(?:\.min)?\.js

AddThis (Widgets) Expand

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

145
Requests

98 %
HTTPS

75 %
IPv6

30
Domains

47
Subdomains

40
IPs

4
Countries

3271 kB
Transfer

8250 kB
Size

25
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://info.secureworld.io/conference-sponsorship-2021
Title: Become a Sponsor

Search URL Search Domain Scan URL

URL: https://www.ncsc.gov.uk/news/ryuk-advisory
Title: Ryuk ransomware targeting organisations globally

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SecureWorld.io

Search URL Search Domain Scan URL

URL: https://twitter.com/SecureWorld

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/secureworld-io/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/SecureWorld

Search URL Search Domain Scan URL

URL: https://www.secureworldexpo.com/industry-news/rss.xml

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image
Title: AddThis

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works HTTP 301
https://www.secureworld.io/industry-news/how-ryuk-ransomware-works Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js HTTP 302
https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js

Request Chain 74

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&time=1649080002053&url=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D651962%26time%3D1649080002053%26url%3Dhttps%253A%252F%252Fwww.secureworld.io%252Findustry-news%252Fhow-ryuk-ransomware-works%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&time=1649080002053&url=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&time=1649080002053&url=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&liSync=true&e_ipv6=AQLm9_yorw39kQAAAX_00-PwmfrL8synPLCddTGUtDASYCwQaB9gWnlBGRC7nssHwVGVTZ3tFMIGNrpskH93YWQtV5Dc7A

145 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request how-ryuk-ransomware-works Show response
www.secureworld.io/industry-news/
Redirect Chain

https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

64 KB
15 KB

1290ms
1234ms

Document
text/html

2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

39cb73a705ae61637cf463be3bce17acc2e6294982b35c7622004e4bbc1b0f1d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cf-h2-pushed: </hs/hsstatic/HubspotToolsMenu/static-1.119/js/index.js>,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>,</_hcms/forms/v2.js>
cf-ray: 6f6a7dc80a5601df-ZRH
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 13:46:39 GMT
edge-cache-tag: CT-10855193339,CG-2221756,CG-4214485368,P-2221756,L-4217464939,L-4217501659,L-4327754887,L-4453182780,CW-5767375991,E-4263571273,MENU-4263609498,MENU-4404484415,PGS-ALL,SW-0,B-4214485368,GC-27670355560,GC-42863171736
etag: W/"3b640a13d9e42d38009bb86cad3348bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Sat, 02 Apr 2022 13:27:05 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.119/js/index.js>; rel=preload; as=script,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fAHLJxm3ZSrIlOdht3HA2jMoHc8LMOsCmB%2Fh9Bbr9mp%2BoE8Xq6uVvTBkyZvJzWpDUCtrQiduVqv%2F%2FiK9V9ZsCeYbBn%2BdmnkZIX%2BVmrE%2B2uljWvZW2ROP8CSQSro3r24VfgL8lmj126BL76vcEkPSTg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=14400, max-age=0
x-hs-cf-cache-status: MISS
x-hs-combine-css: Disabled
x-hs-content-id: 10855193339
x-hs-hub-id: 2221756
x-hs-prerendered: two-phase;Sat, 02 Apr 2022 13:27:04 GMT
x-powered-by: HubSpot

Redirect headers

access-control-allow-credentials: false
cache-control: no-transform, max-age=120
cf-cache-status: MISS
cf-ray: 6f6a7dc39ee423f7-ZRH
date: Mon, 04 Apr 2022 13:46:38 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Mon, 04 Apr 2022 13:48:38 GMT
location: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W5vkRM1dk8%2FJ46j7dDRflh35d%2Fsm7Z82Pbod4nmlikGAQAjFZpkROEo4Gc%2FRm8PryeY0IKYqwaXvXrnGngj7G00OqWU%2B0lSobayNb%2FHCF1zvztUWxKLAgpBbJVA17CqBFFdFSo3K005Dol4D%2BVT%2BE5GkRieQ"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hubspot-correlation-id: 358176a5-4d7d-4568-b53b-e92d04d303c6
x-trace: 2B4A869DA91CC8DFBE783DFCF96CCEC6326941BAE4000000000000000000

GET
H2 200 index.js Show response
www.secureworld.io/hs/hsstatic/HubspotToolsMenu/static-1.119/js/ 11 KB
4 KB 59ms
0ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworld.io/hs/hsstatic/HubspotToolsMenu/static-1.119/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d9bc6dec214e0ac4562af8a3854d2d46772e46e66806ab6aed8ba22d833d0dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 eb7b239aed47669f8a7b6ac95bc8aff1.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 12001761
x-amz-server-side-encryption: AES256
cf-ray: 6f6a7dcfbfb501df-ZRH
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Mon, 15 Nov 2021 14:59:45 GMT
server: cloudflare
etag: W/"e87d0efee17e652760ab5ccd33fbc8ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xMrOPXZo9EFkxP43IwhTt3%2BoeZ0n1BrXgzaKwrZOjyR6Jg%2BmMVUzOWrB0tA6Nn4gn7TgckuMWLHwXXfYAmDUvpa2BUrc19f1GHaRvhi0lhKgwjg%2BvBdMX6bpUrjPHJf%2BxU708XJS0mL%2FsKckLbm5g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: vdFz9Y2Y_lpsefQtRnWK89fgZF54ag5p
cache-control: public, max-age=31536000
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript
x-amz-cf-id: RbMOadMHYqLnNgj-vW3wX_0QAuKylPsBaMnBCfte3ZrAZulnlMoYmQ==
expires: Tue, 04 Apr 2023 13:46:40 GMT

GET
H2 200 project.js Show response
www.secureworld.io/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
968 B 44ms
0ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworld.io/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 a2037d86ccb1a548f20827ebd95a65f3.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 29946788
x-amz-server-side-encryption: AES256
cf-ray: 6f6a7dcfbfba01df-ZRH
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1mr0b1ktASaJpOoaQnlZyz26mpAVGwkREcIpoffGU1RiSRzHzdda3greON2Y930UOayw2D%2Ffo61Mxksm%2B7Wu4Ef3Vs3NgY08yOZimp20XlsGQlp4kuPb96g%2Fn7wpswFvAkHKGM%2B1IPjT5ygWbp98sg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
cache-control: public, max-age=31536000
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript
x-amz-cf-id: _FtQhJ0FYKKZ03UeVSI2UhtzDWqZ024vR_tmaOhRpVJIljNSSkjSVQ==
expires: Tue, 04 Apr 2023 13:46:39 GMT

GET
H2 200 project.js Show response
www.secureworld.io/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 85ms
0ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworld.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 c920ea2f130edd74e94c18ea9d06d98b.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 12602414
x-amz-server-side-encryption: AES256
cf-ray: 6f6a7dcfbfc701df-ZRH
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DmSsuGL3Qh%2B8aQuftaBWC7qTdguPT7nEpUSJjgiwzyrw6KSDIPMaNjP%2F1ZiiJdsc3G9t1D1cd8r2erGKjKZM4jsuWUWmzeYLVDlidEe3N1ELcoe5ZKZqBIM%2FdahxsCuKb0CnEqsIiKoa0qA0FBl7Yw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
cache-control: public, max-age=31536000
x-amz-cf-pop: MXP63-P3
content-type: application/javascript
x-amz-cf-id: 2gNJTIM-idgpKHLRBkPzTODXhhPVIForL8zCUDBbJwgQ4EVID3ipIw==
expires: Tue, 04 Apr 2023 13:46:40 GMT

GET
H2 200 v2.js Show response
www.secureworld.io/_hcms/forms/ 567 KB
145 KB 44ms
0ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworld.io/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

25f9030845df92a93fa6f343d474aead0ea4130c7f8c5268a7e279590e3a689a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 5e1f849553b1d58615d0d8f7c044078e.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 158
x-amz-server-side-encryption: AES256
cf-ray: 6f6a7dcfbfcb01df-ZRH
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
content-encoding: br
last-modified: Mon, 04 Apr 2022 01:37:31 UTC
server: cloudflare
etag: W/"d14087d2a7074af4f4503b1dafd0e1da"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cDvrvzbr3ydVNZhw50EfV%2Ffb4VLea7pqLEwDUdD1WTqen786FanNaPERaSNP7wTD8JrF0nPnUD8icCwA4QUsnV3IXiIxIZVqqmct6y4lajy2tDhSDK%2FoXbuG5FEJxv%2B3qMPS6zDTp1BVbzm%2FWgYJuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: _Y0ZM8Bdd3POJmTqvQ1GLzIHspm7MWOT
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: SIuIxAFVLfEl66fBpZ4ExtN_fRma9jbG4pLv-D6ascVENXE5Ow9Lsg==
x-hs-target-asset: FormsNext/static-5.466/bundles/project_with_deps.js

GET
H2 200 jquery-1.7.1.js Show response
www.secureworld.io/hs/hsstatic/jquery-libs/static-1.1/jquery/ 92 KB
34 KB 60ms
58ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworld.io/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 29946634
cf-ray: 6f6a7dcfe82401df-ZRH
x-cache: Hit from cloudfront
content-encoding: br
last-modified: Tue, 25 Nov 2014 17:03:30 GMT
server: cloudflare
etag: W/"ddb84c1587287b2df08966081ef063bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JE82CoSriVa2CP1sFned9DDYgQ%2FQj1f2RbCYJdACgoHy%2B9IjUoVf%2BMcF2LFxZVygbrBlVydv19%2FMSo9EI8jKoUNIiHBuIzJBcUjTW0zgBOBRoj1gei7%2B6AkEmouOT%2BqIU0oBHyFLVKptVRoppl%2FrzA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: null
cache-control: public, max-age=31536000
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript
x-amz-cf-id: Ru68VFTv-9IIeq52N05vr6sPzSb5D-9ukRfDqIKnfzTM7RK_H3XVIQ==
expires: Tue, 04 Apr 2023 13:46:40 GMT

GET
H2 200 comments_listing_asset.css
www.secureworld.io/hs/hsstatic/AsyncSupport/static-1.122/sass/ 1 KB
936 B 49ms
47ms Stylesheet
text/css 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworld.io/hs/hsstatic/AsyncSupport/static-1.122/sass/comments_listing_asset.css

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 2fb101a75d62357647d00a936fb26d03.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 9319380
x-amz-server-side-encryption: AES256
cf-ray: 6f6a7dcfe82501df-ZRH
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"6b1d31d121f4c84e5ee3b7d7446495d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fTTn0mf2X4UbJ2sO7von2R06EtvjYieZi5%2B7IZTNbFKmYW61AZea3GDE8Ej7UEDTlTu7yETHZ9bqZBqwLODd%2BZWV5CoCxXkvfuILDPqyAYToB1HLGT8WHe9C%2B9YCoBzXYa3MAuY%2FdOw74kelhk0OgA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: LQgaE1SSZjkxZtePb5jE9vLc6kDw7LTx
cache-control: public, max-age=31536000
x-amz-cf-pop: MXP64-C3
content-type: text/css
x-amz-cf-id: Sd1FewZy6R39-qimJPgAcfh4bSkpejftQZqcpg4eRC_TBc8ww51yIA==
expires: Tue, 04 Apr 2023 13:46:40 GMT

GET
H2 200 cfm6mzj.js Show response
use.typekit.net/ 20 KB
7 KB 61ms
17ms Script
text/javascript 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/cfm6mzj.js

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

646049b438eba863e1bef299abfda2b4cc0bdcc49d62eafdb7b3d5e4d9582bbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Mon, 04 Apr 2022 13:46:40 GMT
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6970

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 176 KB
65 KB 52ms
27ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8NF3Q53WEX

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9c9f1879ad8e12cd4336ba847b407918aaf3d8f68d47c5f2f082cea2f388623c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66033
x-xss-protection: 0
expires: Mon, 04 Apr 2022 13:46:40 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 507 KB
159 KB 194ms
50ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C7A) /
Resource Hash: 182e51193ed33acca8a70f60a714c7d70e88111af48a17ba194b4c3d0dce8039

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: gzip
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 2130
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 162376
x-li-uuid: AAXb09ynKpE4E2AASP6fag==
server: ECAcc (mil/6C7A)
last-modified: Mon, 04 Apr 2022 13:11:10 GMT
x-li-pop: prod-ltx1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
accept-ranges: bytes
x-li-proto: http/1.1
x-li-fabric: prod-ltx1
expires: Mon, 4 Apr 2022 14:11:10 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1648819718818/hubspot/hubspot_default/shared/responsive/ 5 KB
2 KB 70ms
40ms Stylesheet
text/css 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1648819718818/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1648819718864
date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 260261
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FFBIFi7Dvi3rgHV%2FUXK9tYKx%2BufPjfeSFAOgdsYpeNjHLopWqIctDHGt1Xxj%2BsrbGYCIfaRNjOPnrBOzMfXITWNoXyiBfLsTW%2FRob2PkMe%2BKPxZkNXruNuVxzS3x0P%2FkXiyly1yPRjZfNYqPCEE%3D"}],"group":"cf-nel","max_age":604800}
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Fri, 01 Apr 2022 13:28:39 GMT
server: cloudflare
etag: W/"0b0c633d59ab0af9553a98c0e7d97349"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-P1
cf-ray: 6f6a7dd01c0c2397-ZRH
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 Sw-2016.min.css
www.secureworld.io/hs-fs/hub/2221756/hub_generated/template_assets/4263571273/1643491873967/Coded_files/Custom/page/Secureworld_2016/ 91 KB
15 KB 590ms
589ms Stylesheet
text/css 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.secureworld.io/hs-fs/hub/2221756/hub_generated/template_assets/4263571273/1643491873967/Coded_files/Custom/page/Secureworld_2016/Sw-2016.min.css
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4927a4e4968dd76153fed6e03848eba2ff7dcd7faff262d8dac34b73eb07424e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1643491874197
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 6f3546b6b501aaa8c1b4750231158188.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
content-encoding: br
x-amz-request-id: 12B37FSAGS5WXSHJ
x-amz-id-2: 1uturp+vEFYN3jqV+IgVyv2VLWJg+ojSHlJkyeCFqMJFYJ0cFXI9LQWvYqmJDQxkta1LE9YJ9fo=
last-modified: Sat, 29 Jan 2022 21:31:15 GMT
server: cloudflare
etag: W/"ea6a0ec2b7dca02465dad0305a7c7e03"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OrAYLTXnZz%2FKb5AAvfVzsXDeAIhkxZZwMdHEM%2FYMfC4B2wbVTaJuqFYJ07oqs3nmuhY7%2BZWpzJ0LFViGZ9khNwRc1u0ZKnpepdPQblSIv23I7pXJg%2FBZ15FgLHD%2FDJAaAbJdREfms5%2F6hvgz7x1pqw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 7PYAHQ7m8RgLvHB7laC7QZlzOrpvNZL0
cf-ray: 6f6a7dcff82801df-ZRH
x-amz-cf-id: K3kzQfMsRsnRsZ_Gk5pVFJ-z_YCkL5mOPVj7xLyT7N3MWd6UhYanPw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14

