urlscan.io logo urlscan.io
SecurityTrails logo

www.secureworldexpo.com Open in urlscan Pro
2606:4700::6811:85b4  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Submission: On January 28 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 34 IPs in 7 countries across 27 domains to perform 104 HTTP transactions. The main IP is 2606:4700::6811:85b4, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.secureworldexpo.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on September 17th 2019. Valid for: a year.
This is the only time www.secureworldexpo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
30 2606:4700::68... 13335 (CLOUDFLAR...)
12 92.123.215.47 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a04:4e42:1b:... 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 23.210.248.44 16625 (AKAMAI-AS)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 147.75.100.245 54825 (PACKET)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
6 216.58.208.34 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 92.123.148.225 16625 (AKAMAI-AS)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 2606:2800:234... 15133 (EDGECAST)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 147.75.32.125 54825 (PACKET)
1 2 2a05:f500:10:... 14413 (LINKEDIN)
1 1 2a05:f500:10:... 14413 (LINKEDIN)
7 2a00:1450:400... 15169 (GOOGLE)
1 147.75.102.13 54825 (PACKET)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
104 34
30    2606:4700::6811:85b4 (United States)

ASN13335 (CLOUDFLARENET, US)
www.secureworldexpo.com
12    92.123.215.47 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-215-47.deploy.static.akamaitechnologies.com
use.typekit.net
p.typekit.net
1    2a00:1450:4001:814::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a02:26f0:10c:39a::25eb (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
platform.linkedin.com
2    2606:4700::6811:f4cc (United States)

ASN13335 (CLOUDFLARENET, US)
cdn2.hubspot.net
2    2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
1    2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com
s7.addthis.com
v1.addthisedge.com
6    2606:4700::6810:fa05 (United States)

ASN13335 (CLOUDFLARENET, US)
no-cache.hubspot.com
track.hubspot.com
1    147.75.100.245 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress15
static.hotjar.com
3    2a00:1450:4001:81b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
pagead2.googlesyndication.com
1    2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
6    216.58.208.34 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra15s12-in-f2.1e100.net
securepubads.g.doubleclick.net
1    2606:4700::6811:4104 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    92.123.148.225 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-148-225.deploy.static.akamaitechnologies.com
z.moatads.com
1    2a00:1450:400c:c06::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
4    2a00:1450:4001:81b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:824::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
7    2a00:1450:4001:817::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a02:26f0:10c:39e::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
snap.licdn.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
1    2606:4700::6811:cccc (United States)

ASN13335 (CLOUDFLARENET, US)
api.hubapi.com
1    2606:4700::6811:e9cc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
1    2606:4700::6811:43b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    147.75.32.125 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress14
script.hotjar.com
2    2a05:f500:10:101::b93f:9105 (Ireland)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2a05:f500:10:101::b93f:9101 (Ireland)

ASN14413 (LINKEDIN, US)
www.linkedin.com
7    2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
1    147.75.102.13 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress1
vars.hotjar.com
1    2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2606:4700::6810:fc05 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hubspot.com
Domain Requested by
30 www.secureworldexpo.com www.secureworldexpo.com
11 use.typekit.net www.secureworldexpo.com
use.typekit.net
7 cdn.ampproject.org securepubads.g.doubleclick.net
7 tpc.googlesyndication.com securepubads.g.doubleclick.net
www.secureworldexpo.com
cdn.ampproject.org
6 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.secureworldexpo.com
5 track.hubspot.com
4 www.google.com 1 redirects www.secureworldexpo.com
www.gstatic.com
2 pagead2.googlesyndication.com
2 px.ads.linkedin.com 1 redirects www.secureworldexpo.com
2 platform.twitter.com www.secureworldexpo.com
platform.twitter.com
2 connect.facebook.net www.secureworldexpo.com
connect.facebook.net
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 s7.addthis.com www.secureworldexpo.com
s7.addthis.com
2 cdnjs.cloudflare.com www.secureworldexpo.com
2 unpkg.com 1 redirects www.secureworldexpo.com
2 cdn2.hubspot.net www.secureworldexpo.com
1 forms.hubspot.com js.hsleadflows.net
1 www.gstatic.com www.google.com
1 p.typekit.net www.secureworldexpo.com
1 vars.hotjar.com static.hotjar.com
1 www.linkedin.com 1 redirects
1 script.hotjar.com static.hotjar.com
1 js.hs-analytics.net www.secureworldexpo.com
1 js.hsleadflows.net www.secureworldexpo.com
1 api.hubapi.com www.secureworldexpo.com
1 v1.addthisedge.com s7.addthis.com
1 snap.licdn.com www.secureworldexpo.com
1 www.google.de www.secureworldexpo.com
1 stats.g.doubleclick.net 1 redirects
1 z.moatads.com s7.addthis.com
1 adservice.google.com www.googletagservices.com
1 adservice.google.de www.googletagservices.com
1 static.hotjar.com www.secureworldexpo.com
1 no-cache.hubspot.com www.secureworldexpo.com
1 www.googletagservices.com www.secureworldexpo.com
1 cdn.jsdelivr.net www.secureworldexpo.com
1 platform.linkedin.com www.secureworldexpo.com
1 www.googletagmanager.com www.secureworldexpo.com
104 38
Subject Issuer Validity Valid
www.secureworldexpo.com
CloudFlare Inc ECC CA-2		 2019-09-17 -
2020-09-16		 a year crt.sh
*.typekit.net
DigiCert SHA2 Secure Server CA		 2019-12-06 -
2021-12-10		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-01-07 -
2020-03-31		 3 months crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2018-07-11 -
2020-07-15		 2 years crt.sh
hubspot.net
CloudFlare Inc ECC CA-2		 2019-04-16 -
2020-04-16		 a year crt.sh
ssl714328.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-09-10 -
2020-03-18		 6 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-05-29 -
2020-04-23		 a year crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-01-07 -
2020-03-31		 3 months crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
odc-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2019-10-10 -
2020-09-04		 a year crt.sh
hubspot.com
CloudFlare Inc ECC CA-2		 2019-12-04 -
2020-10-09		 10 months crt.sh
static.hotjar.com
Let's Encrypt Authority X3		 2019-12-05 -
2020-03-04		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-01-14 -
2020-04-07		 3 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2020-01-17 -
2021-03-17		 a year crt.sh
www.google.de
GTS CA 1O1		 2020-01-07 -
2020-03-31		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-01-14 -
2020-04-07		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-01-16 -
2020-04-15		 3 months crt.sh
*.twimg.com
DigiCert SHA2 High Assurance Server CA		 2019-11-12 -
2020-11-18		 a year crt.sh
hubapi.com
CloudFlare Inc ECC CA-2		 2020-01-21 -
2020-10-09		 9 months crt.sh
ssl817706.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2020-01-21 -
2020-07-29		 6 months crt.sh
ssl803670.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-11-06 -
2020-05-14		 6 months crt.sh
script.hotjar.com
Let's Encrypt Authority X3		 2019-12-05 -
2020-03-04		 3 months crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2019-05-29 -
2021-06-29		 2 years crt.sh
misc-sni.google.com
GTS CA 1O1		 2020-01-14 -
2020-04-07		 3 months crt.sh
vars.hotjar.com
Let's Encrypt Authority X3		 2019-12-05 -
2020-03-04		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-01-14 -
2020-04-07		 3 months crt.sh

This page contains 8 frames:

Primary Page: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Frame ID: 59766C6C4588D9DC0F0388FC727ABF04
Requests: 84 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012001221806580/amp4ads-v0.js
Frame ID: EF7565B3500083F42DE548AA8A1D0098
Requests: 7 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012001221806580/amp4ads-v0.js
Frame ID: CF387D51DA8525E161E0AEA2B967D4AF
Requests: 6 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012001221806580/amp4ads-v0.js
Frame ID: 7EE2EDCF5498E8DAC0B4B3F5FADD1E95
Requests: 7 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.4f8aea4342a4ada72cba2bdffcff6b4d.html?origin=https%3A%2F%2Fwww.secureworldexpo.com
Frame ID: 624FC3AC9E84E4884B3C7C9FD1F57783
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-b736908ce6b0e933fad3a2e45df61b38.html
Frame ID: 21AE01AB7E0A3A6D9DDEABEEE384F4BF
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGRleHBvLmNvbTo0NDM.&hl=en&v=RDiPdrU_gv1XhhWy6nqfMf9O&size=invisible&badge=inline&cb=qps0fbsvsx1x
Frame ID: 33711748F470473405A2F6B9FFF99E48
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=RDiPdrU_gv1XhhWy6nqfMf9O&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&cb=c2pyz03oifly
Frame ID: A13AD100B4156C0FC8718E74821F92C2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /\/\/platform\.twitter\.com\/widgets\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

104
Requests

100 %
HTTPS

80 %
IPv6

27
Domains

38
Subdomains

34
IPs

7
Countries

2191 kB
Transfer

5749 kB
Size

10
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js HTTP 302
  • https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
Request Chain 37
  • https://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png HTTP 0
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
Request Chain 46
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1896779855&t=pageview&_s=1&dl=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&ul=en-us&de=UTF-8&dt=Special%20Security%20Advisory%3A%20%27Ryuk%20Ransomware%20Targeting%20Organizations%20Globally%27&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=700350409&gjid=1072622286&cid=1725149517.1580243922&tid=UA-29110626-1&_gid=808460683.1580243922&_r=1&gtm=2ou1f1&z=197577209 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-29110626-1&cid=1725149517.1580243922&jid=700350409&_gid=808460683.1580243922&gjid=1072622286&_v=j79&z=197577209 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=1725149517.1580243922&jid=700350409&_v=j79&z=197577209 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=1725149517.1580243922&jid=700350409&_v=j79&z=197577209&slf_rd=1&random=5658294
Request Chain 66
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1580243922617 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D651962%26url%3Dhttps%253A%252F%252Fwww.secureworldexpo.com%252Findustry-news%252Fhow-ryuk-ransomware-works%26time%3D1580243922617%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1580243922617&liSync=true

104 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request how-ryuk-ransomware-works
www.secureworldexpo.com/industry-news/ 		63 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
867055844a1f6fbb4cfd0f27c56ade1caacce5a3714784404927303a8dbc3b02
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=0

Request headers

:method
GET
:authority
www.secureworldexpo.com
:scheme
https
:path
/industry-news/how-ryuk-ransomware-works
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
date
Tue, 28 Jan 2020 20:38:42 GMT
content-type
text/html;charset=utf-8
set-cookie
__cfduid=dc5f4e1f9f338d247f4f8c600c2dcb9cf1580243921; expires=Thu, 27-Feb-20 20:38:41 GMT; path=/; domain=.www.secureworldexpo.com; HttpOnly; SameSite=Lax __cfruid=63effb3e44e643aebd4d613f5e04b5986e71c139-1580243922; path=/; domain=.www.secureworldexpo.com; HttpOnly; Secure; SameSite=None
cf-ray
55c5c57dd86fdfa5-FRA
cache-control
s-maxage=120,max-age=5
link
</hs/hsstatic/HubspotToolsMenu/static-1.56/js/index.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.10/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.3/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.64/js/comment_listing_asset.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
strict-transport-security
max-age=0
vary
Accept-Encoding
cf-cache-status
MISS
access-control-allow-credentials
false
content-security-policy
upgrade-insecure-requests
edge-cache-tag
CT-10855193339,CG-2221756,P-2221756,L-4217464939,L-4217501659,L-4327754887,L-4453182780,CW-5767375991,E-4263571273,MENU-4263609498,MENU-4404484415,PGS-ALL,SW-0,SD-6,B-4214485368
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-hs-cache-config
BrowserCache-5s-EdgeCache-120s
x-hs-combine-css
Retry-0
x-hs-content-id
10855193339
x-hs-hub-id
2221756
x-powered-by
HubSpot
x-trace
2B7F73ABDEF616B733966B0D3705F76D7922FA4151000000000000000000
server
cloudflare
content-encoding
br
cf-h2-pushed
</hs/hsstatic/HubspotToolsMenu/static-1.56/js/index.js>,</hs/hsstatic/cos-i18n/static-1.10/bundles/project.js>,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.3/bundles/project.js>,</hs/hsstatic/AsyncSupport/static-1.64/js/comment_listing_asset.js>,</_hcms/forms/v2.js>
index.js
www.secureworldexpo.com/hs/hsstatic/HubspotToolsMenu/static-1.56/js/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/HubspotToolsMenu/static-1.56/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
147498d5be9d1aeb765c07a2789d7379a690cbcd52abcc1cacdd0203bd8e009b

