www.nomoreransom.org Open in urlscan Pro
65.9.77.28 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.nomoreransom.org/
Effective URL:
https://www.nomoreransom.org/
Submission: On June 30 via manual (June 30th 2021, 2:41:43 pm UTC) from US

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 65.9.77.28, located in United States and belongs to AMAZON-02, US. The main domain is www.nomoreransom.org.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on October 21st 2020. Valid for: a year.

This is the only time www.nomoreransom.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	65.9.77.28 65.9.77.28	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
17	3

15 65.9.77.28 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

www.nomoreransom.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	nomoreransom.org 1 redirects www.nomoreransom.org	356 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	doubleclick.net stats.g.doubleclick.net	464 B
17	3

	Domain	Requested by
15	www.nomoreransom.org	1 redirects www.nomoreransom.org
2	www.google-analytics.com	www.nomoreransom.org www.google-analytics.com
1	stats.g.doubleclick.net	www.google-analytics.com
17	3

This site contains no links.

Subject Issuer	Validity	Valid
*.nomoreransom.org GlobalSign RSA OV SSL CA 2018	`2020-10-21` - `2021-11-22`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-06-07` - `2021-08-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.nomoreransom.org/
Frame ID: 84B957E36313FD3F16F0A880AB79A157
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.nomoreransom.org/ HTTP 301
https://www.nomoreransom.org/ Page URL

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i
headers server /^AmazonS3$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

17
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

376 kB
Transfer

504 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.nomoreransom.org/ HTTP 301
https://www.nomoreransom.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.nomoreransom.org/
Redirect Chain

http://www.nomoreransom.org/
https://www.nomoreransom.org/

12 KB
3 KB

204ms
141ms

Document
text/html

65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4e53e933ce90b8f7de1bddce05cc7549853b643f26a881c056d842a27254d198

Request headers

Host: www.nomoreransom.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-replication-status: REPLICA
Last-Modified: Tue, 29 Jun 2021 13:05:42 GMT
x-amz-meta-replication-status: COMPLETED
x-amz-meta-version-id: FE5DTRz6fmKr_I.MkiIPJp_nG41eG7H.
x-amz-version-id: oHLXpW8LB6fOpCJ296xlnrvYIFOBYUAJ
Server: AmazonS3
Content-Encoding: gzip
Date: Wed, 30 Jun 2021 14:41:24 GMT
ETag: W/"59cbd59087c830afdf45fe4c59f54a8f"
Vary: Accept-Encoding
X-Cache: RefreshHit from cloudfront
Via: 1.1 025692f042f48f4d5f15fa44d00c09ee.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
X-Amz-Cf-Id: qIBUm_13ZlN9EKdaBDsiVwErSlOdZHdSELProA_5sLC5R5JcqWFDQA==

Redirect headers

Server: CloudFront
Date: Wed, 30 Jun 2021 14:41:23 GMT
Content-Type: text/html
Content-Length: 183
Connection: keep-alive
Location: https://www.nomoreransom.org/
X-Cache: Redirect from cloudfront
Via: 1.1 bdba42cf1410fb617eeb4ffd3e0b9cb7.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
X-Amz-Cf-Id: dDMIabdEoraQYv23q36iAFvRIL4o1fFofK0emXW0gjf-F2dBlWZAWw==

GET
H/1.1 200
OK fonts.css
www.nomoreransom.org/assets/css/ 2 KB
1 KB 182ms
182ms Stylesheet
text/css 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/css/fonts.css
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 859cb31b63f9449d8c6c90868b83ce857da4176836b4e51459007735a2e86cb1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: m9VQ5gfcsWXqy7OnQsVkINJ23G66GfOf
Content-Encoding: gzip
ETag: W/"03c7875ae6448db3930efa5061fbc504"
X-Amz-Cf-Pop: AMS1-C1
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:05:57 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:24 GMT
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 025692f042f48f4d5f15fa44d00c09ee.cloudfront.net (CloudFront)
x-amz-meta-version-id: EOQm69oekfwA0dEkvgV3MgxjmInFUqD_
X-Amz-Cf-Id: 4_X7M69ljFNbGEpZ0Yo9YhJvEQDmhEdstrUApn3tFhUSdOE4Iy7Ocw==

GET
H/1.1 200
OK common.css
www.nomoreransom.org/assets/css/ 25 KB
5 KB 192ms
133ms Stylesheet
text/css 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/css/common.css
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb3ebd5ef18d519c381c469a58c77a1d4d4c1be6809a840bf6c94c9605309d2d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: nPsNREZPNfy4UdWu54pP2mc09weNwPNS
Content-Encoding: gzip
ETag: W/"7f38b1a92a988ae1264bcff3fa0ec708"
X-Amz-Cf-Pop: AMS1-C1
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:05:57 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:24 GMT
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 e029c86e892e2d8a35492f6625a1d26e.cloudfront.net (CloudFront)
x-amz-meta-version-id: 5pruiaAa5Pw3DDCz8.8MEyCPX1aHdGRY
X-Amz-Cf-Id: PdbIlIbpksYTAlLwLnySn8mZTJ7-TmmqnUjgUBeoLo1JFart9pImDA==