GET
H2 200 jquery.slides.min.js Show response
www.secureworld.io/hubfs/js/ 13 KB
4 KB 57ms
56ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.secureworld.io/hubfs/js/jquery.slides.min.js
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa67a538daf76559529f97da796e9009a51a542f81d858f327570243b3484f82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-53278374020,P-2221756,FLS-ALL
age: 889659
x-amz-server-side-encryption: AES256
edge-cache-tag: F-53278374020,P-2221756,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
x-amz-request-id: PM1XW9F5N7Y009CW
etag: W/"64a5aca67f4843cd18bb03814454faad"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14
x-amz-meta-created-unix-time-millis: 1629411952149
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: ZRH50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
x-amz-id-2: eu9mqQmzszOOFirewrghWg8GuWuDJVL0zKU6BfjZW/zdaUpcGI3K7OKTg6VIsvapDVzGcv9cpL0=
last-modified: Thu, 19 Aug 2021 22:26:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JMzLYG7kVoc4dPD5GEhM0bTMO7vfLwkJbXg0d1SwOxBBSJGgNCfZcvEBEoM3%2BkJwyM8ACE0MRKnnExcz79TOnI7YSRhJFhYOKnezqp%2FVIoB42A2T1Y1U%2BUE%2BOoAhEoCGMPrk3yvXRSuMZZrv2Q7pGw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: ufaJi_DQuQ8lxQZ0HuY6kwEIEa94BfZK
cf-ray: 6f6a7dcff82e01df-ZRH
x-amz-cf-id: D2RSJ-04Y2S7_N-xF-m14J_P_LY-I1OMDPGa-BRzRQfJMpPp11-WIg==

GET
H2 200 masonry.pkgd.min.js Show response
www.secureworld.io/hubfs/js/ 24 KB
9 KB 60ms
59ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.secureworld.io/hubfs/js/masonry.pkgd.min.js
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ed95c9b41f1db9e8124520c93bc86a196a2fc9db65a3e3bef9d8d7cd8592e7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-53277072953,P-2221756,FLS-ALL
age: 889658
x-amz-server-side-encryption: AES256
edge-cache-tag: F-53277072953,P-2221756,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
x-amz-request-id: 5TETET1XEMW9F8AS
etag: W/"d17c54c635681cb5922761923b91c3bc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14
x-amz-meta-created-unix-time-millis: 1629411952070
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 110750d14d1d900cd5c76d0ac872f5dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: ZRH50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
x-amz-id-2: /XMYjjS+FrSHoe7WlarXzmU30Zrt4vtWcNVQ6KPBjP2S8ojwdMH5+YlvU4B/FI2BKmGSyOMfhcU=
last-modified: Thu, 19 Aug 2021 22:26:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2B2crDaVHxvm%2B3k1bbXB38jZ7GNRMx%2BmpTdR93VoiVTGqVcqxoQiuj4qrIZ8pFUcDzHA2auaBAgvGozgdE30XpSqEM7saJJaaRqvLRLFgzCT0pc646kJObbISmqRx34B87kiUlPVxWlXjQ2JA7is8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: PIffI8TrcwBm4PSsgIPp5tkJ0iJSVZTx
cf-ray: 6f6a7dcff83001df-ZRH
x-amz-cf-id: GzcCHEK2kgn8K28OBhburbBYz45tmzZfZhYD-NDFXHY3gRMzzfJ35g==

GET
H2 200 jquery-ui.min.js Show response
www.secureworld.io/hubfs/js/ 249 KB
70 KB 56ms
55ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.secureworld.io/hubfs/js/jquery-ui.min.js
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c64cb233e25429d60c4229a0da726d38e2b09f92a1f689377d1afc0048510af3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-53276999553,P-2221756,FLS-ALL
age: 889660
x-amz-server-side-encryption: AES256
edge-cache-tag: F-53276999553,P-2221756,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
x-amz-request-id: M7TYT98TRXGQJ7N2
etag: W/"8b46618f29635cb1b7e8e9305bcb6e32"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14
x-amz-meta-created-unix-time-millis: 1629411952792
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 449f2b51e83bf8ba5fa5e65ce60bc276.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: ZRH50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
x-amz-id-2: uWXtILw0Q87iYg+wkxQF3EKudSYQL2wRsbYFwbxa7G03ldeK3iikhutQEEQlAZseBY58SZP9dPA=
last-modified: Thu, 19 Aug 2021 22:26:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=koSkR9SdWtqkNX84eTXjcv41FKOHxf2nu1aOm5gLYFrq8C4qKTc3p1zE9QzpTlSZRbtUBkRxHqWChZO4Bnr%2BVhRLUByRPHwxk43n%2F82Vhi%2BOl%2FfeKKmhpoBfh3%2B0nDUByRbOBouX2%2B6kg1JahiZB0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: WN.c4jVQk2zXfBKbis97cB7soRKN_oYj
cf-ray: 6f6a7dcff85201df-ZRH
x-amz-cf-id: LPlP3v4_7kL93N9i8DdfKtTtfCxnJu4TmnEtLdK4D_4ZChmg9c_Geg==

GET
H2

200

imagesloaded.pkgd.min.js Show response
unpkg.com/imagesloaded@4.1.4/
Redirect Chain

https://unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js
https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js

5 KB
2 KB

23ms
22ms

Script
application/javascript

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96abf166b3cbb5f7df525d86fdeeeccea4af3c120b19bc26b0613530a94e8b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 29945923
fly-request-id: 01F3XYJKX17QD4DDDEQRFNMQA5
content-encoding: br
vary: Accept-Encoding
last-modified: Tue, 02 Jan 2018 16:53:35 GMT
server: cloudflare
etag: W/"15da-bT4RF04iZo5p3yNuXEVCFo98v+w"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6f6a7dd06ae5020d-ZRH

Redirect headers

date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01FZTD0E2TFSBZYFAXZDE4K508-fra
server: cloudflare
age: 239
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /imagesloaded@4.1.4/imagesloaded.pkgd.min.js
cache-control: public, s-maxage=600, max-age=60
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6f6a7dd02aa6020d-ZRH
access-control-allow-origin: *

GET
H2 200 handlebars.min.js Show response
cdn.jsdelivr.net/npm/handlebars@4.0.10/dist/ 74 KB
22 KB 73ms
29ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/handlebars@4.0.10/dist/handlebars.min.js

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d096836c66515e5ce415b57c5e2f19847ff367a41033463774291867b258ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1222263
x-jsd-version: 4.0.10
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19179-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"12630-EKA6xd0OO5UHmP0bY9EiNnZapJc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6f6a7dd03ba001eb-ZRH

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 83 KB
28 KB 46ms
18ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f10d6df70aeb2a13a4dbc1884367e40efee7505ca85f7e600662649de16c56c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28207
x-xss-protection: 0
server: sffe
etag: "1177 / 156 of 1000 / last-modified: 1649070439"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 04 Apr 2022 13:46:40 GMT

GET
H2 200 hamburger.png
www.secureworld.io/hubfs/ 178 B
928 B 71ms
68ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hubfs/hamburger.png
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e85e480856bd1bfc6c8f2782e1cffcb33b19837fcbc24cc8b25ed969d30bbd11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 672ccfdef8d96b8bfc26646386cb4488.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4228641034,P-2221756,FLS-ALL
age: 885630
cf-polished: origFmt=png, origSize=678
edge-cache-tag: F-4228641034,P-2221756,FLS-ALL
content-disposition: inline; filename="hamburger.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
x-amz-request-id: PRQV9ER2GKQ6A0SA
x-amz-id-2: 0iscvh3MHV0YSIHoC6lPSZGSZwau1OhVpySdMJH1G4Yhlv1x3mBMl/LyKnMdXJ3vH7TU5fnwToU=
x-cache: RefreshHit from cloudfront
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 22:59:50 GMT
server: cloudflare
etag: "d3bd09f40d4f357af913c143adca587d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GKZQ%2FuG6mjQdiIQMz9ubjW%2BRxWlh4tGYr8JLNXRSYIPNwzEy%2B5GwAj4Fj%2Fs9kl11BnA8FGpzo7NDIPC4hZAYYqCUasMNYsLk%2FA6qUleNvQfqw0qB2BQW3LWdk7W7sF4DJbWLf6j8BRYXTJTPYb5FAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 4m0X8x7SQCsWrf.U9R26NzzJ2LVMVSnV
x-amz-cf-pop: DUS51-P2
content-length: 178
cf-ray: 6f6a7dd3de4701df-ZRH
x-amz-cf-id: z6Nrhttpq93829C26ufhQPxWPUTk4P7j5CXeJR0FLYwWt3JM-8QV_g==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/ 28 KB
6 KB 84ms
35ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3254898
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5324
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7187"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WSrc92%2BeRM1PHO6aZILwUod%2B1rmhTmnnPPs2p%2BpkK3H5JvUY28hxYDc7DoDdBHwIl8XB635N47Pnt09iwyqUsNcFJsuQxUznQwkXUst%2FBqu0K4nj6E0gFsXs5KlWtwc6K5Tu5g68hYnq4HThl2lfpfUa"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f6a7dd22f7223f7-ZRH
expires: Sat, 25 Mar 2023 13:46:40 GMT

GET
H2 200 NA_ICON_1024px_1024px.jpg
www.secureworld.io/hubfs/Logos/SWE/ 13 KB
14 KB 70ms
67ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hubfs/Logos/SWE/NA_ICON_1024px_1024px.jpg
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: de8ca3c27a18d05e9e1c3621e4de23ebd5f8707e9eab014b787f68f55a1677ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 67b4a3e116ddb07b50403935474117c6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-6755372751,FD-4199406784,P-2221756,FLS-ALL
age: 885630
cf-polished: qual=85, origFmt=jpeg, origSize=26386
edge-cache-tag: F-6755372751,FD-4199406784,P-2221756,FLS-ALL
content-disposition: inline; filename="NA_ICON_1024px_1024px.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
x-amz-request-id: PS01FNN05Z284VDC
x-amz-id-2: TiU02DYK6HTxPpnLyLZy99O80ZHYdzYQz40vD8Y/DgFcudhmEGj8HgcmpT0DUutHC2GSmnuY0JM=
x-cache: RefreshHit from cloudfront
accept-ranges: bytes
last-modified: Tue, 11 Dec 2018 23:51:57 GMT
server: cloudflare
etag: "5977bd2e1630afa2a69ba5eb7d40f501"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2yQfPWj8mn41rMSouec0jm5vYU1NmSpV7Tjvg5fLeBriCeh2C14LZDOiznA6vdasxwp8Gd2nSBEvbno27D2hA6aLJ62DITaBVPI87mhNdmGbLMweY4Mba4RC8IrW0T6US53SLl8AXFrFM5z1sGslhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: ydrMxqndjfu6gVzrsnAYAlmgO.dkT38Y
x-amz-cf-pop: DUS51-P2
content-length: 13252
cf-ray: 6f6a7dd3de4f01df-ZRH
x-amz-cf-id: oWITn4MXpb_MQz3CbdGIXyGw91WJAqX1WjwGtj-IF-DaX7RQP9gk2g==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14

GET
H2 200 PHL22_Opening_Keynote_Three_CISOs_smaller.jpg
www.secureworld.io/hubfs/ 182 KB
183 KB 74ms
71ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hubfs/PHL22_Opening_Keynote_Three_CISOs_smaller.jpg
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e65790874b2bb42f249449877f39ce9c29368b83c327bc59b44bd75b3d0ce7bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-69973498472,P-2221756,FLS-ALL
age: 288295
x-amz-server-side-encryption: AES256
edge-cache-tag: F-69973498472,P-2221756,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="PHL22_Opening_Keynote_Three_CISOs_smaller.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: M5WCK1FT76F25CZ2
cf-bgj: imgq:85,h2pri
etag: "02e85c46131d41691d83bcb1def5ca99"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1648788695121
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: DUS51-P2
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=392411
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 186476
x-amz-id-2: rV4LY4LQ4+hWM8WnwoLUAPrgld6gEJS2oALQ4CdcY++z7NPE390DcqGuBDNwXgtY9u1OHKACWzs=
last-modified: Fri, 01 Apr 2022 04:51:36 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zc%2BZXufa%2Bgxf1WZdQBao3H4%2FTq7JvhFyTNoxeX8CJXMaM3LWx49kydf09won%2BajnpD9AWNkkVxljN9aI%2FYdCGSkSQDLZwHZ0mpWnH4pavJ5naZCJSGTYxx%2FGVIzgKaZ1EpfvzlyQ7emI9Pnlg9d%2FEg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: FmKQq0zYa1w_XOfczjCPd2Q0wEf7CVtU
accept-ranges: bytes
cf-ray: 6f6a7dd3de5201df-ZRH
x-amz-cf-id: GSWn9PyhN4FFiZFXHtEqi1IKedZUQzm3YYfJuWLIuT2b2P3gVyZv0g==

GET
H2 200 solar-eruption-image-nasa.jpg
www.secureworld.io/hubfs/ 42 KB
43 KB 68ms
65ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hubfs/solar-eruption-image-nasa.jpg
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 115f26f5a9f1904a500533c58aa7722d0eabc039975099453291210ab3e5a6b6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-39018593895,P-2221756,FLS-ALL
age: 885630
x-amz-server-side-encryption: AES256
edge-cache-tag: F-39018593895,P-2221756,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="solar-eruption-image-nasa.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
x-amz-request-id: 2HA1XHNZT2SSD1A3
cf-bgj: imgq:85,h2pri
etag: "1ce3015217f5c6688ceb903b587c9879"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14
x-amz-meta-created-unix-time-millis: 1608535522813
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 ddd7d19501f4b19d560bfedbdd9b13ce.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: DUS51-P2
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=81623
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 43140
x-amz-id-2: WBMd1NYtpGEjNuCOvdiwbHrrfN+fIm3valk9bk1WUxkDVu2eCc5p+vsDSoTWi2wTmliwuHhIsNQ=
last-modified: Mon, 21 Dec 2020 07:25:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mxn4dOhWC6WSywdXXWraSvxqxpjrBxf7HBsPaXO%2BhXzioES7QZAoldZZ7%2FJJ8iljXy9MiJOO%2B10oKA8pbLn1N6d%2B%2Fy0hSWkDopkpUdgKeGng%2Fun0Y7LwoaBHFflzxl5icxiAALPcN75LL5yixlQ3Tg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: T5tuB91TB5OjgLfEOdvLMUGLtzOV4x2d
accept-ranges: bytes
cf-ray: 6f6a7dd3de5401df-ZRH
x-amz-cf-id: CMTy_TXE1u9Wf1BWIQ3VYG3Oa1Wc8UfJbHsIfNdcNyAMGZG5Z_ebnw==

GET
H2 200 FBI_cybercrime_crop.jpeg
www.secureworld.io/hubfs/Blog_images/ 109 KB
110 KB 970ms
968ms Image
image/jpeg 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hubfs/Blog_images/FBI_cybercrime_crop.jpeg
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c94b42d2caf4ed971747b48b9c65191ddfaac5d22f324f455ce4e25907d7701

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-34200852055,FD-4415468373,P-2221756,FLS-ALL
x-amz-request-id: H2M2YT9TQZG3E7PE
x-amz-server-side-encryption: AES256
edge-cache-tag: F-34200852055,FD-4415468373,P-2221756,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "0a87cd0a26eb9f30517e1177e492097a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1598549241960
date: Mon, 04 Apr 2022 13:46:41 GMT
via: 1.1 8080d8bfc581f6befaaa7736f6d0003e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: DUS51-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 111339
x-amz-id-2: qny7Yt9gdVPd3UPvbjwypVpCQwUGP1/fbDMmVExi+8coQaH+T6vyw64W2qnvJqhjtJ5aZT0be9E=
last-modified: Thu, 27 Aug 2020 17:27:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J2vREFelAuvuka9RBLRnTkbQ%2FiN69QF%2FfQYr9TPtQh1V1CJLFPSCi8zSlCnjGrD5rXKyq0ELGFJy89%2FOqOqGMIr9fxD0eHcJ5tcGr0n25uWBeQ%2BzeAtwtIX9%2FC%2F2f9UAGaO2evZu9ByLAdNbaqNA4A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 0mySOl1bzQCgK77jDvcSf_lFjGeTMzmG
accept-ranges: bytes
cf-ray: 6f6a7dd3de5501df-ZRH
x-amz-cf-id: 7Lox8iMxPY8w8UUtImjS5vCoEoN-t6EfKUVAauxbWAKFQrI0-oHL3g==