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 9c90b41a9e5ac2856624d29ed4da4235.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
1895011
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Mon, 06 Jan 2020 18:30:12 GMT
server
cloudflare
etag
W/"162b4f467addf4ea5c010d1097fd9e14"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
St0U51eKUSNLxvhUwOEN3IuM2RIMZRGK
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C3
cf-ray
55c5c580fa2cdfa5-FRA
x-amz-cf-id
D2ZOTW_fbFiBJKLA9cSEjSe4pui1sIa0vVZh2RMpD4XKosmXq3vQ0g==
project.js
www.secureworldexpo.com/hs/hsstatic/cos-i18n/static-1.10/bundles/ 		1 KB
764 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/cos-i18n/static-1.10/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab449241b50123673e76dbcd70f869ae11d26920f0ce1670fdfd266308058179

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 4f9e9e3e8a2a5cea2848aac8473267f2.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
6652683
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Wed, 13 Sep 2017 02:51:30 GMT
server
cloudflare
etag
W/"0011aaf4067b097bcbfd9dc99a4b94c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
p6iak7Gl9Xyg7crK_8XyTwctOBvKD1DL
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C2
cf-ray
55c5c580fa2ddfa5-FRA
x-amz-cf-id
Sl0K676IN7f7jD951-BpmEEjA5KEUs1ypKmFb5wwvDNW_7lGo6C0DQ==
project.js
www.secureworldexpo.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.3/bundles/ 		2 KB
809 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.3/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09f439b49fd8ccd1abd10c152ca30c78bb690ecd5f0e556eb01a08f352a14158

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 3ce1b04fdf4b78c695ea1764363d1f38.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
6652683
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Mon, 02 Jul 2018 13:11:21 GMT
server
cloudflare
etag
W/"c7e3582e33ff653f3eb6b0b5068c6425"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
3zHbwEdez_RyA8.10bTabAs8HfuAS5gs
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD79-C3
cf-ray
55c5c580fa2edfa5-FRA
x-amz-cf-id
Cs11pd0lTcp4cTqTXQKLafz5DKFZevyuh9vIZt4Kbj9FhO7k3jXVyg==
comment_listing_asset.js
www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.64/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.64/js/comment_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c788eb6f164f76552b96cd75349f0a88b81be7472775a19f74436d711153a237

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 a97d638d4e395a6f27b927572cf3bfda.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
6652683
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Tue, 24 Sep 2019 21:57:47 GMT
server
cloudflare
etag
W/"556ce6dfa7bd54d0e05bfefc6ea807ed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
vHA4N9mgKXfajS53OjsbyOur7uYKFr5U
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C2
cf-ray
55c5c580fa2fdfa5-FRA
x-amz-cf-id
RLT_lY-DiXYtJE0Ae4j9ZdBKTZDYC6BMgIufUi3aFzNcDDrpwLGR_Q==
v2.js
www.secureworldexpo.com/_hcms/forms/ 		420 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca83bf6c4611e07ea8b93893694e16957cd66082de76afb1ee564fba6f055750

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 814e6200dbb5865e94b7b0c1ba6129fe.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
441
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Wed, 08 Jan 2020 02:12:01 GMT
server
cloudflare
etag
W/"01f4b8448e5b99e492b97afdd1268a74"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
gCHbnfLfRD6TgIiY4HAm19.GmuNmLHpw
cache-control
max-age=600
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
cf-ray
55c5c580fa31dfa5-FRA
x-amz-cf-id
f1Bip5G-PHhmJ_bH3aTum_rgx3Z6yQK86fIgyHksbgEFBTbTU6zdUw==
jquery-1.7.1.js
www.secureworldexpo.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 		92 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 88112861fcc652b3e20b1a8120ffdda0.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
6652683
x-cache
Hit from cloudfront
status
200
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD79-C3
cf-ray
55c5c5817c1edfa5-FRA
x-amz-cf-id
Hy52132q0NkUdp0ojrW5uhkCSLbJSEfBa-ueAvNbMXwXHnl9NzLrOA==
comments_listing_asset.css
www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.64/sass/ 		1 KB
703 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.64/sass/comments_listing_asset.css
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c92b3367b5fe4043730b6978e65a2cfbe6c0fa7a2eeadf0e904435aa9354877f

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 814e6200dbb5865e94b7b0c1ba6129fe.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
2214709
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
text/css
last-modified
Tue, 24 Sep 2019 21:57:47 GMT
server
cloudflare
etag
W/"bff3608e1efab0c0b3f7a0eb6c143971"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
agzpJFgAaeAe3I75BIpW14YYVvgFSIqC
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
cf-ray
55c5c5817c15dfa5-FRA
x-amz-cf-id
8DcKf_pL1Ats3SigOva6UGZWVfT_Z7heXisifFdCbKoirc37q8wSyg==
cfm6mzj.js
use.typekit.net/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/cfm6mzj.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.215.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-215-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
51ccb84a0673c43c2b479d6d1b9065ff1275c01c93ab5d4274ddb469661cfcf8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
server
nginx
access-control-allow-origin
*
date
Tue, 28 Jan 2020 20:38:42 GMT
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
status
200
cache-control
public, max-age=600, stale-while-revalidate=604800
timing-allow-origin
*
content-length
7721
js
www.googletagmanager.com/gtag/ 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-29110626-1
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1b0faadcc5d19cbb6652fcbc7742e641778a1437040d764f643b155ee2190248
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
br
last-modified
Tue, 28 Jan 2020 19:26:00 GMT
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
28305
x-xss-protection
0
expires
Tue, 28 Jan 2020 20:38:42 GMT
in.js
platform.linkedin.com/ 		181 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:39a::25eb , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Play /
Resource Hash
0403e863ea9a4faae840af1e76a5c9a413e3958edbf81c4e7f0d1f5020105dae

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Tue, 28 Jan 2020 20:38:42 GMT
Content-Encoding
gzip
X-CDN-CLIENT-IP-VERSION
IPV6
Server
Play
X-CDN
AKAM
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
text/javascript; charset=UTF-8
Cache-Control
public, max-age=3600
X-Li-Pop
prod-edc2
X-LI-Proto
http/1.1
Content-Length
55596
X-LI-UUID
tTx8ozQl7hUQ/WH4tSoAAA==
X-Li-Fabric
prod-lva1
Expires
Tue, 28 Jan 2020 20:57:07 GMT
layout.min.css
cdn2.hubspot.net/hub/-1/hub_generated/template_assets/1495141902003/hubspot_default/shared/responsive/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/-1/hub_generated/template_assets/1495141902003/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
gzip
cf-cache-status
HIT
age
4323
status
200
x-amz-meta-md5-hash
0b0c633d59ab0af9553a98c0e7d97349
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
last-modified
Thu, 18 May 2017 21:11:43 GMT
server
cloudflare
etag
W/"0b0c633d59ab0af9553a98c0e7d97349"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
s-maxage=1209600, max-age=1209600
x-amz-cf-pop
IAD89-C2
cf-ray
55c5c5819a4e96bc-FRA
Sw-2016.min.css
www.secureworldexpo.com/hs-fs/hub/2221756/hub_generated/template_assets/4263571273/1570561295473/Coded_files/Custom/page/Secureworld_2016/ 		91 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs-fs/hub/2221756/hub_generated/template_assets/4263571273/1570561295473/Coded_files/Custom/page/Secureworld_2016/Sw-2016.min.css
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01238c0b3d70f0c96d84be0f867fd8e55c97a1545345310f7ca35feabd685915

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
br
cf-cache-status
HIT
age
441
status
200
content-type
text/css
x-amz-request-id
3B85F100E9541B03
x-amz-id-2
1wbiqqtfjcpZuj1UrHY+YDna7JCn40hpoaGPvC0ZvbQhGapz71YA4BBO/9gEIAbp09acA1xD/JA=
last-modified
Tue, 08 Oct 2019 19:01:36 GMT
server
cloudflare
etag
W/"1ed2ffd1cb4fe8b34349e906f7d2681f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
u.S1AwSFzI9ZTgt_RhhxGnOMGalq.3HE
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
55c5c5817c1adfa5-FRA
jquery.slides.min.js
www.secureworldexpo.com/hubfs/js/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hubfs/js/jquery.slides.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59ec733cb38ee1c685cda9409cc5502f2ea47dd072f70b30146f5494dbe32ba8

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 ba5fe64f4b79b31baa8e0dd63a6b67c5.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
1502
x-cache
Miss from cloudfront
status
200
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
content-encoding
br
x-amz-request-id
999D9817419F4D68
x-amz-id-2
Fdc+00QKiv0lLiO1qIJePifi/GhABoReTeQ88s04rrS4u7yFKhxVHD6pYWAMLKidnGW5A93i5hk=
last-modified
Mon, 11 Jul 2016 21:39:09 GMT
server
cloudflare
etag
W/"58f295f0c2cc45fb57ab5fe958f93eeb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
oAXa_7l104Cf5Y8HYZhqFUOFvtaey45r
x-amz-cf-pop
MXP64-C1
cf-ray
55c5c5817c24dfa5-FRA
x-amz-cf-id
sWYZvVizkODhEsOqgtFQBoTcj6XvqkcrtVO32eKz3toaI1I_RjxYxA==
masonry.pkgd.min.js
www.secureworldexpo.com/hubfs/js/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hubfs/js/masonry.pkgd.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e7e1ec94cb98f8ee2f2f9d4549030b15bf4198419cfab1b5eab13c13ecf26ff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 73f3a23156999272233949c078c30859.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
1502
x-cache
Miss from cloudfront
status
200
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
content-encoding
br
x-amz-request-id
017F370113D761D1
x-amz-id-2
RpZpomYe4IgKzkwLCYJoAiIGozG7fOxp0/02rlMID16zd22O7+fTvzc+rgCqGOhC0RiETRy9dp8=
last-modified
Tue, 12 Jul 2016 17:33:54 GMT
server
cloudflare
etag
W/"d5761132889fee4a606e54d26675d2ea"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
p01HdefR.thGzQP58gPWMqi14.QGjgok
x-amz-cf-pop
FRA53-C1
cf-ray
55c5c5817c27dfa5-FRA
x-amz-cf-id
jqAO-TSx9NiF30Oy6RRBWUCEE0PDdhQgSthzQpTM_3m-AiLFZo9-_w==
jquery-ui.min.js
www.secureworldexpo.com/hubfs/js/ 		247 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hubfs/js/jquery-ui.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78613a6e5bab939b078feae691fb0661e2b2671dcce1b1be66517203b2a7b3b1