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 28ms
8ms Script
application/javascript 23.210.252.167
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.252.167 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-252-167.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Mon, 04 Apr 2022 13:46:40 GMT
x-host: s7.addthis.com
content-length: 116421

GET
H2 200 5b11748c-d8d9-47fd-b704-d273971b3380.png
no-cache.hubspot.com/cta/default/2221756/ 2 KB
3 KB 198ms
160ms Image
image/png 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/2221756/5b11748c-d8d9-47fd-b704-d273971b3380.png

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0f8dc01b870f4220bb68c5ece91eb9aa5d2b459d84ae795567d9b068184bc54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: VTDA7FMT0W3JFE6V
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1720
x-amz-id-2: PA6qBjbr4nzkrAPcz0r5zgxguJB1698ybxmkaB1vadp2rIDKvJMQlFrJcjsL/9c2ubaYYEhHIOQ=
last-modified: Fri, 18 Sep 2020 16:44:21 GMT
server: cloudflare
etag: "a0bf93e49385d55d2b06b74a0483880e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8BKI4%2FLSWFz8%2BKKRXdCBcsYZPil1MC6xzr0sK%2BbgiVmV2259m6yJm5FZxRRqBRls25jY5XpNBTSsMl85%2BqdoeiYvMh6G0lW41SEGhXV%2BgWbWl4bZma43iCRIxv5Q6KYhmUZhOZ2btFI9F%2FRO%2Bf3ezX0o"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 6f6a7dd40eaa01df-ZRH

GET
H2 200 current.js Show response
www.secureworld.io/hs/cta/cta/ 16 KB
6 KB 51ms
50ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworld.io/hs/cta/cta/current.js

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfdd4ef23d6597497f165d85bb4e78d65dffa35a7ffff0ecf78fc4288361654b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 0920aeb1eced22df07c9ece1cab0a554.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 393
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=cta-embed-js/static-1.77/bundles/current.js&cfRay=6f6a743b06c3cc4a-IAD
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 6f6a7dd29c8201df-ZRH
last-modified: Thu, 24 Mar 2022 12:01:44 UTC
server: cloudflare
etag: W/"c639e923621265b92a2dd2df39206f16"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mPAozp10QkJi5s6H5DPjFmqd3nMq6qqAQfuW7Nm7e2BZopegJFBEf3usynIEylVuQtSczuJyLM%2Fnt49xB3qjd4ZCt7MX7nX9iq7yx%2F2UZrIqnG9zqFhIqn0KLgokdsrXas0ZK6nKO5pmvh93ucQViQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: j5jCVXnGRzvLZvKMOG0qGNrlAftEcbxf
cache-control: max-age=600
x-hs-cache-status: EXPIRED
x-amz-cf-pop: IAD89-P1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: LkOMlkb4YRAUIPVDjwEAbQZ9A3BKfGKJfmWBe8Nj-pakWUKOi4uwpQ==
x-hs-target-asset: cta-embed-js/static-1.77/bundles/current.js

GET
H2 200 facebook-icon.png
www.secureworld.io/hubfs/icons/ 266 B
1 KB 71ms
68ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hubfs/icons/facebook-icon.png
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45d8a712ca77cd325fcaaf66940adab8fc7d87692dfab6795f4fe8af5761bbc2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 021d8c03b9a9a9281489f9b9055209cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4217507994,P-2221756,FLS-ALL
age: 885630
cf-polished: origFmt=png, origSize=341
edge-cache-tag: F-4217507994,P-2221756,FLS-ALL
content-disposition: inline; filename="facebook-icon.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
x-amz-request-id: B4CRRCE632T12GDR
x-amz-id-2: k/NsSX+8P4+KeNGFALV2MjceIGc0GYuBJpz8IBW9+382+0B1z+eT4l94H2B6ngnHaxbe0QzSuxE=
x-cache: RefreshHit from cloudfront
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 22:59:45 GMT
server: cloudflare
etag: "382d93a10bf4c2b421daabc50181cee3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bkuQ0HVxS3Xunq%2FuDAzHYoXxbRbD3INqjUjQ7cRmFWH01653FKygHx8Rr1%2B9nD0UFHEfh2ZEigYadPg1plvObiBHN2Gv2xke1zsfWlJfHmroHoiaMmk4KWlJwWZq%2BXRj%2F%2F96txHN9b6srkptwnRrOA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: cpGeMT3J5tMnUJqYR3Q0N_7QYVZ9aPqE
x-amz-cf-pop: DUS51-P2
content-length: 266
cf-ray: 6f6a7dd3de5801df-ZRH
x-amz-cf-id: medir8Yp6gueKlgmj2jwcJAAyYm9SncAbgBUs6G9hDLyKebqJV3GDg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14

GET
H2 200 twitter-icon.png
www.secureworld.io/hubfs/icons/ 616 B
1 KB 68ms
66ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hubfs/icons/twitter-icon.png
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2706e604d16b9785e1a98e631df92c3402eb93e3d8160b6b0959f28d132e3ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4236787772,P-2221756,FLS-ALL
age: 885630
cf-polished: origFmt=png, origSize=883
edge-cache-tag: F-4236787772,P-2221756,FLS-ALL
content-disposition: inline; filename="twitter-icon.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
x-amz-request-id: B4CSJSGCMZHEJ2NW
x-amz-id-2: LJtU1gtj0XEMUmWOc5ozVPwD8j4gJ16BCkriTKAZptePEtPvlPnZbk8kE1/HfImzEy/X0wMxmg4=
x-cache: RefreshHit from cloudfront
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 22:59:51 GMT
server: cloudflare
etag: "435d809eb83677f7468e7b683bb64e9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wO6z8HDl2ypnKrerui8k%2FaF5cZvuGIF9CyhyR6sB5tzwMInkuvIgXearbaUuB2DVcW%2B1ne7IEYRhEwOyokXBTOddz05vQ2t4oCeZPpa6AiZ5rQ396vpPdvl%2BSBpScSvk4jyWr3%2Fmzrvx8aR5Gj8lpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: vxboFQ0o8uHNttXVAk1x4tCcamAImMN6
x-amz-cf-pop: DUS51-P2
content-length: 616
cf-ray: 6f6a7dd3de5d01df-ZRH
x-amz-cf-id: peLWM_fppKoFrMYbNGxh3ItRMQEXQ3Gx-GrJPCqWIWwbGF0G_rkwvw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14

GET
H2 200 linkedin-icon.png
www.secureworld.io/hubfs/icons/ 398 B
1 KB 71ms
69ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hubfs/icons/linkedin-icon.png
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 105580db30d3915f2122d4e07a985c069478dd6f64e25d58ff3bf4c6ba7d9200

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 d45a8c6f9f33ed6e98c7762d0a4f951a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4249039716,P-2221756,FLS-ALL
age: 885630
cf-polished: origFmt=png, origSize=545
edge-cache-tag: F-4249039716,P-2221756,FLS-ALL
content-disposition: inline; filename="linkedin-icon.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
x-amz-request-id: 73V8CBHDJ4DQ5SYX
x-amz-id-2: QVxmEQGadUfBCm+r2J5qN5OxlzA/tbPxqc4tTlhbXAGVsg4ESMHIz6jADWEfOg+jyCZSBn7YqJ8=
x-cache: RefreshHit from cloudfront
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 23:00:01 GMT
server: cloudflare
etag: "f35feef6db03f1de7a0f82ac16331984"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UM3wsJlDCCyCSQ3zqWQxrbr2bmrNdE9dzcIiWfp4UpHD%2FZp2kfmRnwRUyEinJ4QJNoGLtCqftb8CM%2FkkXViVs%2FtVgQ3Vhvaj6XjhYkOTHHYYZRmAH7nH0X3wBrv3o4m4bq8A9Dkmnh3u58C1rKxZ7A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: Ca0VlQPn4uRh8ARQvO0BomNcHUPSzg5d
x-amz-cf-pop: DUS51-P2
content-length: 398
cf-ray: 6f6a7dd3de5f01df-ZRH
x-amz-cf-id: wDaHgh4xm_n8UZn3dgZwRK8ZGX4tLljAqhd4lFQh23QzSIa2SY2jwA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14

GET
H2 200 youtube-icon.png
www.secureworld.io/hubfs/icons/ 538 B
1 KB 69ms
67ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hubfs/icons/youtube-icon.png
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb84dfde92c3f516c917d8b8a714cbedcb98908c2ca54c47f2eb27cc712ec39e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4217507984,P-2221756,FLS-ALL
age: 885630
cf-polished: origFmt=png, origSize=740
edge-cache-tag: F-4217507984,P-2221756,FLS-ALL
content-disposition: inline; filename="youtube-icon.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
x-amz-request-id: QN3HTDK0EQZGF7BD
x-amz-id-2: Z8a2DZsgl/DaihIqsgZ1gjPxx6Bd4qFw4rqflW0obRBjEzW60LCUcMIl7LwMfZNqAKKLFirlyU8=
x-cache: RefreshHit from cloudfront
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 22:59:44 GMT
server: cloudflare
etag: "cd74c7bacf9b51e0d78450b3a775f1d5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9uMumTrWLtGcKK07SZ4Kvu89fiK74YMyAwzOpSZ8xR%2B05ZH1WH%2FcLc8nhza%2BOjPz%2B%2FN%2BCCnzb9PimooiyjZ70Re2CYIthLRwTwzD4j5a6Tf47vAc1rztCgOFFrTz%2FuNoHpYn%2FmFGcjbUY9royKmIXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: MZVOTxFc5yM8fhWUGQmM9Ce.Rx4WyYF6
x-amz-cf-pop: DUS51-P2
content-length: 538
cf-ray: 6f6a7dd3de6201df-ZRH
x-amz-cf-id: FTE5ysyraSpQyOq1IrtRnQwuf7QTDzhVRL5IEiLKbbpAZ6jqYg_dBw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14

GET
H2 200 rss-icon.png
www.secureworld.io/hubfs/icons/ 692 B
2 KB 66ms
64ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hubfs/icons/rss-icon.png
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5925c2d6c0ad64e279e2f90cba407923d8f8a2dc4bea98054296f88ea829ce8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 672ccfdef8d96b8bfc26646386cb4488.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4217507989,P-2221756,FLS-ALL
age: 885630
cf-polished: origFmt=png, origSize=936
edge-cache-tag: F-4217507989,P-2221756,FLS-ALL
content-disposition: inline; filename="rss-icon.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
x-amz-request-id: D6SH3K6KRFR8PMER
x-amz-id-2: 2rNiEa/hlP6Q1yPihg54deuQZ+ryWVOSbzTkwlX8Ud/HkO71458o5CdOV2U9UGEWxRsWoi/YsEU=
x-cache: RefreshHit from cloudfront
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 22:59:44 GMT
server: cloudflare
etag: "ba9634d8e84bfd7f172da2b890dce500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aG4eT3FJ8emqv%2Bn9OAWUJeR3TkZ0nLRQlw%2FrM2Nixejy6fF1e5SM57MPUlPOrnj8760SuH0tV3CoCS3a3kPHscHoAdhKfx4YXleK0hEAvW3nLpgYMiBUcZfNssNiL29DnOcgk67a5Z2u2tFzh2gMMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 88.SyS0cTzC0LClKKIA02czWzR1OOcjz
x-amz-cf-pop: DUS51-P2
content-length: 692
cf-ray: 6f6a7dd3de6401df-ZRH
x-amz-cf-id: QolwVfRdQSu5uSfqMVtwxIEeRGUw7xXJ9UmTTYyDGl32ucGTPovLXQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14

GET
H2 200 module_5767375991.min.js Show response
www.secureworld.io/hs-fs/hub/2221756/hub_generated/module_assets/1526415140634/ 3 KB
2 KB 266ms
266ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.secureworld.io/hs-fs/hub/2221756/hub_generated/module_assets/1526415140634/module_5767375991.min.js
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e7ae196488d11c550b2c2bdda02ab66d9b30d9ce3428175816fc7529d417b55

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 de349bd2105a0a744704f391ff854e62.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
content-encoding: br
x-amz-request-id: 4X1YQMDZ8PPB302D
x-amz-id-2: TtbxkuDO7z1+OsX2ye1KWl7bNntQB/xlMFtoCKyW3tewDSlQDHs8xnBciXZFxfL6S5/iZFDCe6A=
last-modified: Tue, 15 May 2018 20:12:21 GMT
server: cloudflare
etag: W/"f4b2280c49cfc63c17de571e5c7fc973"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATCKr8qzlYIvMohrZG87udiVLNaPrXD4V4BvJuz%2FwHGp3wKDdiKHvnr2UXrOuXRuZwwu%2BpG0JuTJve3Di1o9NXHjx5y%2Fk%2Fpu9KG5EKcuLbM7lUheBHrhjn0hr%2FS3uQW0dmf3xcYEa7WqXVwd1NKpAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: r6EweSOu4oidIwv_yz3SQArFNSnW.a4T
cf-ray: 6f6a7dd2fcf401df-ZRH
x-amz-cf-id: 3HfEb1vkKyBWX2tXI8ezLBZd_BN92eSaOMvcTiaL1IMzpPpk4diugg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14

GET
H2 200 comment_listing_asset.js Show response
www.secureworld.io/hs/hsstatic/AsyncSupport/static-1.122/js/ 8 KB
3 KB 51ms
51ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworld.io/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 61fd230060a8ca1a11091c689601a7eb.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 9319380
x-amz-server-side-encryption: AES256
cf-ray: 6f6a7dd3adfa01df-ZRH
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Fri, 17 Dec 2021 15:26:09 GMT
server: cloudflare
etag: W/"2455723721db341ff86a4f64384a9c0d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3S6BRJmaFMrf5syY29I92huliUH86lnGCpZkGp0HdXJc3rahCUMQX%2BWyjLly8hVzbgoiEdfudWsYhi4Fsty8TxAAwwE27wCiQp9zHSFkdXypDXquTJSiOUDcxR1fZZ15Mx74UgbfwhrxJafURZ%2FoHw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4D3b_.jtdSCbU1XTktruWk73HT0wxWk7
cache-control: public, max-age=31536000
x-amz-cf-pop: MXP64-C3
content-type: application/javascript
x-amz-cf-id: lRusgRTEobYU1Lv_JtyIZ7s2SNkFJdV04T2nPm1lVsQrLq545TjNlA==
expires: Tue, 04 Apr 2023 13:46:40 GMT

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 567 KB
145 KB 127ms
68ms Script
application/javascript 2606:4700::6811:b649
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b649 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25f9030845df92a93fa6f343d474aead0ea4130c7f8c5268a7e279590e3a689a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 199b065e4c1253c9590e1b5e57083906.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 332
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: PENDING
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 04 Apr 2022 01:37:31 UTC
server: cloudflare
etag: W/"d14087d2a7074af4f4503b1dafd0e1da"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FJHnunTfMztrY%2BVCkOFzIlYdqnp4G%2BSbfdHSKNwDH%2FSw%2BVX08brbbxoFSy4JHb7XGQgIg%2FpB4L2IYYpiRUVZHaOLVDPow%2F1rMUOHQ5GvCldnWhlH2%2Fo6WM8yL3tEyAUYkIcQTJdDmZ6QHH7H"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: _Y0ZM8Bdd3POJmTqvQ1GLzIHspm7MWOT
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
cf-ray: 6f6a7dd43c65cc36-ZRH
x-amz-cf-id: jtGAJUPRZfUJmoJ5FfrOedF2ue-HriNabi8iqdZlTGSw-izXWKfAIQ==
x-hs-target-asset: FormsNext/static-5.466/bundles/project_with_deps.js

GET
H2 200 2221756.js Show response
www.secureworld.io/hs/scriptloader/ 1 KB
1 KB 477ms
476ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.secureworld.io/hs/scriptloader/2221756.js
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a3775ae1c63c14e907e4a14be330fbdb37c3cf1ea14d5d6a67e0a3c17214426

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 0eb59020-0e7d-4aba-8b0d-dc43e6f41763
last-modified: Mon, 04 Apr 2022 12:14:37 GMT
server: cloudflare
x-trace: 2B152D3B83ED5191829DC927BE186308C8B02FD43A000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FbK8f%2FCTAqNFSINdUx0R5fUf3IV80m8zBCruxEkY4cBmhMdYXFGGfwBnVSAWxffkMrwbC073jmw8mg0CNMWA0UJlTepg%2FGCFFuM8S7FAQC4H7AgEWEEM%2B9FaJTjsD%2BPu1eN6UZl16u2xHd2Vdx4Ykw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.secureworld.io
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 6f6a7dd3fe8601df-ZRH
expires: Mon, 04 Apr 2022 13:47:41 GMT

GET
H2 200 hotjar-349336.js Show response
static.hotjar.com/c/ 4 KB
2 KB 65ms
39ms Script
application/javascript 65.9.66.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-349336.js?sv=5

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.66.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-112.fra56.r.cloudfront.net

Software

Resource Hash

f7445bee752146ede62251d84539c0b4a466d349a1c907f7e2fc10cc6b4a5962

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: FRA56-C1
etag: W/47ff913d5d03ffe54ec82ee58f1cf41b
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
content-length: 1906
via: 1.1 cc763905c39a59494c951c09271b0422.cloudfront.net (CloudFront)
x-amz-cf-id: 2-TsMhxsN8lLnAhc0VfLbV3CUGY-CmtJMhMtyEHyM_UZvRe08Yqpeg==

GET
H2 200 secureworld-logo-2.png
cdn2.hubspot.net/hubfs/2221756/ 6 KB
6 KB 40ms
40ms Image
image/webp 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/hs-fs/hub/2221756/hub_generated/template_assets/4263571273/1643491873967/Coded_files/Custom/page/Secureworld_2016/Sw-2016.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fefd42eac633ab3b423116e1c31f64782101833a9408db570fabdd9a3ca64d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 d7147e532e5cf73689fcb39fa760bcf2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4248998301,P-2221756,FLS-ALL
age: 104463
cf-polished: origFmt=png, origSize=8991
edge-cache-tag: F-4248998301,P-2221756,FLS-ALL
content-disposition: inline; filename="secureworld-logo-2.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: 8CK1BTCKV730VTRT
x-amz-id-2: KQ4NQ6hOFRaXKSW7QXjAun1kGkBnz3q5pkiGAmUVsFUgKik3QUv7zxer41CtFnF0hF4l738fw7I=
x-cache: RefreshHit from cloudfront
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 23:00:00 GMT
server: cloudflare
etag: "a2bea9973108d135d0e2ed91ee7a4863"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLjjwUfc8foZc53GVDLgjLlwpOjiZxmTGyR9efVzBEVGOh%2BVyDDZtriaWJ%2F2si7CCD6K3fkBFip6s%2B6vdKHqhZ5Sx3qjChSbjZi2j3GD63JZauD5TFGp%2BUVgiXnLBWFht2JFGWUqzvt3a5H5mIk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 8C7sadi_1ki1QqvhHVTxlDSccXzvI9qc
x-amz-cf-pop: ZRH50-C1
content-length: 5778
cf-ray: 6f6a7dd3d9e82397-ZRH
x-amz-cf-id: GZuZt4fI88GFflYGbJcMQCPRzWcEOf80mT46baQT4Pc5YMJ0aygUlA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 l
use.typekit.net/af/bb3775/00000000000000000001569e/27/ 16 KB
16 KB 64ms
20ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/bb3775/00000000000000000001569e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 0d9ff5c4589af053237b35540ae343de2dd4ed647dc1942f70517141a8bbdc88

Request headers

Referer: https://www.secureworld.io/
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
server: nginx
etag: "99f07ce58bc0e353bcdc4fa21533dd7a9de930b5"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16468

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/fonts/ 70 KB
71 KB 44ms
25ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/fonts/fontawesome-webfont.woff2?v=4.6.3

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9682aff0dfb2932f5273721abd9190df39eeb0f42c37a24566aa4ac5753219c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3264710
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 71896
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-118d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NSIVQ6bsDG5w%2FeG%2F6objk976fldpiPvA4TgBV6Ss4zEkEilpyIXwCUoh1MOBO1IYEyK4EPgO6VzsbOw6mDGENoZUR%2F5WL1uZmEf9NgOo40xvs45VSWX9ERY8Gh5aVefR4sQEI%2B0gqbjlq56UufuHvrYP"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f6a7dd40eb52325-ZRH
expires: Sat, 25 Mar 2023 13:46:40 GMT

GET
H2 200 ransomware-money-shutterstock.jpg
www.secureworld.io/hubfs/ 100 KB
101 KB 880ms
880ms Image
image/jpeg 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hubfs/ransomware-money-shutterstock.jpg
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7cb83b420a56223fdb308d5756d06d6112a639d9d592758a5cc82b5da81b86eb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Mon, 04 Apr 2022 13:46:41 GMT
via: 1.1 021d8c03b9a9a9281489f9b9055209cc.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-6240528961,P-2221756,FLS-ALL
x-amz-cf-pop: DUS51-P2
edge-cache-tag: F-6240528961,P-2221756,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: M63GPEBA9FPZPDAA
x-amz-id-2: OKiQoqd1XtBBJqX2lyIH3d/sKaKuYC0dx9PxaXdd89NieG41VX/suOkpINnpn9QX9UsT1bOdktc=
accept-ranges: bytes
last-modified: Thu, 27 Sep 2018 16:54:25 GMT
server: cloudflare
etag: "14ba9e55fff9cbc2d9153319ae2914fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BWk7fs82aQyyKCIWe7j6pF%2F%2FHmuW%2B99cPRysZaEoSUO6rQ44Ze2PEezR5I0V%2FwJVRP2vIvpStj%2Fwm%2FUoG%2FYA952xlaZGxChUf%2BaGYCLmBrdR8lENz9i3aPMasSzpDt9oBd%2FhOiWNtwJ9ogM0ncmlmA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: llsIThycd9s.ve7OtbUbitaho.Zf9PS7
content-length: 101932
cf-ray: 6f6a7dd42ed201df-ZRH
x-amz-cf-id: 8TRzMgTlbdAkCiz19cDIaC-TrhKoLx2dNh25bmxMESPGcClnb1CkOg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 l
use.typekit.net/af/7e7807/00000000000000003b9adf8d/27/ 11 KB
12 KB 20ms
20ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/7e7807/00000000000000003b9adf8d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 09ee51350e71fe859598438e1ed3f07e46dbbde689052921909644ec2bfb9de5

Request headers

Referer: https://www.secureworld.io/
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
server: nginx
etag: "5eae00594a6e4389351e7799a5ec80c9177b17d7"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11724

GET
H2 200 l
use.typekit.net/af/a6f15d/00000000000000000001569d/27/ 18 KB
19 KB 18ms
18ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/a6f15d/00000000000000000001569d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: c3663d9a1293425783b78953b5163edb193cd905c8f88ef2a8976c7107e44439

Request headers

Referer: https://www.secureworld.io/
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
server: nginx
etag: "d09f966d69c26891fac2c4897662016d1e2cf038"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 18756

GET
H2 200 l
use.typekit.net/af/394c5a/0000000000000000000156a1/27/ 18 KB
18 KB 23ms
20ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/394c5a/0000000000000000000156a1/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 8b699b6f863b789d0cc8321d183694e4957fe39b30f0bc2a908b5ee010716e70

Request headers

Referer: https://www.secureworld.io/
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
x-akamai-origin-object-size: 17992
server: nginx
etag: "e8d3b4137e5c88f1f7df47c8f7c2d7e34fbe5f19"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 17992

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 71ms
16ms Script
application/x-javascript 104.102.30.13
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.30.13 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-30-13.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: E880451BA994640A
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=56703
accept-ranges: bytes
content-length: 948
x-amz-id-2: g48kfJZ1LDfwCY+hKucKHwOEQccxMwTRQc86H8DNT9MI1VyS34GvzBN90qGYIKnsTc9op8vunqY=

GET
H2 200 pubads_impl_2022032106.js Show response
securepubads.g.doubleclick.net/gpt/ 364 KB
124 KB 28ms
7ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

8da979458600536726a4bfca5e105c96a405e0740c16e55a7d6cc59108706417

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:44:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126678
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 20:13:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 04 Apr 2023 08:44:47 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 79 B
714 B 34ms
15ms XHR
application/json 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.secureworld.io

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

d0bd99f21a10af118d49ef6d6c16d4e6312bfcbea8e236fbf6da80d1ff34029a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78
x-xss-protection: 0
expires: Mon, 04 Apr 2022 13:46:40 GMT

GET
H2 200 modules.681b17e679ac939c3f40.js Show response
script.hotjar.com/ 236 KB
62 KB 22ms
6ms Script
application/javascript 99.86.7.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.681b17e679ac939c3f40.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-349336.js?sv=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.7.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-7-26.fra6.r.cloudfront.net

Software

Resource Hash

c48af1698e6e13a34a137eb360a3e7d0937ba31bd0332eee8af2b2972b49dd49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 10:02:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13474
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 63051
access-control-allow-origin: *
last-modified: Mon, 04 Apr 2022 10:02:01 GMT
etag: "3c5b1dac19edd9cdf05d029e575db3b3"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: IerMLdR2Zu07I95ZQcKUOkXcnRoXw_l-nyjEB4sKUu3emNaH5HqmCA==

GET
H2 200 de00eec1-d1e4-4ed7-92a5-513850f7168f Show response
www.secureworld.io/_hcms/forms//embed/v3/form/2221756/ 3 KB
2 KB 170ms
170ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworld.io/_hcms/forms//embed/v3/form/2221756/de00eec1-d1e4-4ed7-92a5-513850f7168f?callback=hs_reqwest_0&hutk=

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f82ba993ee4e81a09bef1586dfef0915c38255db1af52209e2c8b01ea78ec5ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 506250db-bfa0-4026-9265-17e80b204768
cf-ray: 6f6a7dd548e901df-ZRH
content-disposition: attachment; filename=no-rfd.txt
vary: Accept-Encoding
server: cloudflare
x-trace: 2B055B1EA842258E7F64ABDFEDAB0124D84A721D93000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xe22%2B%2FLdQ0MSNOxbpO2t7YF9E72kMllcrprSyNH8XPgNNMCyPtuDK1nK798IadLo9D%2BNXZlt%2BQxtEMfsRhNXFaQLFNKFeSA7B09aRMP0X%2ByvS%2BIzw9NubD0yq1nRWd9aosKRPtxe2dtQgXioOWPjjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none

POST
H2 204 collect
www.google-analytics.com/g/ 0
349 B 34ms
13ms Ping
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-8NF3Q53WEX&gtm=2oe3u0&_p=913642838&sr=1600x1200&ul=en-us&cid=2080035738.1649080002&_s=1&dl=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&dt=Special%20Security%20Advisory%3A%20%27Ryuk%20Ransomware%20Targeting%20Organizations%20Globally%27&sid=1649080001&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8NF3Q53WEX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 13:46:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.secureworld.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 f9c697eb-4f35-4c94-a6fd-0f0abceafced Show response
forms.hsforms.com/embed/v3/form/2221756/ 20 KB
5 KB 211ms
169ms Script
application/javascript 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/2221756/f9c697eb-4f35-4c94-a6fd-0f0abceafced?callback=hs_reqwest_1&hutk=

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fbd9dbc01e9dc37f17ae6f6e8f5e7775fda8f38928ac549cbab33d683408a8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: b8ee204a-ab22-4864-ba90-6d22e88ba352
cf-ray: 6f6a7dd5c9eb2325-ZRH
content-disposition: attachment; filename=no-rfd.txt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-trace: 2BC802B0F57719D2ACADD91D316D3351060C9817D5000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 35ms
7ms Script
application/x-javascript 2a02:26f0:ef::5c7b:c25a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ef::5c7b:c25a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 13:46:40 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 Mar 2022 23:45:34 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=53287
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3104

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 22ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4756d3dad503c26b291177aabf725d563d1e03e215025668540a6ad842ac519a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: UcQ292aMMb+v6HrO0Aow+w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: Ve8Dp8LA+NnPRBv1j9DuqRCzZ9FBN+MyzQVIohZ0HP8IL9GnJQs2KgAuKzesuK9UN5k0uqPYKV2p4ne52WlnIg==
x-fb-trip-id: 917726464
x-fb-content-md5: 33ae1c19a7d2698186c1265e39ec6ed2
x-frame-options: DENY
date: Mon, 04 Apr 2022 13:46:40 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "861dafd754a97e56f6caa2ee22e69f97"
timing-allow-origin: *
expires: Mon, 04 Apr 2022 13:47:08 GMT

GET
H2 200 widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 23ms
6ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: da7ae7eec9c1f857161ad9356669f90a20a3e1bd18c8124b53cc2e367e04780b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: gzip
fastly-original-body-size: 99381
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 29457
x-served-by: cache-iad-kiad7000043-IAD, cache-fra19140-FRA
last-modified: Thu, 31 Mar 2022 19:50:29 GMT
etag: "f763893db69b9ff52796c20ddfe2ac52+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1800
accept-ranges: bytes
tw-cdn: FT

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
343 B 150ms
142ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=2221756&callback=jsonpHandler

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/hs/hsstatic/HubspotToolsMenu/static-1.119/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-hs-worker-debug-mode: false
server: cloudflare
x-hubspot-correlation-id: b4fbb81c-46f3-4c09-a868-c2e5ff85af46
x-trace: 2B34978375D1A4201021C6C1EA527014C8A5E47888000000000000000000
date: Mon, 04 Apr 2022 13:46:41 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
cf-cache-status: DYNAMIC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 6f6a7dd5895e01df-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 l
use.typekit.net/af/3ad3aa/00000000000000000001569b/27/ 17 KB
17 KB 15ms
14ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/3ad3aa/00000000000000000001569b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 70d7f1b8fb5a9f0213a41d01479bce0faa7704776dcc44d909fc46753178442d

Request headers

Referer: https://www.secureworld.io/
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
server: nginx
etag: "fefd3dbe8b7ef1626c87462aa1d1e79b3dcd6e47"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 17452

GET
H2 200 l
use.typekit.net/af/9e46ec/00000000000000003b9adf8a/27/ 11 KB
12 KB 20ms
18ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/9e46ec/00000000000000003b9adf8a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: d6c49286d97965108861654ee7453c0cf3db248ace147eac582d7daedbcb8295