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 a6fa155499d42d80898e356700528797.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
1502
x-cache
Miss from cloudfront
status
200
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
content-encoding
br
x-amz-request-id
3205BA26C41404DE
x-amz-id-2
njZjHmgl9m6x8k7s33VaOSegJi2SOtzc67+qBw2gnPHGtXEZS3Caxze+2Dd0NFMvp+7tINowv4Q=
last-modified
Thu, 14 Jul 2016 17:45:45 GMT
server
cloudflare
etag
W/"8cbf62fc02083afe12a90787cb8f9e3c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
3i9pp9ZRYVIn0GLzROYg8mObVjOyRJSc
x-amz-cf-pop
MXP64-C1
cf-ray
55c5c5817c2adfa5-FRA
x-amz-cf-id
2Dckn5DN_B8trvmVRRBqi_sdf2Pn1FiFKxCJKWyWgDR683LkoFpjvA==
imagesloaded.pkgd.min.js
unpkg.com/imagesloaded@4.1.4/
Redirect Chain
  • https://unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js
  • https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96abf166b3cbb5f7df525d86fdeeeccea4af3c120b19bc26b0613530a94e8b44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
7086259
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Tue, 02 Jan 2018 16:53:35 GMT
server
cloudflare
etag
W/"15da-bT4RF04iZo5p3yNuXEVCFo98v+w"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
7a7b3adc933350b5bf6d04c0c54b1505
cache-control
public, max-age=31536000
cf-ray
55c5c581cdedd705-FRA

Redirect headers

date
Tue, 28 Jan 2020 20:38:42 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
362
status
302
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
66
server
cloudflare
location
/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
dce2733870af18768834e1ce6cf50d18
cache-control
public, s-maxage=600, max-age=60
cf-ray
55c5c5819d17d705-FRA
handlebars.min.js
cdn.jsdelivr.net/npm/handlebars@4.0.10/dist/ 		74 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/handlebars@4.0.10/dist/handlebars.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d096836c66515e5ce415b57c5e2f19847ff367a41033463774291867b258ab7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
date
Tue, 28 Jan 2020 20:38:42 GMT
content-length
22694
x-served-by
cache-ams21030-AMS, cache-hhn4055-HHN
etag
W/"12630-EKA6xd0OO5UHmP0bY9EiNnZapJc"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
gpt.js
www.googletagservices.com/tag/js/ 		53 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
614d46f690934c70d47e4bf84e31ce47938bb8ab53d4a03618c79aa0e7487595
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"412 / 527 of 1000 / last-modified: 1580168619"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
16281
x-xss-protection
0
expires
Tue, 28 Jan 2020 20:38:42 GMT
hamburger.png
www.secureworldexpo.com/hubfs/ 		178 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/hamburger.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e85e480856bd1bfc6c8f2782e1cffcb33b19837fcbc24cc8b25ed969d30bbd11

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4228641034,P-2221756,FLS-ALL
age
1236
cf-polished
origFmt=png, origSize=678
edge-cache-tag
F-4228641034,P-2221756,FLS-ALL
status
200
content-length
178
content-disposition
inline; filename="hamburger.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
9D934FAF88B13D5F
x-amz-id-2
+B09RfSBf9Dm5cqFteRm1eXK8mPuq+jHqQthhLuoX8qz5famzRo/oBHNlAGO0MMIIrA1Ccp+s/I=
x-cache
Miss from cloudfront
last-modified
Sun, 08 Oct 2017 22:59:50 GMT
server
cloudflare
etag
"d3bd09f40d4f357af913c143adca587d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
4m0X8x7SQCsWrf.U9R26NzzJ2LVMVSnV
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
cf-ray
55c5c5820e1fdfa5-FRA
x-amz-cf-id
zOmA3wDvztDhW9-Tqed4JFrJ5ev9Zk9pxczxmu6GTQWQHBXSD02szA==
cf-bgj
imgq:85
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/ 		28 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
br
cf-cache-status
HIT
age
22270666
cf-ray
55c5c5819e85dfdf-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:19:12 GMT
server
cloudflare
etag
W/"5afd4910-7187"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Sun, 17 Jan 2021 20:38:42 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
Bruce_Sussman.jpg
www.secureworldexpo.com/hubfs/speakers/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/speakers/Bruce_Sussman.jpg
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba9b45bb0dae052dfa016312364839c1fe3001edaf01d24c5f83a85ce6559224

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 54a27c79959049456f9f990ce9651fa3.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-5560419284,FD-4142850703,P9Jym,FLS
age
693929
cf-polished
qual=85, origFmt=jpeg, origSize=18664
edge-cache-tag
F-5560419284,FD-4142850703,P9Jym,FLS
status
200
content-length
8878
content-disposition
inline; filename="Bruce_Sussman.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 52
x-amz-request-id
208223839E1BFE36
x-amz-id-2
+bGDUY77+I3oCcvuhjDoERjBiGTVyfJyCTtsrkCbzj/9e6esDbl+khBLXO2LMdEu5mXrOSxTmQY=
x-cache
Miss from cloudfront
last-modified
Mon, 05 Feb 2018 20:09:16 GMT
server
cloudflare
etag
"a46d51259cd51646fc6c18f08c0ef843"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
p73a5uGwwrkN1ptLWmfVeAejhQ8KLb.H
x-amz-cf-pop
MUC51-C1
accept-ranges
bytes
cf-ray
55c5c5826f81dfa5-FRA
x-amz-cf-id
0H0w8uf2A6RGK1m92CJV912I8o6R9tsXuo_VM2cCXV1E3iJhWDEr2w==
cf-bgj
imgq:85
privacy_law_shutterstock_605520746.jpg
www.secureworldexpo.com/hubfs/Blog_images/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/Blog_images/privacy_law_shutterstock_605520746.jpg
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9985842ec2aa6aae751d7bd2c870365389d21517f1968d822146980a9c558c0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-11747030218,FD-4415468373,P-2221756,FLS-ALL
age
5395
cf-polished
qual=85, origFmt=jpeg, origSize=82378
edge-cache-tag
F-11747030218,FD-4415468373,P-2221756,FLS-ALL
status
200
content-length
30858
content-disposition
inline; filename="privacy_law_shutterstock_605520746.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 53
x-amz-request-id
EAF86BCFEBA62CB5
x-amz-id-2
kmCBATDyUYW5LsM+6JN3ADS24mwzelvfKCHHi1KkMnLKTd3Hi6Zse0KIFqfh7PoUQPsMCXk5AYs=
x-cache
Miss from cloudfront
last-modified
Wed, 31 Jul 2019 18:34:47 GMT
server
cloudflare
etag
"7dee42b3fe8817d093edcf7a8f52b6aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
D.b0rgULpdfelKOt8od2CO2NIN9j0xaV
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
cf-ray
55c5c5826f83dfa5-FRA
x-amz-cf-id
5CoBZwNXKdYKnXBjyBjJT39pAvxS8mTsj_af0D0Y2qssLZRujqolAQ==
cf-bgj
imgq:85
gamers_video_game_teenagers_shutterstock_1176828529_crop.jpeg
www.secureworldexpo.com/hubfs/Blog_images/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/Blog_images/gamers_video_game_teenagers_shutterstock_1176828529_crop.jpeg
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66b8b22a26a552b702a0806283780d6d576940f80c1b071a7c73f186fcf4d902

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-8987669203,FD-4415468373,P-2221756,FLS-ALL
age
9084
cf-polished
qual=85, origFmt=jpeg, origSize=28257
edge-cache-tag
F-8987669203,FD-4415468373,P-2221756,FLS-ALL
status
200
content-length
12266
content-disposition
inline; filename="gamers_video_game_teenagers_shutterstock_1176828529_crop.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 53
x-amz-request-id
324A62AF406AE4EA
x-amz-id-2
mlUugFQVkBDYy1YQd5UDunye0BSCsslZRCx2ihcrEHxYXudw8jch4gdHDHeimmdyep13g9EAuM4=
x-cache
Miss from cloudfront
last-modified
Thu, 18 Apr 2019 20:58:05 GMT
server
cloudflare
etag
"2d5020e9ff16cead70194d21ae067160"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
hrHwzR312q8kH_bhoXtQTYztFdtZNIy2
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
cf-ray
55c5c5826f87dfa5-FRA
x-amz-cf-id
kOQg8xuU6p-tAsbT401U1EU9Mc4biKxWjfGPdGqWIs8w7nKrokjrsQ==
cf-bgj
imgq:85
money_briefcase_ransom_shutterstock_276522701.jpg
www.secureworldexpo.com/hubfs/Blog_images/ 		155 KB
156 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/Blog_images/money_briefcase_ransom_shutterstock_276522701.jpg
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f6271d4170082022c463046416f4b3b6df7facd294251cd8d776c5401bc8be0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-amz-meta-cache-tag
F-24969807340,FD-4415468373,P-2221756,FLS-ALL
x-amz-cf-pop
FRA2-C1
edge-cache-tag
F-24969807340,FD-4415468373,P-2221756,FLS-ALL
status
200
content-length
158683
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 53
x-amz-request-id
7210A0B38798D729
x-amz-id-2
QDGk7cb6skdZvN94k4wS3EMfTmFFwUY0h4RUfRxG7udxvHKebrlrR17bsk4hR0IMu1aF99lCc0A=
last-modified
Tue, 28 Jan 2020 18:04:49 GMT
server
cloudflare
etag
"3338bc0ace2fffbb7c67000638c2c9f2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
16KYYey7UqNj7LhRu1i74DOfmSdep8cm
accept-ranges
bytes
cf-ray
55c5c5826f8bdfa5-FRA
x-amz-cf-id
hv9gyarXg5dEqGd9Gb5VY6cYhA4FSg_KBd0EvReS0GLFptSCQRgCfw==
addthis_widget.js
s7.addthis.com/js/300/ 		349 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Tue, 21 Jan 2020 20:57:37 GMT
server
nginx/1.15.8
etag
"5e2765c1-57446"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
status
200
cache-control
public, max-age=600
date
Tue, 28 Jan 2020 20:38:42 GMT
x-host
s7.addthis.com
content-length
114924
5b11748c-d8d9-47fd-b704-d273971b3380.png
no-cache.hubspot.com/cta/default/2221756/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/2221756/5b11748c-d8d9-47fd-b704-d273971b3380.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fa05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0f8dc01b870f4220bb68c5ece91eb9aa5d2b459d84ae795567d9b068184bc54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
cf-cache-status
DYNAMIC
last-modified
Thu, 08 Sep 2016 23:38:22 GMT
server
cloudflare
x-amz-request-id
BE1F4AD6266817A1
etag
"a0bf93e49385d55d2b06b74a0483880e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
55c5c5826eebe00b-FRA
content-length
1720
x-amz-id-2
vtnPCfVVTkcGSeE50ofj6djcuWfWxndZ4LFAEriiKBFO+1tgk+UHvg+6h9MVvzeWW0n6QSHh1KU=
current.js
www.secureworldexpo.com/hs/cta/cta/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/cta/cta/current.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2fc3aa288e418b441ffa070d06efcda33580278d8c6bc7356521298fd79cd0f4

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 29e9afe5efcd089dc05c8c157066682e.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
440
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Mon, 27 Jan 2020 09:48:03 GMT
server
cloudflare
etag
W/"3ccef5e4c3ecb15acff69c7888ac7b1a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
hHRl.ObjM_NTV10ljVf0yWYOCYhOsOxp
cache-control
max-age=600
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C2
cf-ray
55c5c581cd35dfa5-FRA
x-amz-cf-id
uOAufprs2iJ8HEgXFyFvdafi81yjVwe5HpodbUPGBNm3wKLRXDebNg==
facebook-icon.png
www.secureworldexpo.com/hubfs/icons/ 		266 B
822 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/facebook-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45d8a712ca77cd325fcaaf66940adab8fc7d87692dfab6795f4fe8af5761bbc2