Request headers

Referer: https://www.secureworld.io/
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
server: nginx
etag: "4cf766f30cb354bace1fc993c9fac290fcb99d54"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11672

GET
H2 200 l
use.typekit.net/af/cc82c8/00000000000000003b9adf93/27/ 12 KB
12 KB 21ms
19ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cc82c8/00000000000000003b9adf93/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 87de3861c0162a770e999f14856e94174260c493cfab21e4c7778e291f91dc19

Request headers

Referer: https://www.secureworld.io/
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
server: nginx
etag: "18e006d1293afebbc42e8c739f3b1591ba611d5a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11812

GET
H2 200 l
use.typekit.net/af/78f875/00000000000000003b9adf90/27/ 11 KB
11 KB 22ms
21ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/78f875/00000000000000003b9adf90/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: fd954e42c1a8c77b9044374171bd3eb07997e68da2ec2928d51a31b53f73169f

Request headers

Referer: https://www.secureworld.io/
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
server: nginx
etag: "69acc88dceb338052e5f2d097c4a9fc618ff0d48"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 10752

GET
H2 200 l
use.typekit.net/af/66bb45/00000000000000003b9adf8b/27/ 11 KB
11 KB 23ms
22ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/66bb45/00000000000000003b9adf8b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f6eb5adb34b12fd9ea1d2b16eefaa3e190e3f33f605897860e44452e31826866

Request headers

Referer: https://www.secureworld.io/
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
server: nginx
etag: "aab15115f34bdbbf651dee6879b1b18d8cd54b11"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11180

GET
H2 200 l
use.typekit.net/af/1db353/00000000000000003b9adf8f/27/ 11 KB
11 KB 22ms
21ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/1db353/00000000000000003b9adf8f/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 6a0a6ea0682fe445d6e7906428dad8e24094336e42b49a676aed68d92678d2cc

Request headers

Referer: https://www.secureworld.io/
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
server: nginx
etag: "9a26f87008ff7b9f0fbd10d7b7ef46650877431d"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11260

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-57a915b0b3a6bc42/ 2 KB
873 B 164ms
163ms Script
application/javascript 23.210.252.167
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-57a915b0b3a6bc42/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.252.167 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-252-167.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4cc6481fb0583f3d9b32262df669b6c24097720e50ab8a5fa49205eb0e02921a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: gzip
x-akamai-origin-object-size: 672
etag: 569385478--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=60, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 672

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 90 B
250 B 140ms
138ms Script
application/javascript 23.210.252.167
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=624af6c1f3cc20b0&bkl=0&bl=1&pdt=2156&sid=624af6c1f3cc20b0&pub=ra-57a915b0b3a6bc42&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.secureworld.io&fp=industry-news%2Fhow-ryuk-ransomware-works&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1649080001928&jsl=1&uvs=624af6c13b082395000&skipb=1&callback=addthis.cbs.jsonp__091511005591703440
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.252.167 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-252-167.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 32166865dd1ba15d10b2f26d7fe8de3e9e29601c1be462f81f0d546d4a3f3f5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 13:46:41 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 90
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame B1B7 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 0475 71 KB
26 KB 12ms
11ms Document
text/html 23.210.252.167
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.252.167 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-252-167.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Mon, 04 Apr 2022 13:46:40 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 public Show response
api-na1.hubapi.com/comments/v3/comments/thread/ 75 B
795 B 220ms
183ms Script
application/javascript 2606:4700::6811:cccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-na1.hubapi.com/comments/v3/comments/thread/public?portalId=2221756&offset=0&limit=1000&contentId=10855193339&collectionId=4214485368&callback=jsonp_1649080001933_24973

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cccc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebc15a904950c146e38c4dc4d6ec124abced29407132350999086d711a543c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: 14241d67-7859-4e85-ab0f-f064b429675b
x-trace: 2B4F993E2716A6E2CE430F43B70D7E9BD02E36FBEA000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ir44WFRFzIXhiEFuvnCJGr3LJae4xc90k8hCMA4DLwB%2FeN5i3SDNj%2FoEE0gDkJ9khzcG6xBesrCJsknf1JxR8mMOltodJiKnrSU3vhjB%2BgIyRb3I8GZgVmNsd37mU%2FdQbui61yuSj8uPNQWUEEackQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6f6a7dd5f983cc42-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 3 KB
2 KB 148ms
141ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&pageId=10855193339&pid=2221756&sv=cta-embed-js-static-1.77&rdy=1&cos=1&df=t&pg=5b11748c-d8d9-47fd-b704-d273971b3380

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b795d3050e36d38585637c87f5316b96e417fc81ca757b58f9ed74a1b64f7bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 5f3b433c-6627-4b23-bb89-dc9e7c9d0a29
access-control-allow-methods: OPTIONS, GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-robots-tag: noindex, follow
server: cloudflare
x-trace: 2BC96D119647673CE378E87E9AFE45A56F4E46EB77000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4%2FG%2BJiu%2FG76TRXYXX9gBzYSYIbROChjbdn%2FAQTs7nwp%2FfYocoMLTcwIPeZ4Zz9QcgHv79R1l0avodaCt3hA4vDssY5Pynh4Qv7N74gg2c2hfa4u2bgo2eOuHyLSSpe%2FDUYMpY%2BJdj2%2B9ZmM8OUsdMgdfJfDRuDCQve0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.secureworld.io
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
cf-ray: 6f6a7dd5c9c501df-ZRH
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 39ms
18ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.secureworld.io

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 41ms
20ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.secureworld.io

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 132 KB
20 KB 124ms
105ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1649441203212596&correlator=2832225334224036&eid=31065714%2C31066031%2C31066017&output=ldjh&gdfp_req=1&vrg=2022032106&ptt=17&impl=fifs&iu_parts=562063608%2CBB1%2CBB2%2CBannerAd&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=300x250%2C300x250%2C970x90&ifi=1&adks=615754453%2C1619671624%2C2061276719&sfv=1-0-38&ecs=20220404&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1649080001982&lmt=1648906025&dlt=1649080000989&idt=962&biw=1600&bih=1200&adxs=1044%2C1044%2C315&adys=585%2C1986%2C115&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&frm=20&vis=1&scr_x=0&scr_y=0&psz=362x250%7C362x250%7C0x0&msz=300x-1%7C300x-1%7C1150x0&fws=0%2C0%2C0&ohw=0%2C0%2C0&ga_vid=2080035738.1649080002&ga_sid=1649080002&ga_hid=913642838&ga_fc=true&btvi=0%7C1%7C0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e65a72075d3562884cbaf339744992a3117ae01357909e1af9e049cfdfa6c6fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20323
x-xss-protection: 0
google-lineitem-id: 5951828806,5908508605,5952481919
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138384933873,138379832300,138384862568
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.secureworld.io
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
309ab07c9e8b47bab20db4a568d65e05.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9D33 6 KB
4 KB 84ms
14ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://309ab07c9e8b47bab20db4a568d65e05.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 13:46:41 GMT
expires: Tue, 04 Apr 2023 13:46:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 box-acca23410e696f2ca3087d947271c3d0.html Show response
vars.hotjar.com/ Frame C76E 2 KB
1 KB 50ms
15ms Document
text/html 108.157.4.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-349336.js?sv=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-53.dus51.r.cloudfront.net
Software: /
Resource Hash: e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 5115275
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 04 Feb 2022 08:52:06 GMT
etag: "6f65fac4e8efe167ff5132c0c54c5729"
last-modified: Fri, 04 Feb 2022 08:51:39 GMT
vary: Accept-Encoding
via: 1.1 67b4a3e116ddb07b50403935474117c6.cloudfront.net (CloudFront)
x-amz-cf-id: szI4W-G2pOrmy2pzA5LVMrSl26eZ24qRhDSVBRopO_SQtTefxYUO0w==
x-amz-cf-pop: DUS51-P2
x-cache: Hit from cloudfront
x-robots-tag: none

GET
H2 200 p.gif
p.typekit.net/ 35 B
214 B 32ms
7ms Image
image/gif 2a02:26f0:ef::5c7b:c24c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=cfm6mzj&ht=tk&h=www.secureworld.io&f=24349.24352.24354.24355.27887.27970.28026.27954.27958.28025&a=657783&js=1.21.0&app=typekit&e=js&_=1649080002011
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ef::5c7b:c24c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
last-modified: Sat, 09 Oct 2021 02:10:03 GMT
server: nginx
etag: "6160f9fb-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 288 KB
82 KB 17ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=12f3f329354ea6a211463ceca5bb7e03

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e58eb53e696a05118ebcfb01b9573299b4387ee8448a862049cd3e4488e6dcd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: FFv2YHf27acwMWfroJ6kJw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 84175
x-fb-rlafr: 0
x-fb-debug: U1jSPonxmTD60o4/vI0ULZe/eM0uE8LQISuyYc1L14LKkP7UA94atoTO/2vIegoERF7sH4gkhH6nkVwt7oQcvg==
x-fb-content-md5: 66be7a777db9fd91fcafb97c40795202
x-frame-options: DENY
date: Mon, 04 Apr 2022 13:46:40 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "0fd076e2e805772293cc3e1401722b90"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 04 Apr 2023 12:31:11 GMT

GET
H2 200 widget_iframe.0af76c3310098d2f8f428367b62351b8.html Show response
platform.twitter.com/widgets/ Frame 3119 319 KB
103 KB 22ms
22ms Document
text/html 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.0af76c3310098d2f8f428367b62351b8.html?origin=https%3A%2F%2Fwww.secureworld.io
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105433
content-type: text/html; charset=utf-8
date: Mon, 04 Apr 2022 13:46:41 GMT
etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
fastly-original-body-size: 105433
last-modified: Thu, 31 Mar 2022 19:49:03 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-cache: HIT, HIT
x-served-by: cache-iad-kcgs7200058-IAD, cache-fra19140-FRA

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&time=1649080002053&url=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D651962%26time%3D1649080002053%26url%3Dhttps%253A%252F%252Fwww.secureworld.io%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&time=1649080002053&url=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&time=1649080002053&url=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&liSync=true&e_ipv6=AQLm9_yorw39kQAAAX_...

0
264 B

171ms
154ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&time=1649080002053&url=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&liSync=true&e_ipv6=AQLm9_yorw39kQAAAX_00-PwmfrL8synPLCddTGUtDASYCwQaB9gWnlBGRC7nssHwVGVTZ3tFMIGNrpskH93YWQtV5Dc7A
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:40 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 068064BBC5DF400F8E860D02009C35DE Ref B: FRAEDGE0919 Ref C: 2022-04-04T13:46:41Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXb1Fu01iJEWHlrV1iEgw==
x-li-fabric: prod-ltx1

Redirect headers

date: Mon, 04 Apr 2022 13:46:40 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: D416AB4BA56A4770973179BCAA4519DA Ref B: FRAEDGE1417 Ref C: 2022-04-04T13:46:41Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&time=1649080002053&url=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&liSync=true&e_ipv6=AQLm9_yorw39kQAAAX_00-PwmfrL8synPLCddTGUtDASYCwQaB9gWnlBGRC7nssHwVGVTZ3tFMIGNrpskH93YWQtV5Dc7A
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXb1FuyNA+5GA2PMo65HQ==

GET
H2 200 cta-loaded.js Show response
www.secureworld.io/hs/cta/ctas/v2/public/cs/ 0
593 B 154ms
151ms Script
text/plain 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworld.io/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2221756&pg=5b11748c-d8d9-47fd-b704-d273971b3380&lt=1649080001778&dt=1649080001778&at=1649080002115

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
cf-cache-status: MISS
last-modified: Mon, 04 Apr 2022 13:46:41 GMT
server: cloudflare
x-hubspot-correlation-id: 48e6d2cf-e59e-4468-ba7c-0184ca62671e
x-trace: 2BDB8513FB9363F7472A4C0B2D3441978FE39781B3000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c1zBWeB0Vgq8Ll4MRb1plBczEL7Ta0uus6qmBXgaxcntG8slb3jLJZFWB3ALqagajVXORLJSZPwfTH5%2FloDAMX7nTZbupVhx4Us6f4uqmjENQVIQ0YHWqZclQKdkZPrFFf0P7S3ktBrSl2RN6queyA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6f6a7dd6dbc201df-ZRH
x-robots-tag: noindex, follow

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
170 B 166ms
157ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: c22bb70c-2ee9-454e-b088-3364d5cfa7ec
cf-ray: 6f6a7dd6fbb12325-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
last-modified: Mon, 04 Apr 2022 13:46:41 GMT
server: cloudflare
x-trace: 2B003B5C2E8E5139705DF2CF56688C969A85156C72000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
217 B 148ms
139ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: a6e07161-f21f-4eea-b990-53db115fe0f3
cf-ray: 6f6a7dd6fbb32325-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
last-modified: Mon, 04 Apr 2022 13:46:41 GMT
server: cloudflare
x-trace: 2B1B0FF98AC04F47276968B3DB2AE91CF77D1ADDF3000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 3119 309 B
471 B 134ms
120ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=1a0ac252e4958ebddf688c7617157e6cfd54bd6a

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.0af76c3310098d2f8f428367b62351b8.html?origin=https%3A%2F%2Fwww.secureworld.io

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

19d022d3f567c5ac6c99a24b948122dd3512a30b22210808c4f8d6191a7abd7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-response-time: 114
date: Mon, 04 Apr 2022 13:46:40 GMT
content-encoding: gzip
last-modified: Mon, 04 Apr 2022 13:46:41 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 3baa00ca5be97503e95fe3e6bc0815e5f7462582a51677e25df32e2896d18720
content-length: 191

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5119 0
0 44ms
43ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuI0kb2wVYa67Ce_WPXUK68p90GAfa27NpJpVltfgz8PSARzr5Fx9nZ8jI9w533p0VNc9W5fLyXSE5TjUElVYaNBdd_ey0g2gRhU4855tPRWGkgcUd3oY-HgosmHEBwp1HqXMbdLV8A17ASv8R673IcxFE_nixGqE54jHFK8bTeUeUmLSwo81742Tx4-0_PBJFO0aqtOdImhKJI8m0-T7lNHTG8MgBW4aaTupOR914CWuy6Q0dc3FpOSnk6E78waz_6dcJv2RlVDbDTSysxYfJowguk3f2Yr0MP4U1I9KxH-NCUQic&sai=AMfl-YSZV-HfSH6uDXuZfwYx-G1rzYSxFxodJj9QwDVBeV4tfqKEBA1w2tM-gv-vPjswIhGi4in8WHKmy9vdKt-pTrV04jE33LrnlK27BeGjn_YWtqRcdU7jDPnJPzRYPNMv&sig=Cg0ArKJSzMIoVbiY50LqEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 13:46:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 04 Apr 2022 13:46:41 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame 5119 19 KB
8 KB 34ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:45:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 13:45:05 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 5119 2 KB
1 KB 39ms
13ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:41:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 313
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 13:41:28 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5119 119 KB
36 KB 54ms
39ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 13:46:41 GMT

GET
H2 200 13475955726618543284
tpc.googlesyndication.com/simgad/ Frame 5119 83 KB
83 KB 40ms
15ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13475955726618543284

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

126659e00af81ed41c0e0ffc7a60c4b61add17beae4b9a4fc0c8e40350e819f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 09:50:21 GMT
x-content-type-options: nosniff
age: 359780
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84856
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 18:28:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 31 Mar 2023 09:50:21 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8AC3 0
0 43ms
42ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvCD52hU2vbZ6OwHO1PGmXpzBPJsPhBLhyKoGnspJsGQhgJcNmTFaNsksm8iqdnLhi4ZyjzjsSRUIw0nTFRiG8p-mZr1Jkw4OlJnWP-qUJCnkGGmZTxba9j576DBFqDpoKeQxEQkKiD54hx0cBPBaAd9RJK0mpX-ypAp5wMbd9zk--Y58_UF5HCCIYOoO5mfO0W4RYYAbhE4dwfekpcciInCq9r-O7wXMqEBhz2ha6X49xu_L7AjfJw-OEOYwn6cpOc3rR2H8bmovZjh_MwyM8hvPYihTNUuCkYHuvu1Mq-REGbLkw&sai=AMfl-YR9N_NvWnOXUpCdYaYj_J-8vDoqzFG7jXdzHyx1VfLSLYM2cgRf23oopEULLSaA46BNdGdQH16amqCQP6uWGOGIBo55aQgEkotZHWfrBhhKay6RMWmNG-Fe6nyZDNDP&sig=Cg0ArKJSzL__Pnn4JNitEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 13:46:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 04 Apr 2022 13:46:41 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame 8AC3 19 KB
8 KB 28ms
9ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:45:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 13:45:05 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 8AC3 2 KB
1 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:41:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 313
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 13:41:28 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8AC3 119 KB
36 KB 43ms
34ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 13:46:41 GMT

GET
H2 200 17696178763616280230
tpc.googlesyndication.com/simgad/ Frame 8AC3 100 KB
100 KB 42ms
23ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17696178763616280230

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

313753b65247e9fa9ef1facd3da08a29a2476161948a7e4b58e2878717ed7bea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 10:47:39 GMT
x-content-type-options: nosniff
age: 356342
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102071
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 00:00:31 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 31 Mar 2023 10:47:39 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D84B 0
0 44ms
44ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsslI8iuk7UM3mMqFQAC5xFC5y0lH60vOe07dN4BR1j0HDftR25IxO8nZgFrvALzK5MJwmeSVD7RsRu2ajJviBrCWoOZR8G4LSkW3ISoFOKgNxz_hGxmYlj6eNSTv_BBembFGmQmU36bWb8CRHwsDSXLADmZbUwQEQ8t0gakOYhpZGu4-QjEnO76_rXgKe6nFbUBdwap9vcIT1N5xOTUKy7Xq_FVD9wUxT4uv9_Fi_OX8ROb31aIZk0sa8ewnxEuiTK6x6XWWHxyla2kvQBfvwjw41R_rU7CwIkEDQC4Ggl2yt3G_hbsiHD5&sai=AMfl-YShcsbFPeGRTP5XmJEpjY5xWRc9LQPrnqG_yQ007ro-nS1QqXbXT8Kl1kjs-UeyslPnQBvJoIcM3EDcSssm-QC5rkmg7UH4fTg3VTy1ny4JTQ1NsB5H1gZw1V4nZC11&sig=Cg0ArKJSzP1IslGT5iyeEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 13:46:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 04 Apr 2022 13:46:41 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame D84B 19 KB
8 KB 22ms
9ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:45:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 13:45:05 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame D84B 2 KB
1 KB 24ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:41:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 313
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 13:41:28 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D84B 119 KB
36 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 13:46:41 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame D84B 0
0 37ms
14ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaReYqmVwP3M7KNQCeKr9HBubpKi_fKD7GEjVFMqmdTkGO8GZ9isplWHP9eiZ8qfLDFHEMPfHsNgrhkL7qVAha4Di5evww
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 7547372393489446814
tpc.googlesyndication.com/simgad/ Frame D84B 59 KB
59 KB 25ms
8ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7547372393489446814

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b4da922c394b0d45c6509a427b61234244dbdacb83a9c05b450b6bc180512d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 10:47:39 GMT
x-content-type-options: nosniff
age: 356342
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60185
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 18:35:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 31 Mar 2023 10:47:39 GMT

GET
H2 200 layers.fa6cd1947ce26e890d3d.js Show response
s7.addthis.com/static/ 263 KB
76 KB 10ms
8ms Script
application/javascript 23.210.252.167
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.252.167 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-252-167.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-41cf5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Mon, 04 Apr 2022 13:46:41 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77617

GET
H2 200 2221756.js Show response
js.hs-analytics.net/analytics/1649079900000/ 62 KB
20 KB 186ms
146ms Script
text/javascript 2606:4700::6811:46b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1649079900000/2221756.js
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/hs/scriptloader/2221756.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:46b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80625c128d312a0eb71e8a1c3352ac0c89001b16bbca6f33420e108fe5c9e159

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 8554PBB16ABAV8YA
x-amz-server-side-encryption: AES256
cf-ray: 6f6a7dd7fae601db-ZRH
x-amz-id-2: jsUMaPnSbVr1pO+iKTK0wHtA+y+QQVx8kdKQoECgRoMi4NVzuP46/66uCjq1dOSfDMX9IZlfbsk=
last-modified: Thu, 24 Feb 2022 12:07:27 GMT
server: cloudflare
etag: W/"4f897e7076a09f4a7b1b98cd987c5b84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Mon, 04 Apr 2022 13:51:41 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 534 KB
87 KB 126ms
68ms Script
application/javascript 2606:4700::6811:e8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/hs/scriptloader/2221756.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 947d6c755989ac2b8e761deb8f7c3d38c30f9e01ce86b4ce1c8f3a2e1d1e5221

Request headers

Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
via: 1.1 68261aebcfc232344da2ef3bf1d3f9ea.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 5523
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1080/bundle/main/lead-flows-release.js&cfRay=6f69f702680d0215-IAD
x-cache: Hit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 6f6a7dd8287ecc3e-ZRH
last-modified: Tue, 01 Mar 2022 09:57:40 UTC
server: cloudflare
etag: W/"57a8210ba9519a68ae76dcc1857db0f9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: qE7M39zrJ2dCa.o34UdW.NnTPVZDG9U3
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-P1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: dtxaHTBaofmKUTA73H7e71QXOz7zXhQ-13hf75yDPYBz_OW-XhU3kQ==
x-hs-target-asset: lead-flows-js/static-1.1080/bundle/main/lead-flows-release.js

GET
H2 200 2221756.js Show response
js.hs-banner.com/ 61 KB
16 KB 476ms
438ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/2221756.js
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/hs/scriptloader/2221756.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c18c4eca83862c6304228d9a845cf6284ec88d014e1e36bceba70f68ea31e6c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: KR2JPHDFHPDRT9EN
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: gjWNBA1Yq65jbjRXoJCz3jWMzMzaJ9ltkExt9NGrUpjQwQq32nA1ztftZ0ZbnSXwm0ck0WPueho=
timing-allow-origin: *
last-modified: Thu, 17 Feb 2022 20:45:46 GMT
server: cloudflare
etag: W/"fa9eb7371f29edee118ea526020c0ced"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: bQw7jMUEpqDb7QQ_4TrxDAF_3YdZ5z97
access-control-allow-origin: https://www.secureworld.io
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 6f6a7dd7ff7d0219-ZRH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Mon, 04 Apr 2022 13:51:41 GMT

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 1008 B
637 B 32ms
15ms Script
text/javascript 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

85bf5951f851aeff5e594f28e51ce06091769ab189d90804a037b7eb3d95c2da

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 616
x-xss-protection: 1; mode=block
expires: Mon, 04 Apr 2022 13:46:41 GMT

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/349336/ 147 B
323 B 93ms
33ms XHR
application/json 34.250.211.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/349336/visit-data?sv=5
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.681b17e679ac939c3f40.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.211.64 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-211-64.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: f1328936bb058f2305664a8507a0be9b5cf477e10edef84ecfaabaf315e3e24c

Request headers

Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5119 0
0 56ms
42ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvf1HW84iMhBM_35AsfvhFdOKnFnGQBuwNzLKywR7TM9ZUjLh63IkQUd2f82aZOT8b0lyyBDsNCijV9bhsw6ESBsAJP6SPUgyj8EyRJT_eZA0qS_gk2ELzdVMdKddLfa9rgWQr9MGhpD6Sza6glOTIeCRLEtwfC902cV709m9eJRApVMWDz-7y6wtKhR3Hzf1u4r4z8CrZC68in3_zdMfEl25xJ72BqL6eVG-llqk7rZNjasFihiJlHsVmO4CPLlwPfoluqPt6nzA4Ow7eWj0p3oMgWn_W2oVncDc-mOhVmvYux0QdqSA&sai=AMfl-YTiqyDEqIeoYODb3dTwQAZZ12JE6WGxd-ULkrRz_8-uF6siP0k8Nj_7IVntKgI1ipk3ItkpZoThtQU7lwRZSPF67o7dk2J__uO5Teei67UdvZua-DB2TZDvr4UDENPw&sig=Cg0ArKJSzCdZMC3ykpe1EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 13:46:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 04 Apr 2022 13:46:41 GMT

GET
DATA 200
OK truncated
/ Frame 5119 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29c90ef21b40f47c18d88007529dcb496e5c378ece2a01f1b86402d6f7cd09df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8AC3 0
0 42ms
41ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYJ5JV1B05lM1YMim4ovaZQvcKodpkr32O6z53IpDTmY29gb5GgjJTnLTzb9SoDMWb_pXOEIrF4ozFBbcQLzpml0sTbTbNzaokZLcM1dUI4OIFVg-8CnrpuobNo_em5HUMzWML679mOtefbCGquSOrZihi0ujW24St31K_n7BBUC76fWB1dbCv1VFCdeubu4iIcFA9WaVGvN1j3TC5tadJDi7UqLxgHYkoaWl70jzmrtjYsdwArFDmKeP-wt3NQP3vzrotv3dn1nGurP3PjyMOOqxcrpw2z9NO4mTC-WjLEw7WckSiMA&sai=AMfl-YQkHWYMIFh7Ij61NOrAkh9h0i9ZYwp-zNnfsShN--Tq5iflHdzMMtF1PB9rcBH_Dlvz9GW7BjR5SgNzY4Ubn5JEJWlORQ8gtbTbh-iWIZRnag0F4CsHYL2h3aC7-brn&sig=Cg0ArKJSzGif6OWi9Du5EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 13:46:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 04 Apr 2022 13:46:41 GMT

GET
DATA 200
OK truncated
/ Frame 8AC3 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 424761cf68aa66f80c4f425ac848c40249d5f24a43bf9069da9dbe152e5d727d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D84B 0
0 42ms
41ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvncmQ7pEqxfWiVg-jYjAf0TyAachpsHeU1Lu208tTpBgvcblKiytnzNP9UmYU94ccvyKvKYQ4la3fA0pVLAUVcNzhkX5lSP3Qif1fnQytnnhZR81CGCzIOgsb7gLybN_-tWE5GceyBzvvtAK2AX4CWSVVv1p90YaoFOlssC3PLfq-vShNPG0JgDjZRtn4wtG5Di5kPalbl7dAReZrTrsW38k9JgoXAsEsNIuaQ-XBDwWTnBvbyXNKIC1HRh_karLb4qkHUJwRLyBcx13sQSalrnPeJOZUVPlxLaut_pAPjjhFlWpV_3V2nbF4&sai=AMfl-YS91rZkmVrO6GZPQHdeg2A59aYoWu2coUQ6PaRHB51Fj_YTYrXXFhbRWcCe7SXe8rDbR-ENoeKWA0ZQHlmNNaif1isM7Vn7C4ByN1BUteKyOaSAlnOoTuZLl1vGQWkP&sig=Cg0ArKJSzPXvMcbuBqK_EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 13:46:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 04 Apr 2022 13:46:41 GMT

GET
DATA 200
OK truncated
/ Frame D84B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dad5bc2e789d846a104ec4978a87298447a18b5f6edba715d3e0393023c469de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 443 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 secureworld-logo-2.png
cdn2.hubspot.net/hubfs/2221756/ 6 KB
0 40ms
40ms Image
image/webp 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/hs-fs/hub/2221756/hub_generated/template_assets/4263571273/1643491873967/Coded_files/Custom/page/Secureworld_2016/Sw-2016.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fefd42eac633ab3b423116e1c31f64782101833a9408db570fabdd9a3ca64d1

Request headers

Referer

Response headers

x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 d7147e532e5cf73689fcb39fa760bcf2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4248998301,P-2221756,FLS-ALL
age: 104463
cf-polished: origFmt=png, origSize=8991
edge-cache-tag: F-4248998301,P-2221756,FLS-ALL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLjjwUfc8foZc53GVDLgjLlwpOjiZxmTGyR9efVzBEVGOh%2BVyDDZtriaWJ%2F2si7CCD6K3fkBFip6s%2B6vdKHqhZ5Sx3qjChSbjZi2j3GD63JZauD5TFGp%2BUVgiXnLBWFht2JFGWUqzvt3a5H5mIk%3D"}],"group":"cf-nel","max_age":604800}
content-length: 5778
content-disposition: inline; filename="secureworld-logo-2.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: 8CK1BTCKV730VTRT
x-amz-id-2: KQ4NQ6hOFRaXKSW7QXjAun1kGkBnz3q5pkiGAmUVsFUgKik3QUv7zxer41CtFnF0hF4l738fw7I=
x-cache: RefreshHit from cloudfront
last-modified: Sun, 08 Oct 2017 23:00:00 GMT
server: cloudflare
etag: "a2bea9973108d135d0e2ed91ee7a4863"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 8C7sadi_1ki1QqvhHVTxlDSccXzvI9qc
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
cf-ray: 6f6a7dd3d9e82397-ZRH
x-amz-cf-id: GZuZt4fI88GFflYGbJcMQCPRzWcEOf80mT46baQT4Pc5YMJ0aygUlA==
cf-bgj: imgq:85,h2pri

GET
H2 200 secureworld-logo-2.png
cdn2.hubspot.net/hubfs/2221756/ 6 KB
0 40ms
40ms Image
image/webp 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/hs-fs/hub/2221756/hub_generated/template_assets/4263571273/1643491873967/Coded_files/Custom/page/Secureworld_2016/Sw-2016.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fefd42eac633ab3b423116e1c31f64782101833a9408db570fabdd9a3ca64d1

Request headers

Referer

Response headers

x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 04 Apr 2022 13:46:40 GMT
via: 1.1 d7147e532e5cf73689fcb39fa760bcf2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4248998301,P-2221756,FLS-ALL
age: 104463
cf-polished: origFmt=png, origSize=8991
edge-cache-tag: F-4248998301,P-2221756,FLS-ALL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLjjwUfc8foZc53GVDLgjLlwpOjiZxmTGyR9efVzBEVGOh%2BVyDDZtriaWJ%2F2si7CCD6K3fkBFip6s%2B6vdKHqhZ5Sx3qjChSbjZi2j3GD63JZauD5TFGp%2BUVgiXnLBWFht2JFGWUqzvt3a5H5mIk%3D"}],"group":"cf-nel","max_age":604800}
content-length: 5778
content-disposition: inline; filename="secureworld-logo-2.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: 8CK1BTCKV730VTRT
x-amz-id-2: KQ4NQ6hOFRaXKSW7QXjAun1kGkBnz3q5pkiGAmUVsFUgKik3QUv7zxer41CtFnF0hF4l738fw7I=
x-cache: RefreshHit from cloudfront
last-modified: Sun, 08 Oct 2017 23:00:00 GMT
server: cloudflare
etag: "a2bea9973108d135d0e2ed91ee7a4863"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 8C7sadi_1ki1QqvhHVTxlDSccXzvI9qc
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
cf-ray: 6f6a7dd3d9e82397-ZRH
x-amz-cf-id: GZuZt4fI88GFflYGbJcMQCPRzWcEOf80mT46baQT4Pc5YMJ0aygUlA==
cf-bgj: imgq:85,h2pri