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 479d15a99f4dd073131fba1516541469.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4217507994,P-2221756,FLS-ALL
age
1236
cf-polished
origFmt=png, origSize=341
edge-cache-tag
F-4217507994,P-2221756,FLS-ALL
status
200
content-length
266
content-disposition
inline; filename="facebook-icon.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
9B72931E77E5CE10
x-amz-id-2
ZtcAhmQpwIsPkg2e6wp2iQLosG3Y1+SZXYc4fh7OFef+CyLWudy0rA5l0mwBt3MGnB/wMZqU7Ps=
x-cache
Miss from cloudfront
last-modified
Sun, 08 Oct 2017 22:59:45 GMT
server
cloudflare
etag
"382d93a10bf4c2b421daabc50181cee3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
cpGeMT3J5tMnUJqYR3Q0N_7QYVZ9aPqE
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
cf-ray
55c5c5826f8ddfa5-FRA
x-amz-cf-id
2UsmMIp6i_t7wRwvF37jc0h8QOHrD7BduA53O41ZhsAZiuxNvV6aRg==
cf-bgj
imgq:85
twitter-icon.png
www.secureworldexpo.com/hubfs/icons/ 		616 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/twitter-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2706e604d16b9785e1a98e631df92c3402eb93e3d8160b6b0959f28d132e3ce

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4236787772,P-2221756,FLS-ALL
age
1236
cf-polished
origFmt=png, origSize=883
edge-cache-tag
F-4236787772,P-2221756,FLS-ALL
status
200
content-length
616
content-disposition
inline; filename="twitter-icon.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
F47B0A031D1E0826
x-amz-id-2
teJfdORfuYJzy7oFZrIsBES0d+h8hZgnM8moE6ohvdzQekVhdRflPdhvhe1ejUG4A0Bt2CYKVEI=
x-cache
Miss from cloudfront
last-modified
Sun, 08 Oct 2017 22:59:51 GMT
server
cloudflare
etag
"435d809eb83677f7468e7b683bb64e9d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
vxboFQ0o8uHNttXVAk1x4tCcamAImMN6
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
cf-ray
55c5c5826f91dfa5-FRA
x-amz-cf-id
Iq89fKdh6wliP7P19Y5iOG_BMBVDj6DtCZm67pgovGouQJkxahicrA==
cf-bgj
imgq:85
linkedin-icon.png
www.secureworldexpo.com/hubfs/icons/ 		398 B
951 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/linkedin-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
105580db30d3915f2122d4e07a985c069478dd6f64e25d58ff3bf4c6ba7d9200

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4249039716,P-2221756,FLS-ALL
age
1236
cf-polished
origFmt=png, origSize=545
edge-cache-tag
F-4249039716,P-2221756,FLS-ALL
status
200
content-length
398
content-disposition
inline; filename="linkedin-icon.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 43
x-amz-request-id
3A3CA2A932138C9F
x-amz-id-2
TD1g86TM+Rnxq5TtaFgoydAescZ6MTK3rCIJgbyHkVQ6tsThoK9H2n+/oln2THALU3NPimwYxcg=
x-cache
Miss from cloudfront
last-modified
Sun, 08 Oct 2017 23:00:01 GMT
server
cloudflare
etag
"f35feef6db03f1de7a0f82ac16331984"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
Ca0VlQPn4uRh8ARQvO0BomNcHUPSzg5d
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
cf-ray
55c5c582983ddfa5-FRA
x-amz-cf-id
271nhaH3X3zrpRpmhj_q6jMqS2Crr--vkhAPHOmUbf5NEhc6nHSDrw==
cf-bgj
imgq:85
youtube-icon.png
www.secureworldexpo.com/hubfs/icons/ 		538 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/icons/youtube-icon.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb84dfde92c3f516c917d8b8a714cbedcb98908c2ca54c47f2eb27cc712ec39e

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4217507984,P-2221756,FLS-ALL
age
402726
cf-polished
origFmt=png, origSize=740
edge-cache-tag
F-4217507984,P-2221756,FLS-ALL
status
200
content-length
538
content-disposition
inline; filename="youtube-icon.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 53
x-amz-request-id
31AE7FFF62AF0A20
x-amz-id-2
1OeYnj5l9dKa2bo43H4WoV2FBwW8/grGaDrZ5+EMHAlQaceVII5gNpbS7YZsOhvfTBm4g8FeHX8=
x-cache
Miss from cloudfront
last-modified
Sun, 08 Oct 2017 22:59:44 GMT
server
cloudflare
etag
"cd74c7bacf9b51e0d78450b3a775f1d5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
MZVOTxFc5yM8fhWUGQmM9Ce.Rx4WyYF6
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
cf-ray
55c5c5829854dfa5-FRA
x-amz-cf-id
TdvSkc1cYCRaPwXaiY0hd9WzvldHT1H18F4uX1knQI-gjbTT0VjCuQ==
cf-bgj
imgq:85
module_5767375991.min.js
www.secureworldexpo.com/hs-fs/hub/2221756/hub_generated/module_assets/1526415140634/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs-fs/hub/2221756/hub_generated/module_assets/1526415140634/module_5767375991.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e7ae196488d11c550b2c2bdda02ab66d9b30d9ce3428175816fc7529d417b55

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
br
cf-cache-status
HIT
age
1502
status
200
content-type
application/javascript; charset=utf-8
x-amz-request-id
BB2BD12B57162547
x-amz-id-2
nKu+VK8czth/OWycVPE6MKL/bJsoHLVN3vU5EiaTd3xLPoNt9ONbYP/dvvR8b7y/B3D4kNnWd9s=
last-modified
Tue, 15 May 2018 20:12:21 GMT
server
cloudflare
etag
W/"f4b2280c49cfc63c17de571e5c7fc973"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
r6EweSOu4oidIwv_yz3SQArFNSnW.a4T
cache-control
s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
55c5c581fdacdfa5-FRA
2221756.js
www.secureworldexpo.com/hs/scriptloader/ 		877 B
594 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/scriptloader/2221756.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d14339d074afb94a6253ceafa2e1ed61af6895f0b2c50c6f2ea6bb30a0f20509

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
959
x-trace
2B7C0D595E62E90D2061CE342F7E9D2B2F3F3B5421000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
public, max-age=60
access-control-allow-credentials
false
cf-ray
55c5c582a86bdfa5-FRA
expires
Tue, 28 Jan 2020 20:23:43 GMT
hotjar-349336.js
static.hotjar.com/c/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-349336.js?sv=5
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.100.245 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress15
Software
/
Resource Hash
e9547263f4efa5ceb610327448be0f2ca586a4c0f40f4822f8fdd940a786d450
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript
section-io-tag
hotjar
age
0
status
200
access-control-max-age
600
section-io-cache
Miss
x-cache-hit
1
x-frame-options
SAMEORIGIN
etag
W/c982f2e0ee3f22a6bb0c0a8ea8193efe
vary
Accept-Encoding
section-io-origin-status
200
access-control-allow-origin
*
cache-control
max-age=60
section-io-origin-time-seconds
0.082
accept-ranges
bytes
section-io-id
4bd029a78c32d50f087e21946a5a5e4f
section-origin-responded
true
integrator.js
adservice.google.de/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.secureworldexpo.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.secureworldexpo.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
pubads_impl_2020011602.js
securepubads.g.doubleclick.net/gpt/ 		166 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020011602.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f2.1e100.net
Software
sffe /
Resource Hash
e453876fb642a6b08b3ffafdc3b7c241de26aae0ee58db079e635fc1f682ef02
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 22 Jan 2020 20:10:16 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
61843
x-xss-protection
0
expires
Tue, 28 Jan 2020 20:38:42 GMT
secureworld-logo-2.png
cdn2.hubspot.net/hubfs/2221756/
Redirect Chain
  • https://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
  • http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
28 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn2.hubspot.net/hubfs/2221756/secureworld-logo-2.png
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a8ff50036f20394f742977e90d27f633f8fbad3fe3778aaecb3b542671344bc

Request headers

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-meta-cache-tag
F-4248998301,P-2221756,FLS-ALL
age
1117225
cf-polished
origFmt=png, origSize=8991
edge-cache-tag
F-4248998301,P-2221756,FLS-ALL
status
200
content-length
5776
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 52
x-amz-request-id
EAD0E1D64EFCE88F
x-amz-id-2
MPMGxddK76fC0rw26Afg5csCwPF5s5etyQyu0JAueb43DTH3wkJHXeXqceM0eqPoMa/HkPRjJQ0=
last-modified
Sun, 08 Oct 2017 23:00:00 GMT
server
cloudflare
etag
"a2bea9973108d135d0e2ed91ee7a4863"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
content-disposition
inline; filename="secureworld-logo-2.webp"
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
8C7sadi_1ki1QqvhHVTxlDSccXzvI9qc
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
cf-ray
55c5c582bb9c96bc-FRA
x-amz-cf-id
N76OEdcYoEjOHVjml4zgCbREEgYrVa7F16vlB8dAlIXEdygNFtKW5A==
cf-bgj
imgq:85
l
use.typekit.net/af/bb3775/00000000000000000001569e/27/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/bb3775/00000000000000000001569e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.215.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-215-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
dcb769d61497a5dce38c3348ae7c237fd9be1942f7c042911d704717c1605ff9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
server
nginx
access-control-allow-origin
*
etag
"99f07ce58bc0e353bcdc4fa21533dd7a9de930b5"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
16476
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/fonts/ 		70 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
cf-cache-status
HIT
age
7909849
cf-ray
55c5c582bd19d70d-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length
71896
last-modified
Thu, 17 May 2018 09:19:12 GMT
server
cloudflare
etag
"5afd4910-118d8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
expires
Sun, 17 Jan 2021 20:38:42 GMT
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
served-in-seconds
0.000
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-29110626-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
309
date
Tue, 28 Jan 2020 20:33:33 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Tue, 28 Jan 2020 22:33:33 GMT
ransomware-money-shutterstock.jpg
www.secureworldexpo.com/hubfs/ 		100 KB
100 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworldexpo.com/hubfs/ransomware-money-shutterstock.jpg
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cb83b420a56223fdb308d5756d06d6112a639d9d592758a5cc82b5da81b86eb

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 96ab38d99b79d57e5c7e9b8a07c0fad3.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-amz-meta-cache-tag
F-6240528961,P-2221756,FLS-ALL
x-amz-cf-pop
FRA2-C1
edge-cache-tag
F-6240528961,P-2221756,FLS-ALL
status
200
content-length
101932
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 53
x-amz-request-id
5AB0F24A278ED7E5
x-amz-id-2
gLHUkQk4iIDmveZ9NYuwfzGidC0k71IIyAW+r+aKlc4Haa46mi76S5vPkE9dZu85vW76KpdLcsM=
last-modified
Thu, 27 Sep 2018 16:54:25 GMT
server
cloudflare
etag
"14ba9e55fff9cbc2d9153319ae2914fd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
llsIThycd9s.ve7OtbUbitaho.Zf9PS7
accept-ranges
bytes
cf-ray
55c5c582c8f3dfa5-FRA
x-amz-cf-id
F4GBQvhXW2zclDDAsVG7ul1YE847TqzPLtLJkvBNbF7noosIcr_Y7Q==
l
use.typekit.net/af/7e7807/00000000000000003b9adf8d/27/ 		11 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/7e7807/00000000000000003b9adf8d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.215.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-215-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
eddf849cf62612e5e4562a7cdc14184f9b62ff3ce9304d9cb6c2f3a0b56f8efc

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
server
nginx
access-control-allow-origin
*
etag
"5eae00594a6e4389351e7799a5ec80c9177b17d7"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11724
l
use.typekit.net/af/a6f15d/00000000000000000001569d/27/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/a6f15d/00000000000000000001569d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.215.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-215-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
04a7f69900ec09547b919c8a44e52a13933b9e4de1ebd97337d037f48e2b0209