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ 362 KB
144 KB 32ms
10ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Origin: https://www.secureworld.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:43:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 13:43:23 GMT

GET
H3 200 anchor Show response
www.google.com/recaptcha/enterprise/ Frame B5D6 42 KB
22 KB 26ms
25ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGQuaW86NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=invisible&badge=inline&cb=q2r62yu1u6br

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

dbdf7c1e6af28dec0c569fc697026ab02f4c6b38f975e0d4c0d129eee3266019

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5QxO/J6giSTI1l70q1hj6w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22455
content-security-policy: script-src 'report-sample' 'nonce-5QxO/J6giSTI1l70q1hj6w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 13:46:41 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
479 B 181ms
154ms Image
image/gif 2606:4700::6810:5505
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=2221756

Requested by

Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5505 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: 3f23e204-082d-4b66-8e4b-afa73182e08b
cf-ray: 6f6a7dd9c87001f8-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
last-modified: Mon, 04 Apr 2022 13:46:41 GMT
server: cloudflare
x-trace: 2BC480689B72A6701863531776F70DA637ED1221AE000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame B5D6 51 KB
24 KB 22ms
6ms Stylesheet
text/css 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGQuaW86NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=invisible&badge=inline&cb=q2r62yu1u6br

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:43:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 210
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 13:43:11 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame B5D6 362 KB
143 KB 24ms
9ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:43:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 13:43:23 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame B5D6 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 19:40:09 GMT
x-content-type-options: nosniff
age: 324392
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 07 Apr 2022 19:40:09 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B5D6 15 KB
16 KB 30ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 17:06:41 GMT
x-content-type-options: nosniff
age: 506400
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 29 Mar 2023 17:06:41 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B5D6 15 KB
15 KB 31ms
10ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 14:17:54 GMT
x-content-type-options: nosniff
age: 516527
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 29 Mar 2023 14:17:54 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/enterprise/ Frame B5D6 102 B
134 B 18ms
18ms Other
text/javascript 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/webworker.js?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

51540e98209e949f0a7f01c1332f6bf5dfe526adeaabe2705f42184d721f90b1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGQuaW86NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=invisible&badge=inline&cb=q2r62yu1u6br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Mon, 04 Apr 2022 13:46:41 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/enterprise/ Frame 8D52 7 KB
1 KB 24ms
24ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0ae11f2fcf242f32c48d2620351998c6909dd07fdedb8c02f5e29a5db606178f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Tix2R7AFNg6rmJd1DZHgsg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1113
content-security-policy: script-src 'report-sample' 'nonce-Tix2R7AFNg6rmJd1DZHgsg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 13:46:41 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame 8D52 51 KB
24 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:43:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 210
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 13:43:11 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame 8D52 362 KB
143 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:43:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 13:43:23 GMT

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 161ms
133ms Preflight
application/octet-stream 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.secureworld.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.secureworld.io
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 6f6a7ddc19a101f0-ZRH
content-length: 0
content-type: application/octet-stream
date: Mon, 04 Apr 2022 13:46:42 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
timing-allow-origin: *

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 42ms
21ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022032106&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09b06a4576842bd36cd34ba3b2662e6096c3236c100c1761b94b7fc2937865bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10599
x-xss-protection: 0

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
444 B 163ms
163ms Image
image/gif 2606:4700::6810:5505
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5505 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:42 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: c358b4ce-56dc-41f9-b650-aa16eb5ff8de
cf-ray: 6f6a7ddbfbae01f8-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
last-modified: Mon, 04 Apr 2022 13:46:42 GMT
server: cloudflare
x-trace: 2BB3DE9150F58AEA8927655AC3EFFB506660F5A844000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
360 B 150ms
143ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%225b11748c-d8d9-47fd-b704-d273971b3380%22%2C%223421d639-a5fd-4eaf-9f96-d0a7d7573a86%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1890393834&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1649080002913&vi=297cdb4fd48dc20672cb5cf6aedfbae3&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:42 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 90069f3c-d4cd-47dc-9b7f-d104f53430c6
cf-ray: 6f6a7ddbfc1101df-ZRH
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v51Rr88oIH8%2FsqfFqlxxPZ0im0%2FE6PJnD2OPko9Nl8RQAbUMYoY%2BerBDzJTpnD0LuSDPRkyBBNjLHiY6QB3HbF7%2BBUTcbORv4mI8FTWwRuZGtDvKpf9xbv%2Fxso4vqecxXWheLZgO3pVVz80te8LP"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
554 B 152ms
145ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=de00eec1-d1e4-4ed7-92a5-513850f7168f&fci=3747038b-30e2-40cc-b031-75b6c74f2fac&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1890393834&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1649080002917&vi=297cdb4fd48dc20672cb5cf6aedfbae3&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:42 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 5dc842e0-85bf-409e-b947-7bb49bff3c63
cf-ray: 6f6a7ddbfc1201df-ZRH
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=csxVib21naHk%2BFKOinLYUe6OF5vA7AFqgT0r3zemQzB%2BhlhW6hVL6PrsCfDfw8iLRE%2BRQU%2BTuzw36z1RNwISojezv7hV9zd0edVtdcNTBKAcqmNhxrSOjy7xlmQX9QudcV9PDK1qtCcHxdYJ5d5m"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
391 B 153ms
147ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=f9c697eb-4f35-4c94-a6fd-0f0abceafced&fci=bf4212ad-6a95-4db1-815c-93909f1992d9&ft=4&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1890393834&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1649080002921&vi=297cdb4fd48dc20672cb5cf6aedfbae3&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:42 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 4340a683-16ab-4a16-9acd-cb5fd596c6c5
cf-ray: 6f6a7ddbfc0f01df-ZRH
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gZU14EXK6PbLP8JJng7n1994VzXqciSxKhQHCjVohvPyuOzIlNb%2FPRnr4LhGu%2Bns5d9OBQ8QsSikz308g5irepA2ELRbC6WVbg54LaHvu6jVOCyL96QNKeKtXe3r%2Fen%2BSLR33XXbS45XnUOsj42U"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
463 B 144ms
138ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1890393834&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1649080002922&vi=297cdb4fd48dc20672cb5cf6aedfbae3&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:42 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 1921bb77-16e0-4bb1-94a4-7a8116fd7996
cf-ray: 6f6a7ddbfc0d01df-ZRH
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mqCAltM1bcTsqg%2BFjXuLFfLTk3RXk6bciEMpL5Qt7vKj71AYWL7BBZrOR6Oyd48F9A9TYJpQ9GoagWc0YDSPSZYZU83PcUVcsUhQb58Z6%2F1yQUU%2FUaIgwySgIoI97rZdI%2FrbFnQdJceWW%2FDWFnBk"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
137 B 414ms
413ms XHR
text/plain 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/2221756.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 13:46:42 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: 45e6ce59-8aa7-4b30-b4a9-6be3be84a11a
x-trace: 2B4AB8A36FD9D1A1B85CD90C33195BBE1B949A2A2D000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.secureworld.io
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 6f6a7ddcfaeb01f0-ZRH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id

POST
H3 200 reload Show response
www.google.com/recaptcha/enterprise/ Frame 8D52 40 KB
24 KB 61ms
60ms XHR
application/json 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1748d82b1d5e2bd32219b41bf4f77f6a5e7bf17b5a497185cffa1c5fe6b26dc5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24768
x-xss-protection: 1; mode=block
expires: Mon, 04 Apr 2022 13:46:41 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js?cb=31066031

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 13:46:41 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 73ED 13 KB
5 KB 8ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 606
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 13:36:35 GMT
expires: Tue, 04 Apr 2023 13:36:35 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C4FF 783 B
536 B 17ms
16ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7998f37d4e52cf8a04915e57020616b1e503fc4beaf7eeccba32578b3fd8aa95

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-J64O0RTrCSF+KSRmPGXtZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-J64O0RTrCSF+KSRmPGXtZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 13:46:41 GMT
expires: Mon, 04 Apr 2022 13:46:41 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame 8D52 600 B
624 B 9ms
7ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/refresh_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 09:45:36 GMT
x-content-type-options: nosniff
age: 446466
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 600
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Wed, 06 Apr 2022 09:45:36 GMT

GET
H3 200 audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame 8D52 530 B
554 B 9ms
7ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/audio_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 21:24:06 GMT
x-content-type-options: nosniff
age: 577356
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 530
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Mon, 04 Apr 2022 21:24:06 GMT

GET
H3 200 info_2x.png
www.gstatic.com/recaptcha/api2/ Frame 8D52 665 B
689 B 10ms
8ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/info_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 18:17:53 GMT
x-content-type-options: nosniff
age: 415729
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 665
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Wed, 06 Apr 2022 18:17:53 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8D52 15 KB
15 KB 23ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 17:06:41 GMT
x-content-type-options: nosniff
age: 506401
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 29 Mar 2023 17:06:41 GMT

GET
H3 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8D52 15 KB
15 KB 29ms
13ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 21:19:14 GMT
x-content-type-options: nosniff
age: 577648
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15340
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 28 Mar 2023 21:19:14 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8D52 15 KB
15 KB 25ms
9ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 14:17:54 GMT
x-content-type-options: nosniff
age: 516528
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 29 Mar 2023 14:17:54 GMT

GET
H3 200 payload
www.google.com/recaptcha/enterprise/ Frame 8D52 35 KB
35 KB 17ms
16ms Image
image/jpeg 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/recaptcha/enterprise/payload?p=06AGdBq25-tV9QfkuIqM2Fzr_u517Bq_JXLNySfAbiLskyjH0H479b_MzAN7KBAfleDUQRuSsBxZUYn2EpSB-cWYiWigLf0OMVhgORQp0gagBaQ1b5CRrK_FRLfovPpUvFuTSGAFU7hBoX6TtP_JoOLxrTKjOxtISQh4egn1wq05E4v1wodEVy171udGms2eu8Zv93Ljg5Kiv8nsYOvRosr6qUSFskWy75YavwNpyVvtMB1eGtGhpN2cU&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7009db8dd3d4039f118e3625ea328a9b11ccfbbf51eda4f16f75764ac904f378

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:42 GMT
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=30
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36198
x-xss-protection: 1; mode=block
expires: Mon, 04 Apr 2022 13:46:42 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C4FF 0
0 75ms
60ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022032106&jk=1649441203212596&rc=05AOMX25kgRYyVxCrZc8A6PIk_7RV_LWG1IqOtDeUC3DMy2A0UqoBKn33YoCddBZeWL9ST_HLwNuYEui0pIMkG2veIQo8QDvd8eMtenL7aDS9ut_ZVGn1d0aJI0wTEtVSokACbLGrpBmiuNnQDnFPKoznmmWXN2yke5jwWixuCUcNKY-sKkFPaBA6e7tMom_r4tri7k7dMSbQDrq4p
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 73ED 35 KB
13 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 10:24:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12145
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 10:24:17 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 73ED 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?1fy-_g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:46:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D84B 42 B
64 B 56ms
40ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvaNkO1gYDNMtYEeImoo_Ffh0JluiZmGcVItv31uv1cEPdb9pbdNekP1Oa3kZ-G3FMyVijsH7B19xM2bgXjbjG-YP4QVgqYICyQRCUnWk5ON4I4MRcT&sig=Cg0ArKJSzIRAasbyvxcrEAE&id=lidar2&mcvt=1000&p=115,315,205,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220330&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=2061276719&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649080002172&rpt=228&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 13:46:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5119 42 B
64 B 55ms
40ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstfo8UfAgkgZn5wa9Hrcn04-4z19aMz-rz8yznKzR3eKXulXORvhyYe2Ixel0VBMc-OUDxKelcl_IZ_OPeXiXoffUfm1KrrAiAjTWJwKmkexeUqmRUh&sig=Cg0ArKJSzHhQUv8OJv8WEAE&id=lidar2&mcvt=1003&p=647,1044,897,1344&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20220330&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=615754453&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649080002156&rpt=204&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 13:46:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022032106&jk=1649441203212596&bg=!AwClAETNAAZku-1yRLs7ACkAdvg8WvEwuEKdaTkB6dJynerxCNIpPT9nR16RbjKsUFs1ekKGmWvefAIAAABLUgAAAARoAQcKAFAYVP3DdwGzEdPVi3HALRGGuw_a6RwOOT1zyv2bIvy8Egfg_WsbD9MZkN2fmXj8uUKoFwxyN-wSmtV4l0-cqhieIY6EFsUKNxz3NW9nst2Yw5kC52UF0D1T3iidAlH0gho-l09DopV4zmVe9pCsxm4GlV8x98Uz8qAZRG2qkEgUuQMCasfRxEtzARlOWmNBO3LkiZGDkfpxq5PJK33Kf6jXxB8-u_eNJOGH-R84FnvK_JY2o-EnPRTs1bhpurZNSnlLPwwB3BgpuHkSeWDTJj4jmjcbCV1ATjgMTFZXukxLffwS_3IMnBeJw8GXNN6CRCIH9bKbG0Ne6TkhujXSM6trvXdVAmLISQKXbm6g8JXLcUORbadST5ueiHk1srpJbyJ-A8ZsteIIc021vRdCYsgoi8kfEdaaBjQ1sm2sftfu0Wy0faBImHjZRi2SxqYtU1cXA0cBN5qC0GYVyTGqHgWoJdo5f3cMSj3vubzSVJQkwWH5U9mE4aJcI8kEsmF99x7QNb8Y3SNC4ehSJO8_8lVH6BJlyVlMeI0DL7qKByl_Xi0SnBi7B1nuM_4YdWVJ1SU9tnYZuM3aSxnbveMNU-aeTvqtGmzOcpxdbDf48ppLbgZJk_sQIr13de9WwAIXzOuJK8Pf4elt9uSmX9413YSKRWBft_-wR3qzG2UxeCoawxrNf9P4cIt6BUz139wg5L8pvcXpW6VJSLwevZ8J3t5_SXh2L_PprlNyg80V7LBgHXxddlacBgqbW8iJcLruyRvxJNspAIUFp_HmjpOWmuYwckDhqOBcaSnWjTLNNCqQzL5fMHZR-dwmFm_C5KTbH8mbRzgzRCDHlAqPzB6yT1NJG9wlR4QpnLCAnaJNG88jkYbz3bCRwMTWSc2WDxfcZb6KvYWoyYqFMMZ633LLOfiP3qWlEggQLPsnqc6XRLzPhYcrC_8mGkMu-dOcz7SwqkCAeOc6rFbz7KOM-kK9um6jV5SgFDYixTvmtj-G7VeOSowWlx9748yb9NIGWvJbrA6nRyedkhBhhXpaWgmZBZMWWfZ07NoEsd03PUxfu4GsJnaZbW1BNOa3yZrKso2OFDGZoP193Q8DG6Zf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 13:46:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 perf Show response
www.secureworld.io/_hcms/ 2 B
487 B 157ms
156ms XHR
text/plain 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.secureworld.io/_hcms/perf
Requested by: Host: www.secureworld.io
URL: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.secureworld.io/industry-news/how-ryuk-ransomware-works
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-type: application/json