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
server
nginx
access-control-allow-origin
*
etag
"d09f966d69c26891fac2c4897662016d1e2cf038"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
18764
l
use.typekit.net/af/394c5a/0000000000000000000156a1/27/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/394c5a/0000000000000000000156a1/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.215.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-215-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
487a1c1be7c36bf6d6263d1f0b698d2efab5b4a7d1c0e258a8d6f6ab2bccbbb5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
server
nginx
access-control-allow-origin
*
etag
"e8d3b4137e5c88f1f7df47c8f7c2d7e34fbe5f19"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
17996
moatframe.js
z.moatads.com/addthismoatframe568911941483/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
92.123.148.225 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-148-225.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Tue, 28 Jan 2020 20:38:42 GMT
Content-Encoding
gzip
Last-Modified
Fri, 08 Nov 2019 20:13:52 GMT
Server
AmazonS3
x-amz-request-id
D83A61431467282B
ETag
"f14b4e1f799b14f798a195f43cf58376"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=19175
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
948
x-amz-id-2
1xFtQxEHGi2dsRK9Kw5bEvIMszwV0bB1fCm27gfAjftPrbFG+CEco+iLAT25z6Fx616f7/DIFms=
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1896779855&t=pageview&_s=1&dl=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&ul=en-us&de=UTF-8&dt=Special%...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-29110626-1&cid=1725149517.1580243922&jid=700350409&_gid=808460683.1580243922&gjid=1072622286&_v=j79&z=197577209
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=1725149517.1580243922&jid=700350409&_v=j79&z=197577209
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=1725149517.1580243922&jid=700350409&_v=j79&z=197577209&slf_rd=1&random=5658294
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=1725149517.1580243922&jid=700350409&_v=j79&z=197577209&slf_rd=1&random=5658294
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jan 2020 20:38:42 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 28 Jan 2020 20:38:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-29110626-1&cid=1725149517.1580243922&jid=700350409&_v=j79&z=197577209&slf_rd=1&random=5658294
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		47 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2233819266208824&correlator=4394014056715892&output=ldjh&impl=fifs&adsid=NT&vrg=2020011602&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200128&iu_parts=562063608%2CBB1%2CBB2%2CBannerAd&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=300x250%2C300x250%2C970x90&cookie_enabled=1&bc=31&abxe=1&lmt=1580243922&dt=1580243922483&dlt=1580243922080&idt=384&frm=20&biw=1585&bih=1200&oid=3&adxs=1037%2C1037%2C308&adys=702%2C2210%2C115&adks=615754453%2C1619671624%2C2061276719&ucis=1%7C2%7C3&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&dssz=34&icsg=3225356963&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=362x250%7C362x250%7C1150x90&msz=300x-1%7C300x-1%7C1150x90&ga_vid=1725149517.1580243922&ga_sid=1580243923&ga_hid=1896779855&fws=0%2C0%2C0&ohw=0%2C0%2C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020011602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f2.1e100.net
Software
cafe /
Resource Hash
3ac848d5acb89245abe631e206af7f83dfafe03d3a091525fa179316e1ec04e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
6884
x-xss-protection
0
google-lineitem-id
4753518696,4756107021,5266016111
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138240073700,138240330104,138299868363
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.secureworldexpo.com
access-control-expose-headers
AMP-Verification-Checksum-Algorithm,AMP-Verification-Checksum,x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2020011602.js
securepubads.g.doubleclick.net/gpt/ 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020011602.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020011602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f2.1e100.net
Software
sffe /
Resource Hash
b2bd84dc001c544114fdcf9f1d58dfe7ae0cc08844365f36a7c40e42cf490d7d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 22 Jan 2020 20:10:16 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
24252
x-xss-protection
0
expires
Tue, 28 Jan 2020 20:38:42 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020011602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers
f9c697eb-4f35-4c94-a6fd-0f0abceafced
www.secureworldexpo.com/_hcms/forms/embed/v3/form/2221756/ 		19 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/_hcms/forms/embed/v3/form/2221756/f9c697eb-4f35-4c94-a6fd-0f0abceafced?callback=hs_reqwest_0&hutk=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6169072a2c395efa53442febda2603d59887b9f36471358f315cd399193b5289
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
x-trace
2BA8927902CAFFA52957D40B41A04B93189417F4E0000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
content-disposition
attachment; filename=no-rfd.txt
cf-ray
55c5c583fcd0dfa5-FRA
de00eec1-d1e4-4ed7-92a5-513850f7168f
www.secureworldexpo.com/_hcms/forms/embed/v3/form/2221756/ 		3 KB
938 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/_hcms/forms/embed/v3/form/2221756/de00eec1-d1e4-4ed7-92a5-513850f7168f?callback=hs_reqwest_1&hutk=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d92dce368fb70fbe50ae9c99aaa69972440697b1059b299843a0d1632552749
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
x-trace
2B41D30B3EE39619F4D9685D687752B349BB5DFB24000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
content-disposition
attachment; filename=no-rfd.txt
cf-ray
55c5c583fcd4dfa5-FRA
insight.min.js
snap.licdn.com/li.lms-analytics/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:39e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Tue, 28 Jan 2020 20:38:42 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=8944
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
all.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d745e50123619ce50adb34463ed9699ca8c9b5e6806d74c33abd66d75dfc0601
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
72ODm+Yii72FYQnBpmrmmA==
status
200
date
Tue, 28 Jan 2020 20:38:42 GMT, Tue, 28 Jan 2020 20:38:42 GMT
expires
Tue, 28 Jan 2020 20:52:06 GMT
alt-svc
h3-24=":443"; ma=3600
content-length
1778
x-fb-debug
6q5luMvK4DepCL0rhvzPnWFyQcpmEwaH2n45Awy5jw7yjDr0Ye60FD4iAJR8ATRuf11ZLLsts5SBSs9tw2fG9A==
x-fb-trip-id
1850256238
x-fb-content-md5
097b57598cfdc8c5178f3654776a4c55
etag
"9623f4f03be570548e0370673a34a9fc"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
widgets.js
platform.twitter.com/ 		95 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4196) /
Resource Hash
4dced00354b099d831f860145bbd0149f99889d4c45632e4d9e849f008123866

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Tue, 28 Jan 2020 20:38:42 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Jan 2020 22:50:12 GMT
Server
ECS (fcn/4196)
Age
358
Etag
"09356930f7674f04e767f5b1203faeb7+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
X-Cache
HIT
Content-Type
application/javascript; charset=utf-8
Content-Length
28838
l
use.typekit.net/af/3ad3aa/00000000000000000001569b/27/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/3ad3aa/00000000000000000001569b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.215.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-215-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1e54331d7158f9a0abb6782f264ae9461fa13459fd6062ffabe1dd26c35ce1e0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
server
nginx
access-control-allow-origin
*
etag
"fefd3dbe8b7ef1626c87462aa1d1e79b3dcd6e47"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
17452
l
use.typekit.net/af/9e46ec/00000000000000003b9adf8a/27/ 		11 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/9e46ec/00000000000000003b9adf8a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.215.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-215-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b1e1b7aa534882af2611627bea86667e9aa6382f1afaf501c92d52cfe800f9a1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
server
nginx
access-control-allow-origin
*
etag
"4cf766f30cb354bace1fc993c9fac290fcb99d54"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11672
l
use.typekit.net/af/cc82c8/00000000000000003b9adf93/27/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/cc82c8/00000000000000003b9adf93/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.215.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-215-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
9f4ae93de936fb5a15eec738abbb037cd8e5cc4e632a383701ad6d65462a432c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
server
nginx
access-control-allow-origin
*
etag
"18e006d1293afebbc42e8c739f3b1591ba611d5a"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11812
l
use.typekit.net/af/78f875/00000000000000003b9adf90/27/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/78f875/00000000000000003b9adf90/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.215.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-215-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3c82ee60664a2e794f5085023f75a11a962ace069300ab54b13332b6a2b49272

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
server
nginx
access-control-allow-origin
*
etag
"69acc88dceb338052e5f2d097c4a9fc618ff0d48"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
10780
l
use.typekit.net/af/66bb45/00000000000000003b9adf8b/27/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/66bb45/00000000000000003b9adf8b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.215.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-215-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
16c387cb1f0e7daac69f16408a334a4301300f4b62b1bc224d70b164155a6928

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
server
nginx
access-control-allow-origin
*
etag
"aab15115f34bdbbf651dee6879b1b18d8cd54b11"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11180
l
use.typekit.net/af/1db353/00000000000000003b9adf8f/27/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/1db353/00000000000000003b9adf8f/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/cfm6mzj.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.215.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-215-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3aef1fcf1a2eae7be06e1aec6d79c322385f74fb3e284428679e46af3b49a0b2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
server
nginx
access-control-allow-origin
*
etag
"9a26f87008ff7b9f0fbd10d7b7ef46650877431d"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
11260
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-57a915b0b3a6bc42/ 		2 KB
918 B 		Script
General
Check archive.org
Download Go to
Full URL
https://v1.addthisedge.com/live/boost/ra-57a915b0b3a6bc42/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.8.v20180619) /
Resource Hash
4fe02c4eb93ca44809f5c71605bfaaf4fca2007b17eea829b0d3a59fd9314bb8

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
gzip
surrogate-key
ra-57a915b0b3a6bc42
server
Jetty(9.4.8.v20180619)
etag
81691266--gzip
vary
Accept-Encoding
cache-tag
ra-57a915b0b3a6bc42
status
200
cache-control
public, max-age=60, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-type
application/javascript;charset=utf-8
content-length
673
public
api.hubapi.com/comments/v3/comments/thread/ 		75 B
514 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/comments/v3/comments/thread/public?portalId=2221756&offset=0&limit=1000&contentId=10855193339&collectionId=4214485368&callback=jsonp_1580243922572_90531
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/hsstatic/AsyncSupport/static-1.64/js/comment_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:cccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82bba6b0e1da07706d7cf51f66893fc9113d41a046c6e48400eed297ed989e63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
x-trace
2B000C10B67C48DB686EFC4041E14FE0466C6BBCC6000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
55c5c5843b78d6c1-FRA
leadflows.js
js.hsleadflows.net/ 		377 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/scriptloader/2221756.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:e9cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b89b93e101854f7b0372d77035f9c2d6053298f27c02f83e5b107cc756ddf62c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
via
1.1 c35f767218cbd1125d801b52fa785c8d.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
x-amz-cf-pop
IAD89-C3
x-cache
Hit from cloudfront
status
200
access-control-max-age
3000
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Thu, 23 Jan 2020 11:52:53 GMT
server
cloudflare
etag
W/"bd6209d758e3216b8a1194c86b5600ff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
x-amz-version-id
iLG7GM.AEUF7.PrqBQXdNiO0wv3O9AYh
access-control-allow-origin
*
cache-control
max-age=600
cf-ray
55c5c5848807e013-FRA
x-amz-cf-id
PANSyQwmXsV9ssxj1db5e9nU1kqDolXvxcLouMcJbk5ox3mu2p8Y7w==
2221756.js
js.hs-analytics.net/analytics/1580242800000/ 		75 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1580242800000/2221756.js
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/scriptloader/2221756.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:43b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a543441f6de60f81740b93e4a2b69baff5013f6e9211001882894133ba56523

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
x-amz-request-id
5810B47198EEEA0F
status
200
content-type
text/javascript
x-amz-id-2
za/XzrIuZjA8750JFqW+p2oh110i3+f87NO4DAudLY3zePkupnY6xDH1oLwcRjjsj//m/CSFJm8=
last-modified
Tue, 21 Jan 2020 15:30:56 GMT
server
cloudflare
etag
W/"4d50978683fd4570a965d6a4bbe21c29"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
cf-ray
55c5c5846c19d6c1-FRA
expires
Tue, 28 Jan 2020 20:43:42 GMT
modules.9ad849c74ae56ab50f63.js
script.hotjar.com/ 		401 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.9ad849c74ae56ab50f63.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-349336.js?sv=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.32.125 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress14
Software
/
Resource Hash
5bab148520bb9b4b911f4da5ab8fd2c4a32333142fa835aaa645d6094396aab4