Response headers

cf-ray: 6f6a7dee8d4701df-ZRH
date: Mon, 04 Apr 2022 13:46:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: f78d9aa4-f362-4e4c-93a3-caadcf22a41a
x-trace: 2BD0695941753C45A1F4C3E80758D31F44B71790AC000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3bwcQGRiwivFAbznWo7oC2WoO1Fo%2BdEnlPNNXIrLOQu8IQ3gor5QzAoUAT9%2FFQw%2FMSHJ8lybO1io%2BrCA2v6i72Ts9G9Zz%2BAdJx%2B7Md6PtzXTqIY%2BtBp0JzCSDKd6YPclXNF1u4xysy9Ci7G69L0%2B%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-credentials: false
x-robots-tag: none
content-length: 2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

162 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 06:23:52	Name: _GRECAPTCHA Value: 09AOMX25mSkA3Qm8pSWjK_oxiFM4SaBAxv2uH1yjljb5BjEwbH0_KUzVPYCqRq10NqY5K5RNXhQIoii-QRejXZTf4
.www.secureworldexpo.com/	1969-12-31 23:59:59	Name: __cfruid Value: d9bab4d8e4c5af59488dca580ca3f2fc3ac258ef-1649079998
.www.secureworld.io/	1969-12-31 23:59:59	Name: __cfruid Value: 279beb42f9883f5ae2e4f94e4112631a8cf6d225-1649080000
.hubspot.com/	1970-01-20 02:04:41	Name: __cf_bm Value: sMmGCewW8_PO09jrd2N.qhus6XxhCrQxtf4fBJkwBvY-1649080000-0-AeHLIaEJKxDfPwsErlJZWGQ8j18XLoBki/bMClM7AYbSf4LK3FKgN+z/xfYBzUFd+BFzNOYm/bH9X3OVRA38OJU=
.secureworld.io/	1970-01-20 19:35:52	Name: _ga_8NF3Q53WEX Value: GS1.1.1649080001.1.0.1649080001.0
.secureworld.io/	1970-01-20 19:35:52	Name: _ga Value: GA1.1.2080035738.1649080002
www.secureworld.io/	1970-01-20 11:33:28	Name: __atuvc Value: 1%7C14
www.secureworld.io/	1970-01-20 02:04:41	Name: __atuvs Value: 624af6c13b082395000
.addthis.com/	1970-01-20 11:33:28	Name: uvc Value: 1%7C14
.secureworld.io/	1970-01-20 11:26:16	Name: __gads Value: ID=89daf02b114ef8a9-22ba8f4c6dcd0055:T=1649080001:S=ALNI_MbvuCow_Kqf_A_dTuV0JqZ9CzsRFA
.doubleclick.net/	1970-01-20 11:26:16	Name: IDE Value: AHWqTUkzvsARi6NdCxtfO1v6iAGe3rR7ZyBsw9WVSRfTHYK-9y2MMbp76fvhDioCl98
.linkedin.com/	1970-01-20 02:47:52	Name: UserMatchHistory Value: AQLxPCMaHE6gdgAAAX_00-Jn3AFW5Rru11ztXPSpYI3eqFQRIM8zb8Z_pwBEb6xVCUzOfjFC9Nr1Ww
.linkedin.com/	1970-01-20 02:47:52	Name: AnalyticsSyncHistory Value: AQLiuFS8llt9CwAAAX_00-Jnx256lG7A33vmWLHN3HpOrG2isRPxhKR5kiLbcXS3HYbfvDD6oSD2P20RTbMpOg
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:36:33	Name: bcookie Value: "v=2&3574e901-dc23-42bb-8269-558ae797fdcb"
.linkedin.com/	1970-01-20 02:06:06	Name: lidc Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2275:u=1:x=1:i=1649080001:t=1649166401:v=2:sig=AQFRErBOdn937LwG75fULp4ehii0H2Ql"
.addthis.com/	1970-01-20 11:33:28	Name: loc Value: MDAwMDBFVURFU0wyMjkyMTg2MTAwMzAwMDBDSA==
.secureworld.io/	1970-01-20 10:50:16	Name: _hjSessionUser_349336 Value: eyJpZCI6IjZkMDE3ZTdiLTE2OTAtNTg3OC05ZDg5LTZhMjQxNTdlNTkyOSIsImNyZWF0ZWQiOjE2NDkwODAwMDIwNDUsImV4aXN0aW5nIjpmYWxzZX0=
.secureworld.io/	1970-01-20 02:04:41	Name: _hjFirstSeen Value: 1
www.secureworld.io/	1970-01-20 02:04:40	Name: _hjIncludedInPageviewSample Value: 1
.secureworld.io/	1970-01-20 02:04:41	Name: _hjSession_349336 Value: eyJpZCI6IjkzN2RiMDc4LWVkMTItNDQyNS1hOWZmLTc3NTg3YTU0ZTNmOSIsImNyZWF0ZWQiOjE2NDkwODAwMDIyOTEsImluU2FtcGxlIjp0cnVlfQ==
.secureworld.io/	1970-01-20 02:04:41	Name: _hjAbsoluteSessionInProgress Value: 0
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 19:36:33	Name: bscookie Value: "v=1&202204041346413f977568-bdea-4ba8-8caa-3263d3f8c13aAQFOhiNM5LbgfzVWLE8lX3TClWQ7APjQ"
.linkedin.com/	1970-01-20 19:26:07	Name: li_gc Value: MTswOzE2NDkwODAwMDE7MjswMjGY4gYojW0P9ZF8u9k+erBxNCUWBIIlk/449iLMa0jxdQ==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

309ab07c9e8b47bab20db4a568d65e05.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
api-na1.hubapi.com
app.hubspot.com
cdn.jsdelivr.net
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
fonts.gstatic.com
forms.hsforms.com
in.hotjar.com
js.hs-analytics.net
js.hs-banner.com
js.hsforms.net
js.hsleadflows.net
m.addthis.com
no-cache.hubspot.com
p.typekit.net
pagead2.googlesyndication.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
s7.addthis.com
script.hotjar.com
securepubads.g.doubleclick.net
snap.licdn.com
static.hotjar.com
syndication.twitter.com
tpc.googlesyndication.com
track.hubspot.com
unpkg.com
use.typekit.net
v1.addthisedge.com
vars.hotjar.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.secureworld.io
www.secureworldexpo.com
z.moatads.com
s7.addthis.com
104.102.30.13
104.244.42.8
108.157.4.53
13.107.42.14
142.250.185.130
151.101.12.157
23.210.252.167
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2c40::c73c:671e
2606:4700::6810:5505
2606:4700::6810:5605
2606:4700::6810:5814
2606:4700::6810:7daf
2606:4700::6811:180e
2606:4700::6811:46b0
2606:4700::6811:b649
2606:4700::6811:cccc
2606:4700::6811:e8cc
2606:4700::6811:f2cc
2606:4700::6812:14bf
2606:4700::6813:9a53
2620:1ec:21::14
2a00:1450:4001:803::2003
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2001
2a00:1450:4001:813::2002
2a00:1450:4001:813::2008
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2003
2a00:1450:4001:830::200e
2a00:1450:4001:831::2001
2a02:26f0:ef::5c7b:c24c
2a02:26f0:ef::5c7b:c25a
2a02:26f0:f7::5c7b:e031
2a03:2880:f02d:12:face:b00c:0:3
34.250.211.64
65.9.66.112
99.86.7.26
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
09b06a4576842bd36cd34ba3b2662e6096c3236c100c1761b94b7fc2937865bd
09ee51350e71fe859598438e1ed3f07e46dbbde689052921909644ec2bfb9de5
0ae11f2fcf242f32c48d2620351998c6909dd07fdedb8c02f5e29a5db606178f
0d9ff5c4589af053237b35540ae343de2dd4ed647dc1942f70517141a8bbdc88
105580db30d3915f2122d4e07a985c069478dd6f64e25d58ff3bf4c6ba7d9200
115f26f5a9f1904a500533c58aa7722d0eabc039975099453291210ab3e5a6b6
126659e00af81ed41c0e0ffc7a60c4b61add17beae4b9a4fc0c8e40350e819f0
1748d82b1d5e2bd32219b41bf4f77f6a5e7bf17b5a497185cffa1c5fe6b26dc5
182e51193ed33acca8a70f60a714c7d70e88111af48a17ba194b4c3d0dce8039
19d022d3f567c5ac6c99a24b948122dd3512a30b22210808c4f8d6191a7abd7e
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
25f9030845df92a93fa6f343d474aead0ea4130c7f8c5268a7e279590e3a689a
29c90ef21b40f47c18d88007529dcb496e5c378ece2a01f1b86402d6f7cd09df
2c18c4eca83862c6304228d9a845cf6284ec88d014e1e36bceba70f68ea31e6c
313753b65247e9fa9ef1facd3da08a29a2476161948a7e4b58e2878717ed7bea
32166865dd1ba15d10b2f26d7fe8de3e9e29601c1be462f81f0d546d4a3f3f5c
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
39cb73a705ae61637cf463be3bce17acc2e6294982b35c7622004e4bbc1b0f1d
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e7ae196488d11c550b2c2bdda02ab66d9b30d9ce3428175816fc7529d417b55
424761cf68aa66f80c4f425ac848c40249d5f24a43bf9069da9dbe152e5d727d
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
45d8a712ca77cd325fcaaf66940adab8fc7d87692dfab6795f4fe8af5761bbc2
4756d3dad503c26b291177aabf725d563d1e03e215025668540a6ad842ac519a
4927a4e4968dd76153fed6e03848eba2ff7dcd7faff262d8dac34b73eb07424e
4b4da922c394b0d45c6509a427b61234244dbdacb83a9c05b450b6bc180512d1
4cc6481fb0583f3d9b32262df669b6c24097720e50ab8a5fa49205eb0e02921a
4fbd9dbc01e9dc37f17ae6f6e8f5e7775fda8f38928ac549cbab33d683408a8c
51540e98209e949f0a7f01c1332f6bf5dfe526adeaabe2705f42184d721f90b1
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c
5d9bc6dec214e0ac4562af8a3854d2d46772e46e66806ab6aed8ba22d833d0dd
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
646049b438eba863e1bef299abfda2b4cc0bdcc49d62eafdb7b3d5e4d9582bbb
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6a0a6ea0682fe445d6e7906428dad8e24094336e42b49a676aed68d92678d2cc
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
7009db8dd3d4039f118e3625ea328a9b11ccfbbf51eda4f16f75764ac904f378
70d7f1b8fb5a9f0213a41d01479bce0faa7704776dcc44d909fc46753178442d
7998f37d4e52cf8a04915e57020616b1e503fc4beaf7eeccba32578b3fd8aa95
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7b795d3050e36d38585637c87f5316b96e417fc81ca757b58f9ed74a1b64f7bb
7c94b42d2caf4ed971747b48b9c65191ddfaac5d22f324f455ce4e25907d7701
7cb83b420a56223fdb308d5756d06d6112a639d9d592758a5cc82b5da81b86eb
7ed95c9b41f1db9e8124520c93bc86a196a2fc9db65a3e3bef9d8d7cd8592e7f
7fefd42eac633ab3b423116e1c31f64782101833a9408db570fabdd9a3ca64d1
80625c128d312a0eb71e8a1c3352ac0c89001b16bbca6f33420e108fe5c9e159
823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64
85bf5951f851aeff5e594f28e51ce06091769ab189d90804a037b7eb3d95c2da
87de3861c0162a770e999f14856e94174260c493cfab21e4c7778e291f91dc19
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8b699b6f863b789d0cc8321d183694e4957fe39b30f0bc2a908b5ee010716e70
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8da979458600536726a4bfca5e105c96a405e0740c16e55a7d6cc59108706417
947d6c755989ac2b8e761deb8f7c3d38c30f9e01ce86b4ce1c8f3a2e1d1e5221
9682aff0dfb2932f5273721abd9190df39eeb0f42c37a24566aa4ac5753219c1
96abf166b3cbb5f7df525d86fdeeeccea4af3c120b19bc26b0613530a94e8b44
9a3775ae1c63c14e907e4a14be330fbdb37c3cf1ea14d5d6a67e0a3c17214426
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9c9f1879ad8e12cd4336ba847b407918aaf3d8f68d47c5f2f082cea2f388623c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
bfdd4ef23d6597497f165d85bb4e78d65dffa35a7ffff0ecf78fc4288361654b
c3663d9a1293425783b78953b5163edb193cd905c8f88ef2a8976c7107e44439
c48af1698e6e13a34a137eb360a3e7d0937ba31bd0332eee8af2b2972b49dd49
c5925c2d6c0ad64e279e2f90cba407923d8f8a2dc4bea98054296f88ea829ce8
c64cb233e25429d60c4229a0da726d38e2b09f92a1f689377d1afc0048510af3
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
cb84dfde92c3f516c917d8b8a714cbedcb98908c2ca54c47f2eb27cc712ec39e
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
d096836c66515e5ce415b57c5e2f19847ff367a41033463774291867b258ab7e
d0bd99f21a10af118d49ef6d6c16d4e6312bfcbea8e236fbf6da80d1ff34029a
d0f8dc01b870f4220bb68c5ece91eb9aa5d2b459d84ae795567d9b068184bc54
d2706e604d16b9785e1a98e631df92c3402eb93e3d8160b6b0959f28d132e3ce
d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57
d6c49286d97965108861654ee7453c0cf3db248ace147eac582d7daedbcb8295
da7ae7eec9c1f857161ad9356669f90a20a3e1bd18c8124b53cc2e367e04780b
dad5bc2e789d846a104ec4978a87298447a18b5f6edba715d3e0393023c469de
dbdf7c1e6af28dec0c569fc697026ab02f4c6b38f975e0d4c0d129eee3266019
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de8ca3c27a18d05e9e1c3621e4de23ebd5f8707e9eab014b787f68f55a1677ee
dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e58eb53e696a05118ebcfb01b9573299b4387ee8448a862049cd3e4488e6dcd3
e65790874b2bb42f249449877f39ce9c29368b83c327bc59b44bd75b3d0ce7bb
e65a72075d3562884cbaf339744992a3117ae01357909e1af9e049cfdfa6c6fe
e85e480856bd1bfc6c8f2782e1cffcb33b19837fcbc24cc8b25ed969d30bbd11
ebc15a904950c146e38c4dc4d6ec124abced29407132350999086d711a543c55
ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10d6df70aeb2a13a4dbc1884367e40efee7505ca85f7e600662649de16c56c2
f1328936bb058f2305664a8507a0be9b5cf477e10edef84ecfaabaf315e3e24c
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f6eb5adb34b12fd9ea1d2b16eefaa3e190e3f33f605897860e44452e31826866
f7445bee752146ede62251d84539c0b4a466d349a1c907f7e2fc10cc6b4a5962
f82ba993ee4e81a09bef1586dfef0915c38255db1af52209e2c8b01ea78ec5ba
fa67a538daf76559529f97da796e9009a51a542f81d858f327570243b3484f82
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fd954e42c1a8c77b9044374171bd3eb07997e68da2ec2928d51a31b53f73169f

www.secureworld.io Open in urlscan Pro 2606:2c40::c73c:671e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

145 Requests

98 %HTTPS

75 %IPv6

30 Domains

47 Subdomains

40 IPs

4 Countries

3271 kBTransfer

8250 kBSize

25 Cookies

8 Outgoing links

Page URL History

Redirected requests

145 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.secureworld.io Open in urlscan Pro
2606:2c40::c73c:671e Public Scan

Screenshot
Live screenshot

Full Image

145
Requests

98 %
HTTPS

75 %
IPv6

30
Domains

47
Subdomains

40
IPs

4
Countries

3271 kB
Transfer

8250 kB
Size

25
Cookies

145 HTTP transactions
4 data transactions