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
br
content-type
application/javascript
age
21556
status
200
section-io-cache
Hit
content-length
71256
last-modified
Tue, 28 Jan 2020 14:35:53 GMT
etag
"1d20895803c0fbc2ae7dc220b20b6a79"
vary
Accept-Encoding
section-io-origin-status
200
access-control-allow-origin
*
cache-control
max-age=31536000
section-io-origin-time-seconds
0.024
accept-ranges
bytes
section-io-id
b87cdaa7042aec36f701e8153d079676
section-origin-responded
true
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1580243922617
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D651962%26url%3Dhttps%253A%252F%252Fwww.secureworldexpo.com%252Findustry-news%252F...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1580243922617&liSync=true
0
40 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1580243922617&liSync=true
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lva1
status
200
x-li-proto
http/2
x-li-pop
prod-efr5
content-type
application/javascript
content-length
0
x-li-uuid
fOS3tHkn7hXQge7IWCsAAA==

Redirect headers

date
Tue, 28 Jan 2020 20:38:42 GMT
x-content-type-options
nosniff
linkedin-action
1
status
302
strict-transport-security
max-age=2592000
content-length
0
x-li-uuid
/WZHq3kn7hWQM02n8yoAAA==
server
Play
pragma
no-cache
x-li-pop
prod-efr5
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options
sameorigin
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=651962&url=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&time=1580243922617&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012001221806580/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012001221806580/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020011602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d2bc5491363b3a8ab5e57227e4a10fd2cdaa5e293527058abbbd63373759eb75
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
7625
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7131
x-xss-protection
0
server
sffe
date
Tue, 28 Jan 2020 18:31:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"09535e94fb94a918"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jan 2021 18:31:37 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012001221806580/ Frame EF75 		200 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012001221806580/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020011602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bdad9c9eecd90477f53a4b2f7ba2145debb2ce1068081f6a66ad2288822ff909
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
5669
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
55698
x-xss-protection
0
server
sffe
date
Tue, 28 Jan 2020 19:04:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"0b24166e6b9b817d"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jan 2021 19:04:13 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012001221806580/v0/ Frame EF75 		152 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012001221806580/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020011602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e0e22e62bc829feecd9f522748fe34a84bd83c2f53d9fe952e65023d32fc4a4b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
5631
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
41640
x-xss-protection
0
server
sffe
date
Tue, 28 Jan 2020 19:04:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"251390e05b57ceba"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jan 2021 19:04:51 GMT
truncated
/ Frame EF75 		219 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
514215e98148af02c215abaa8653f4713262dab383c82839f95b310b438eadd4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-v0.js
cdn.ampproject.org/rtv/012001221806580/ Frame CF38 		200 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012001221806580/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020011602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bdad9c9eecd90477f53a4b2f7ba2145debb2ce1068081f6a66ad2288822ff909
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
5669
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
55698
x-xss-protection
0
server
sffe
date
Tue, 28 Jan 2020 19:04:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"0b24166e6b9b817d"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jan 2021 19:04:13 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012001221806580/v0/ Frame CF38 		152 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012001221806580/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020011602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e0e22e62bc829feecd9f522748fe34a84bd83c2f53d9fe952e65023d32fc4a4b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
5631
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
41640
x-xss-protection
0
server
sffe
date
Tue, 28 Jan 2020 19:04:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"251390e05b57ceba"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jan 2021 19:04:51 GMT
truncated
/ Frame CF38 		221 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dd4b8f4748e854883db07583e77461f437b7b47017a7639385e35e5b0b62f420

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-v0.js
cdn.ampproject.org/rtv/012001221806580/ Frame 7EE2 		200 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012001221806580/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020011602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bdad9c9eecd90477f53a4b2f7ba2145debb2ce1068081f6a66ad2288822ff909
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
5669
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
55698
x-xss-protection
0
server
sffe
date
Tue, 28 Jan 2020 19:04:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"0b24166e6b9b817d"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jan 2021 19:04:13 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012001221806580/v0/ Frame 7EE2 		152 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012001221806580/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020011602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e0e22e62bc829feecd9f522748fe34a84bd83c2f53d9fe952e65023d32fc4a4b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
5631
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
41640
x-xss-protection
0
server
sffe
date
Tue, 28 Jan 2020 19:04:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"251390e05b57ceba"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jan 2021 19:04:51 GMT
truncated
/ Frame 7EE2 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d840e63f07bf21b4612ee6f035e15ecc769765fdac79bee603bb1c842e693f8c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
image/png
17140841764478069583
tpc.googlesyndication.com/simgad/ Frame EF75 		58 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/17140841764478069583
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1494cbca9537c45291d168253d508dd3c3ed06978425df823b2bb4c126e86ca8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 07 Jan 2020 20:48:22 GMT
x-content-type-options
nosniff
age
1813820
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
59075
x-xss-protection
0
last-modified
Tue, 31 Jul 2018 17:14:24 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 Jan 2021 20:48:22 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame EF75 		0
290 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstg3SJbGCwgtL7BBJDtnnR2LdV-sQUZRgGMeGT5LEe2xZ5w2wOG1_90oeuVyvF72_dP90qm3cG-HSRP5CHoZo082qNNV38L4GsVbH9VPMzB_Bl28xrtJ4SW_-NescIHnFaMgjBOYTzCSCcczovi0aQD_i04sqfnvSgdJtJ4C7sSJiYQCELDghpqAS33cH2NJWhsFqppn8BnA4pbpdCk67w41j0xoCij-eo-02fxERpl6aCbeZClfMFrOHlckP6BglhvyxvO&sai=AMfl-YQR1HDJBwMv0ZvzZZwp_Hg5tMEjrqLtQCK0s4RDs_QyU5t7oY7XqrOgwFnD7cTFMdVQydpsdz8QWXhc9ZjgLiwUEgr7DI_vUHk5KXxG5Q&sig=Cg0ArKJSzE-8ChGaeAmvEAE&adurl=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 28 Jan 2020 20:38:42 GMT
4697575992943871195
tpc.googlesyndication.com/simgad/ Frame CF38 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/4697575992943871195
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73ff3f1e5637a839bd7e41cb4251b459f3df299694aa0d586719cb1a52a2ff0a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 22 Nov 2019 05:26:45 GMT
x-content-type-options
nosniff
age
5843517
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
45046
x-xss-protection
0
last-modified
Thu, 02 Aug 2018 19:56:34 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 21 Nov 2020 05:26:45 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame CF38 		0
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsury5ckIDPJEjp8ZainZi4o7lZWdcAxn4L4YpZMr5sLdHpsjhiK-yBs9OYR5mjTjJBKrg2x2F9FVLP1VFANrH8nF0VHHdGU8ngS7Xx_8hqW42kF2i9mDKVO99MB0UMZnnZIegurkoP_-G9mV69dhrfTdfgifc3TCyTLsbve7lhVcGDV036jx98X0ui7E_T8lUW8ol5fGC5AzkOGfL-ssm7S4hiHADz7M4DzqmSSMM5zOK3sYqMNOA0DD4qjm8-hzxMsA5-x&sai=AMfl-YQql5Q0k268BjivvqAie5wV-cDOoqbPVWbIqfHULPcGBx3iV_UXTcagIunjL_n-Xx8PrBfVwmwJ3-_p4K5pxov9HeqgMgkehaAxaMKAbA&sig=Cg0ArKJSzN4QlJZHCFNXEAE&adurl=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 28 Jan 2020 20:38:42 GMT
490727113965107706
tpc.googlesyndication.com/simgad/ Frame 7EE2 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/490727113965107706
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c15c90538657bfee2b2fee304d46c191aeb18d91b4ab42e382f5d3cd76fd325
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Wed, 08 Jan 2020 21:21:46 GMT
x-content-type-options
nosniff
age
1725416
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
63473
x-xss-protection
0
last-modified
Wed, 08 Jan 2020 19:50:06 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 07 Jan 2021 21:21:46 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 7EE2 		0
289 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuvukP8VZygBZSlOosG2Vv-SJ_UoKqCJAQoLQ390XrAmOLC42NnZ2ijOZihpXrT3xhmUWQZdUb6DZCzk_o4Y-ZHNKHZKPTGGZdAsZjmiAB1c0YHNCsRrmPLNQoUDTvov-g_mnTjNsLN0cK3Sxopfv-d12Mnv5Zjx9B1TL-iYiUJ0QMTayk1qtYn0gBgTJ9ymVVLzcbMgh_I544LPh6IEL_LY8Y2cHwbfQw62WF-ffpAzyb1cCCsuJgOKnGxAjcP0Po-CH58jXFrJa4&sai=AMfl-YT-R3UutAj6f35NhyVwNpk5m20OPgZ1h4fAyHj1urtrfoAa54nWurtLl8paC16ZipHgjko-XrmQM_7TSLR5fCDvGV_QV-_dc0RymVcXqQ&sig=Cg0ArKJSzBxh9S0YefYLEAE&adurl=
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 28 Jan 2020 20:38:42 GMT
all.js
connect.facebook.net/en_US/ 		191 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js?hash=cfefc0a4059531c3eccedac9978d9031&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
75710323f4a3ab56b6534897b86a43a57a82ac43c1d6851185a356920533531b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
iYGjxTSKdyyUaTyeaN1z4w==
status
200
date
Tue, 28 Jan 2020 20:38:42 GMT, Tue, 28 Jan 2020 20:38:42 GMT
expires
Wed, 27 Jan 2021 19:19:05 GMT
alt-svc
h3-24=":443"; ma=3600
content-length
58067
x-fb-debug
xFWA82odhomAztcXexi4qJLC4mfL1zSOZXszdO8pVWNYR6sBA1ctq2yQScyavUFhZ9Th+2AJtkH9CTYY/S3UfA==
x-fb-trip-id
1850256238
x-fb-content-md5
d8486ac95af9dc3d84fd8997958e271c
etag
"6d1e3fdbf439b7533a9b3d67dc0ecc10"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
widget_iframe.4f8aea4342a4ada72cba2bdffcff6b4d.html
platform.twitter.com/widgets/ Frame 624F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.4f8aea4342a4ada72cba2bdffcff6b4d.html?origin=https%3A%2F%2Fwww.secureworldexpo.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/419E) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
1633600
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Tue, 28 Jan 2020 20:38:42 GMT
Etag
"4b563298f37eb3ef2a2f8897be83c714+gzip"
Last-Modified
Thu, 09 Jan 2020 22:38:16 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/419E)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
5825
box-b736908ce6b0e933fad3a2e45df61b38.html
vars.hotjar.com/ Frame 21AE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-b736908ce6b0e933fad3a2e45df61b38.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-349336.js?sv=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.102.13 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress1
Software
/
Resource Hash

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-b736908ce6b0e933fad3a2e45df61b38.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
date
Tue, 28 Jan 2020 20:38:42 GMT
content-type
text/html
content-length
808
last-modified
Fri, 24 Jan 2020 09:28:03 GMT
etag
"ed7551919779fd07dbfe6d776c643379"
cache-control
max-age=31536000
content-encoding
br
section-io-origin-status
200
section-io-origin-time-seconds
0.134
section-origin-responded
true
age
179310
vary
Accept-Encoding
section-io-cache
Hit
accept-ranges
bytes
section-io-id
8cc6a2d6b8d2073855ce14ee424c7796
p.gif
p.typekit.net/ 		35 B
201 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.typekit.net/p.gif?s=1&k=cfm6mzj&ht=tk&h=www.secureworldexpo.com&f=24349.24352.24354.24355.27887.27970.28026.27954.27958.28025&a=657783&js=1.19.2&app=typekit&e=js&_=1580243922751
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.215.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-215-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
last-modified
Thu, 24 Oct 2019 01:02:00 GMT
server
nginx
access-control-allow-origin
*
etag
"5db0f808-23"
content-type
image/gif
status
200
cache-control
max-age=604800
accept-ranges
bytes
content-length
35
expires
Mon, 23 Dec 2019 09:51:43 GMT
api.js
www.google.com/recaptcha/ 		743 B
600 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
cf78cda4bae9032d0202cc6270bf5aba0e697c75875d33d2dd9b1a2da1b32280
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
475
x-xss-protection
1; mode=block
expires
Tue, 28 Jan 2020 20:38:42 GMT
490727113965107706
tpc.googlesyndication.com/simgad/ Frame 7EE2 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/490727113965107706
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001221806580/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c15c90538657bfee2b2fee304d46c191aeb18d91b4ab42e382f5d3cd76fd325
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Wed, 08 Jan 2020 21:21:46 GMT
x-content-type-options
nosniff
age
1725416
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
63473
x-xss-protection
0
last-modified
Wed, 08 Jan 2020 19:50:06 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 07 Jan 2021 21:21:46 GMT
layers.ab5cd98fe1b9a38a4a9f.js
s7.addthis.com/static/ 		263 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 18 Sep 2019 14:16:17 GMT
server
nginx/1.15.8
etag
W/"5d823c31-41b9f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Tue, 28 Jan 2020 20:38:43 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77528
17140841764478069583
tpc.googlesyndication.com/simgad/ Frame EF75 		58 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/17140841764478069583
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001221806580/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1494cbca9537c45291d168253d508dd3c3ed06978425df823b2bb4c126e86ca8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 07 Jan 2020 20:48:22 GMT
x-content-type-options
nosniff
age
1813820
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
59075
x-xss-protection
0
last-modified
Tue, 31 Jul 2018 17:14:24 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 Jan 2021 20:48:22 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/RDiPdrU_gv1XhhWy6nqfMf9O/ 		257 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/RDiPdrU_gv1XhhWy6nqfMf9O/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
07a651614bfef3f3a35d9a2ded0de50adaef4671abda32d38958ac4438b46cb6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 21 Jan 2020 22:55:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 21 Jan 2020 18:54:09 GMT
server
sffe
age
596620
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
94001
x-xss-protection
0
expires
Wed, 20 Jan 2021 22:55:02 GMT
4697575992943871195
tpc.googlesyndication.com/simgad/ Frame CF38 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/4697575992943871195
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001221806580/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73ff3f1e5637a839bd7e41cb4251b459f3df299694aa0d586719cb1a52a2ff0a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 22 Nov 2019 05:26:45 GMT
x-content-type-options
nosniff
age
5843518
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
45046
x-xss-protection
0
last-modified
Thu, 02 Aug 2018 19:56:34 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 21 Nov 2020 05:26:45 GMT
anchor
www.google.com/recaptcha/api2/ Frame 3371 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGRleHBvLmNvbTo0NDM.&hl=en&v=RDiPdrU_gv1XhhWy6nqfMf9O&size=invisible&badge=inline&cb=qps0fbsvsx1x
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/RDiPdrU_gv1XhhWy6nqfMf9O/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-fesh/0P3FztBU3wZS9lwsw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&co=aHR0cHM6Ly93d3cuc2VjdXJld29ybGRleHBvLmNvbTo0NDM.&hl=en&v=RDiPdrU_gv1XhhWy6nqfMf9O&size=invisible&badge=inline&cb=qps0fbsvsx1x
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 28 Jan 2020 20:38:43 GMT
content-security-policy
script-src 'report-sample' 'nonce-fesh/0P3FztBU3wZS9lwsw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
8566
server
GSE
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
bframe
www.google.com/recaptcha/api2/ Frame A13A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=RDiPdrU_gv1XhhWy6nqfMf9O&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&cb=c2pyz03oifly
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/RDiPdrU_gv1XhhWy6nqfMf9O/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-y/Qeoo00Kc7dyZSDkuanrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/bframe?hl=en&v=RDiPdrU_gv1XhhWy6nqfMf9O&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&cb=c2pyz03oifly
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 28 Jan 2020 20:38:43 GMT
content-security-policy
script-src 'report-sample' 'nonce-y/Qeoo00Kc7dyZSDkuanrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1156
server
GSE
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
truncated
/ 		443 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
image/png
loader-v2.js
www.secureworldexpo.com/hs/cta/ctas/v2/public/cs/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&__hsfp=643011938&__hssc=133074001.1.1580243923801&__hstc=133074001.77f9995f4f1a4d44b67e114caa949f48.1580243923801.1580243923801.1580243923801.1&canon=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&hsutk=77f9995f4f1a4d44b67e114caa949f48&pageId=10855193339&contentType=blog-post&pg=5b11748c-d8d9-47fd-b704-d273971b3380&pid=2221756&sv=static-1.212&lag=1363&rdy=1&cos=1&df=a
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f5a8cdb79bf55900f66001bb525207a1ec1d74aacd36b2c75274081fba0be71

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:43 GMT
content-encoding
gzip
cf-cache-status
MISS
server
cloudflare
x-trace
2B45663A4600B0AB98677E85062BC6A417BD18556E000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
55c5c58bcf80dfa5-FRA
content-length
2427
x-robots-tag
noindex, follow
__ptq.gif
track.hubspot.com/ 		45 B
326 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=de00eec1-d1e4-4ed7-92a5-513850f7168f&fci=394915d2-b5bb-4428-9baf-d35df9d9abfc&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=643011938&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1580243923804&vi=77f9995f4f1a4d44b67e114caa949f48&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fa05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:43 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
55c5c58bdf16e00b-FRA
content-type
image/gif
content-length
45
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=f9c697eb-4f35-4c94-a6fd-0f0abceafced&fci=f9e9b4b0-8f74-4f6f-aa77-30c19afa2390&ft=4&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=643011938&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1580243923806&vi=77f9995f4f1a4d44b67e114caa949f48&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fa05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:43 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
55c5c58bdf1de00b-FRA
content-type
image/gif
content-length
45
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=643011938&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1580243923806&vi=77f9995f4f1a4d44b67e114caa949f48&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fa05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:43 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
55c5c58bdf1ee00b-FRA
content-type
image/gif
content-length
45
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%225b11748c-d8d9-47fd-b704-d273971b3380%22%2C%223421d639-a5fd-4eaf-9f96-d0a7d7573a86%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=643011938&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1580243923957&vi=77f9995f4f1a4d44b67e114caa949f48&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fa05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:43 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
55c5c58cca2be00b-FRA
content-type
image/gif
content-length
45
x-robots-tag
none
cta-loaded.js
www.secureworldexpo.com/hs/cta/ctas/v2/public/cs/ 		0
203 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2221756&pg=5b11748c-d8d9-47fd-b704-d273971b3380&lt=1580243922439&dt=1580243923802&at=1580243923967&ae=1&sl=1&an=1
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:44 GMT
cf-cache-status
MISS
server
cloudflare
x-trace
2B8397FD014BCB866525C24BFA684549701D7440CE000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
status
200
cache-control
no-cache, no-store, no-transform, max-age=0
access-control-allow-credentials
false
cf-ray
55c5c58cdae8dfa5-FRA
x-robots-tag
noindex, follow
activeview
pagead2.googlesyndication.com/pcs/ Frame 7EE2 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst1W4geokCpY9yAwTGTtG37PyPdaNatc8IMFMPJ78sq1GosM7JiJLyEnfVS7mQZLoUR2jIeT7ql20VXHwr6Vu73V5p8I_52pw9goi1GIek&sig=Cg0ArKJSzA3pm_fUGXiUEAE&id=ampim&o=308,115&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=219&tls=1219&g=100&h=100&tt=1219&r=v&adk=2061276719&avms=ampa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jan 2020 20:38:44 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame EF75 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvVvMF-obp9xuZJx2xxSEMzPz7b2ZTMMvp8m2umTb6zprI2fU9OhhlgY7XBzjDdrk-QHImFxZ3exC74w40nuNkpp5ShV2GDCkJ6jGox3R4&sig=Cg0ArKJSzNsei-wCvKPsEAE&id=ampim&o=1037,647&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=204&tls=1204&g=100&h=100&tt=1204&r=v&adk=615754453&avms=ampa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jan 2020 20:38:44 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
perf
www.secureworldexpo.com/_hcms/ 		2 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.secureworldexpo.com/_hcms/perf
Requested by
Host: www.secureworldexpo.com
URL: https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:85b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-type
application/json

Response headers

cf-ray
55c5c59e7dc4dfa5-FRA
date
Tue, 28 Jan 2020 20:38:46 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-trace
2B0631BF2C4BEB2DE5600142827FE6D0C1B0A4CAA6000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
status
200
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
content-length
2
json
forms.hubspot.com/lead-flows-config/v1/config/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=2221756&contentId=10855193339&currentUrl=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fc05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f425ab984aa61aa3c7f783edd19ae623e784f9d6d0d39e78736eea4c654d58d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
Origin
https://www.secureworldexpo.com

Response headers

date
Tue, 28 Jan 2020 20:38:53 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
cf-ray
55c5c5c5480d63cb-FRA
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.secureworldexpo.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
__ptq.gif
track.hubspot.com/ 		45 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=16&fi=ddf8f101-3ef8-40f5-b822-072637c16780&lfi=313458&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=643011938&v=1.1&a=2221756&pi=10855193339&ct=blog-post&ccu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&cpi=10855193339&cgi=4214485368&lpi=10855193339&lvi=10855193339&lvc=en-us&pu=https%3A%2F%2Fwww.secureworldexpo.com%2Findustry-news%2Fhow-ryuk-ransomware-works&t=Special+Security+Advisory%3A+%27Ryuk+Ransomware+Targeting+Organizations+Globally%27&cts=1580243933185&vi=77f9995f4f1a4d44b67e114caa949f48&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fa05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 28 Jan 2020 20:38:53 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
55c5c5c66935e00b-FRA
content-type
image/gif
content-length
45
x-robots-tag
none

Verdicts & Comments Add Verdict or Comment

156 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery function| hsjQuery object| _hsq object| Typekit function| hj object| _hjSettings function| gtag object| dataLayer object| __core-js_shared__ object| Sslac object| IN function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry function| imagesLoaded object| Handlebars boolean| stickySideCTADisplayed object| jQuery17109779984284923038 object| googletag object| gptAdSlots object| google_tag_manager object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken function| stickyHeader string| GoogleAnalyticsObject function| ga object| featuredTopics function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| hbspt object| google_tag_data object| gaplugins object| gaGlobal object| gaData number| google_srt undefined| google_measure_js_timing number| __google_ad_urls_id number| google_unique_id function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage undefined| module_2866626 function| i18n_getmessage function| i18n_getlanguage object| hsCommentListing function| hsPopulateCommentsFeed function| hsPopulateCommentFormOnFormReady function| hsPopulateCommentFormOnFormSubmitted function| hsPopulateCommentFormGetExtraMetaDataBeforeSubmit function| hsOnReadyPopulateCommentsFeed object| globalRoot function| hns object| hubspot object| __hsRoot object| hspreserve undefined| React undefined| reqwest function| OutpostErrorReporter function| hmerge undefined| ReactDOM undefined| require undefined| requirejs undefined| module undefined| bootstrap object| HSFR function| hs_reqwest_0 function| hs_reqwest_1 object| hsVars string| _linkedin_partner_id object| _linkedin_data_partner_ids object| addthis_share object| addthis_config function| jsonp_1580243922572_90531 object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled boolean| __@@##MUH function| lintrk boolean| _already_called_lintrk function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter object| __google_ad_urls object| ampInaboxIframes object| ampInaboxPendingMessages object| FB object| __twttrll object| twttr object| __twttr object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP function| hsRecaptchaLoadCallback number| RECAPTCHA_INTERVAL object| _paq boolean| _hstc_loaded object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client function| defineProperties object| leadflows boolean| popupPoliceActive function| hns2 undefined| jade undefined| I18n undefined| hubspot_mailcheck undefined| Pikaday undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN object| recaptcha object| closure_lm_9259 object| _atw string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks number| len boolean| _hstc_ran string| __hsUserToken number| expireDateTime string| default_css string| cta_css boolean| LEAD_FLOW_DOCUMENT_READY_RAN

10 Cookies

Domain/Path Name / Value
.google.com/ Name: NID
Value: 196=UtnG5hwrpjyIRMMYnyX1PS3qRr2ljJLXNUNAmrDHZdpWUBfCDr4MU8zgJklk6_7FriIVXsrlLTo_kxRGRQTtB8rBU9X305nT4rB6mRKlbSpnwkpCwa60RRi1HrNc6qYPLni1JYT816GohVYWIJsj7Gh9PBnNoJhm8Y5x0-ukt1g
.secureworldexpo.com/ Name: _hjid
Value: 33f6ec7e-13c5-429d-a8b2-8c7ad66d3d5d
www.secureworldexpo.com/ Name: __atuvs
Value: 5e309bd2c300ebe3000
www.secureworldexpo.com/ Name: __atuvc
Value: 1%7C5
.secureworldexpo.com/ Name: __gads
Value: ID=da916d60e4c51b40:T=1580243922:S=ALNI_MY7zhHMFmrUKf-kM-VtQWaRdqZyjg
.secureworldexpo.com/ Name: _gid
Value: GA1.2.808460683.1580243922
.secureworldexpo.com/ Name: _gat_gtag_UA_29110626_1
Value: 1
.www.secureworldexpo.com/ Name: __cfruid
Value: 63effb3e44e643aebd4d613f5e04b5986e71c139-1580243922
.secureworldexpo.com/ Name: _ga
Value: GA1.2.1725149517.1580243922
.www.secureworldexpo.com/ Name: __cfduid
Value: d26309efc3a7e88fc41f674cd824a3fd71580243922

3 Console Messages

Source Level URL
Text
console-api info URL: https://cdn.ampproject.org/rtv/012001221806580/amp4ads-v0.js(Line 410)
Message:
Powered by AMP ⚡ HTML – Version 2001221806580 https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
console-api info URL: https://cdn.ampproject.org/rtv/012001221806580/amp4ads-v0.js(Line 410)
Message:
Powered by AMP ⚡ HTML – Version 2001221806580 https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works
console-api info URL: https://cdn.ampproject.org/rtv/012001221806580/amp4ads-v0.js(Line 410)
Message:
Powered by AMP ⚡ HTML – Version 2001221806580 https://www.secureworldexpo.com/industry-news/how-ryuk-ransomware-works

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
api.hubapi.com
cdn.ampproject.org
cdn.jsdelivr.net
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
forms.hubspot.com
js.hs-analytics.net
js.hsleadflows.net
no-cache.hubspot.com
p.typekit.net
pagead2.googlesyndication.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
s7.addthis.com
script.hotjar.com
securepubads.g.doubleclick.net
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
tpc.googlesyndication.com
track.hubspot.com
unpkg.com
use.typekit.net
v1.addthisedge.com
vars.hotjar.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.secureworldexpo.com
z.moatads.com
147.75.100.245
147.75.102.13
147.75.32.125
216.58.208.34
23.210.248.44
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:7daf
2606:4700::6810:fa05
2606:4700::6810:fc05
2606:4700::6811:4004
2606:4700::6811:4104
2606:4700::6811:43b0
2606:4700::6811:85b4
2606:4700::6811:cccc
2606:4700::6811:e9cc
2606:4700::6811:f4cc
2a00:1450:4001:806::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:814::2008
2a00:1450:4001:814::200e
2a00:1450:4001:817::2001
2a00:1450:4001:817::2003
2a00:1450:4001:81b::2002
2a00:1450:4001:81b::2004
2a00:1450:4001:821::2002
2a00:1450:4001:824::2003
2a00:1450:400c:c06::9b
2a02:26f0:10c:39a::25eb
2a02:26f0:10c:39e::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a04:4e42:1b::621
2a05:f500:10:101::b93f:9101
2a05:f500:10:101::b93f:9105
92.123.148.225
92.123.215.47
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
01238c0b3d70f0c96d84be0f867fd8e55c97a1545345310f7ca35feabd685915
0403e863ea9a4faae840af1e76a5c9a413e3958edbf81c4e7f0d1f5020105dae
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
04a7f69900ec09547b919c8a44e52a13933b9e4de1ebd97337d037f48e2b0209
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
07a651614bfef3f3a35d9a2ded0de50adaef4671abda32d38958ac4438b46cb6
09f439b49fd8ccd1abd10c152ca30c78bb690ecd5f0e556eb01a08f352a14158
0f6271d4170082022c463046416f4b3b6df7facd294251cd8d776c5401bc8be0
105580db30d3915f2122d4e07a985c069478dd6f64e25d58ff3bf4c6ba7d9200
147498d5be9d1aeb765c07a2789d7379a690cbcd52abcc1cacdd0203bd8e009b
1494cbca9537c45291d168253d508dd3c3ed06978425df823b2bb4c126e86ca8
16c387cb1f0e7daac69f16408a334a4301300f4b62b1bc224d70b164155a6928
1b0faadcc5d19cbb6652fcbc7742e641778a1437040d764f643b155ee2190248
1e54331d7158f9a0abb6782f264ae9461fa13459fd6062ffabe1dd26c35ce1e0
1f425ab984aa61aa3c7f783edd19ae623e784f9d6d0d39e78736eea4c654d58d
2c15c90538657bfee2b2fee304d46c191aeb18d91b4ab42e382f5d3cd76fd325
2fc3aa288e418b441ffa070d06efcda33580278d8c6bc7356521298fd79cd0f4
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
3ac848d5acb89245abe631e206af7f83dfafe03d3a091525fa179316e1ec04e5
3aef1fcf1a2eae7be06e1aec6d79c322385f74fb3e284428679e46af3b49a0b2
3c82ee60664a2e794f5085023f75a11a962ace069300ab54b13332b6a2b49272
3e7ae196488d11c550b2c2bdda02ab66d9b30d9ce3428175816fc7529d417b55
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
45d8a712ca77cd325fcaaf66940adab8fc7d87692dfab6795f4fe8af5761bbc2
487a1c1be7c36bf6d6263d1f0b698d2efab5b4a7d1c0e258a8d6f6ab2bccbbb5
4dced00354b099d831f860145bbd0149f99889d4c45632e4d9e849f008123866
4fe02c4eb93ca44809f5c71605bfaaf4fca2007b17eea829b0d3a59fd9314bb8
514215e98148af02c215abaa8653f4713262dab383c82839f95b310b438eadd4
51ccb84a0673c43c2b479d6d1b9065ff1275c01c93ab5d4274ddb469661cfcf8
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
59ec733cb38ee1c685cda9409cc5502f2ea47dd072f70b30146f5494dbe32ba8
5a543441f6de60f81740b93e4a2b69baff5013f6e9211001882894133ba56523
5bab148520bb9b4b911f4da5ab8fd2c4a32333142fa835aaa645d6094396aab4
614d46f690934c70d47e4bf84e31ce47938bb8ab53d4a03618c79aa0e7487595
6169072a2c395efa53442febda2603d59887b9f36471358f315cd399193b5289
66b8b22a26a552b702a0806283780d6d576940f80c1b071a7c73f186fcf4d902
73ff3f1e5637a839bd7e41cb4251b459f3df299694aa0d586719cb1a52a2ff0a
75710323f4a3ab56b6534897b86a43a57a82ac43c1d6851185a356920533531b
78613a6e5bab939b078feae691fb0661e2b2671dcce1b1be66517203b2a7b3b1
7cb83b420a56223fdb308d5756d06d6112a639d9d592758a5cc82b5da81b86eb
7d92dce368fb70fbe50ae9c99aaa69972440697b1059b299843a0d1632552749
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7f5a8cdb79bf55900f66001bb525207a1ec1d74aacd36b2c75274081fba0be71
82bba6b0e1da07706d7cf51f66893fc9113d41a046c6e48400eed297ed989e63
867055844a1f6fbb4cfd0f27c56ade1caacce5a3714784404927303a8dbc3b02
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
96abf166b3cbb5f7df525d86fdeeeccea4af3c120b19bc26b0613530a94e8b44
9a8ff50036f20394f742977e90d27f633f8fbad3fe3778aaecb3b542671344bc
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9e7e1ec94cb98f8ee2f2f9d4549030b15bf4198419cfab1b5eab13c13ecf26ff
9f4ae93de936fb5a15eec738abbb037cd8e5cc4e632a383701ad6d65462a432c
a9985842ec2aa6aae751d7bd2c870365389d21517f1968d822146980a9c558c0
ab449241b50123673e76dbcd70f869ae11d26920f0ce1670fdfd266308058179
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
b1e1b7aa534882af2611627bea86667e9aa6382f1afaf501c92d52cfe800f9a1
b2bd84dc001c544114fdcf9f1d58dfe7ae0cc08844365f36a7c40e42cf490d7d
b89b93e101854f7b0372d77035f9c2d6053298f27c02f83e5b107cc756ddf62c
ba9b45bb0dae052dfa016312364839c1fe3001edaf01d24c5f83a85ce6559224
bdad9c9eecd90477f53a4b2f7ba2145debb2ce1068081f6a66ad2288822ff909
c788eb6f164f76552b96cd75349f0a88b81be7472775a19f74436d711153a237
c92b3367b5fe4043730b6978e65a2cfbe6c0fa7a2eeadf0e904435aa9354877f
ca83bf6c4611e07ea8b93893694e16957cd66082de76afb1ee564fba6f055750
cb84dfde92c3f516c917d8b8a714cbedcb98908c2ca54c47f2eb27cc712ec39e
cf78cda4bae9032d0202cc6270bf5aba0e697c75875d33d2dd9b1a2da1b32280
d096836c66515e5ce415b57c5e2f19847ff367a41033463774291867b258ab7e
d0f8dc01b870f4220bb68c5ece91eb9aa5d2b459d84ae795567d9b068184bc54
d14339d074afb94a6253ceafa2e1ed61af6895f0b2c50c6f2ea6bb30a0f20509
d2706e604d16b9785e1a98e631df92c3402eb93e3d8160b6b0959f28d132e3ce
d2bc5491363b3a8ab5e57227e4a10fd2cdaa5e293527058abbbd63373759eb75
d745e50123619ce50adb34463ed9699ca8c9b5e6806d74c33abd66d75dfc0601
d840e63f07bf21b4612ee6f035e15ecc769765fdac79bee603bb1c842e693f8c
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcb769d61497a5dce38c3348ae7c237fd9be1942f7c042911d704717c1605ff9
dd4b8f4748e854883db07583e77461f437b7b47017a7639385e35e5b0b62f420
e0e22e62bc829feecd9f522748fe34a84bd83c2f53d9fe952e65023d32fc4a4b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e453876fb642a6b08b3ffafdc3b7c241de26aae0ee58db079e635fc1f682ef02
e85e480856bd1bfc6c8f2782e1cffcb33b19837fcbc24cc8b25ed969d30bbd11
e9547263f4efa5ceb610327448be0f2ca586a4c0f40f4822f8fdd940a786d450
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
eddf849cf62612e5e4562a7cdc14184f9b62ff3ce9304d9cb6c2f3a0b56f8efc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629