GET
H/1.1 200
OK logo.svg
www.nomoreransom.org/assets/img/ 18 KB
8 KB 134ms
71ms Image
image/svg+xml 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nomoreransom.org/assets/img/logo.svg
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 518c5e87f716fff4402e2d5e321ddaf506e1588bd7765410cce22c73b1d69ef1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: haWBuH7T5nUE2jSGqDi5wnzYzJdNH8g.
Content-Encoding: gzip
ETag: W/"f305c11bad5f746a5b99e6d3bbef389f"
X-Amz-Cf-Pop: AMS1-C1
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:06:27 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:24 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Via: 1.1 084f866feba2345e668d9a32662696cf.cloudfront.net (CloudFront)
x-amz-meta-version-id: cnDny5yp2IxQ23RAtYTBWVC5UAQ1uMBq
X-Amz-Cf-Id: 521DJuKKYDePjhs5CjXDoEx4s2QYdHL_KMXPyvo6GSN52-LUKYgnkQ==

GET
H/1.1 200
OK jquery-3.2.1.min.js Show response
www.nomoreransom.org/assets/js/ 85 KB
30 KB 209ms
149ms Script
application/javascript 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/js/jquery-3.2.1.min.js
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.nomoreransom.org
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Origin: https://www.nomoreransom.org
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: PZb_ajmttGEQZOuBUvodrlZek0Vm8t4x
Content-Encoding: gzip
ETag: W/"c9f5aeeca3ad37bf2aa006139b935f0a"
X-Amz-Cf-Pop: AMS1-C1
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:06:21 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:24 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 ed3a324a0ea0d1dfe339969855915050.cloudfront.net (CloudFront)
x-amz-meta-version-id: 5zdnyy2RBVtC37Gh0DWhuTyL1yt22wND
X-Amz-Cf-Id: eJTvUtbncoCWwZ_9NBefRaoT2h_qAiXfxlaMA5PcmK0MyKFaxUnIXA==

GET
H/1.1 200
OK common.js Show response
www.nomoreransom.org/assets/js/ 3 KB
2 KB 204ms
141ms Script
application/javascript 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/js/common.js
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: baaeebbe73aecdb80214a15316b92d9c7181cca2ba2ae7810fa4e6c1bb8844f8

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: vf8zrbOf.fwtcQzy1h8CO.76Cg1PA0jb
Content-Encoding: gzip
ETag: W/"58243acf0082858ad9118568013348a6"
X-Amz-Cf-Pop: AMS1-C1
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:06:21 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:24 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 682270ef163d219cc7a50d1af232b97f.cloudfront.net (CloudFront)
x-amz-meta-version-id: 7SYGxKETYSlzr21tNBx4Cdobg.ceCQA0
X-Amz-Cf-Id: DyW09HTCYvDxCVoC2qg91qSstHKp2KQNOY_N9ICOSBaMLU58B7Nu5A==

GET
H/1.1 200
OK cookies.js Show response
www.nomoreransom.org/assets/js/ 12 KB
4 KB 193ms
130ms Script
application/javascript 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/js/cookies.js
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7f4b06a7fdbfb965696fbd255e5b0d349ed67b82a96d2a4c6238bb6360102931

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: vICQGYS6sCB_DTO4n78Zs4mxenAoBvjx
Content-Encoding: gzip
ETag: W/"b08d7a6d83abdd66e7bc5d24f5bb0793"
X-Amz-Cf-Pop: AMS1-C1
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:06:21 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:24 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 8dfd7af0583283ff28c8cd8eea759112.cloudfront.net (CloudFront)
x-amz-meta-version-id: h8snYv7Lzp0srCyQhLFS_c9ctk2rXJab
X-Amz-Cf-Id: SKdibed584wcsFGm0Lz3ZYLdnsAYBWvpamb--GzOoXKfp3YF4XEXYw==

GET
H/1.1 200
OK body-bg.jpg
www.nomoreransom.org/assets/img/slides_and_banners/ 49 KB
49 KB 131ms
131ms Image
image/jpeg 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nomoreransom.org/assets/img/slides_and_banners/body-bg.jpg
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/assets/css/common.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f799a153d6aeb1d93bc52f67490b222e7719c81cb59086cc5848adde63422f09

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nomoreransom.org/assets/css/common.css
Connection: keep-alive
Referer: https://www.nomoreransom.org/assets/css/common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: KiJpkBR5Y43Sv3e.4J2Z7wLNkh9jgyMr
Via: 1.1 8dfd7af0583283ff28c8cd8eea759112.cloudfront.net (CloudFront)
ETag: "b9770d329541a81105bb783b573bfbf8"
X-Amz-Cf-Pop: AMS1-C1
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 49691
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:08:47 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:25 GMT
Content-Type: image/jpeg
x-amz-meta-version-id: 69c5nA3AHEVKOKOlOKWJc.Wgp5p_1w5_
Accept-Ranges: bytes
X-Amz-Cf-Id: MWtfF3-0J_2o4nfn_jHapl_3Jqx_0ZZpdU_lvdqSEkYcrPajM7h-PQ==

GET
H/1.1 200
OK roboto-light-webfont.woff2
www.nomoreransom.org/assets/fonts/ 37 KB
38 KB 68ms
68ms Font
application/octet-stream 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/fonts/roboto-light-webfont.woff2
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/assets/css/fonts.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0ef6aa90e8125366170a1b07ec6f04da94be383d4e75a9334025027b7494cc8b

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.nomoreransom.org
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.nomoreransom.org/assets/css/fonts.css
Connection: keep-alive
Origin: https://www.nomoreransom.org
Referer: https://www.nomoreransom.org/assets/css/fonts.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 9PSuNyUfvvsrmStSYBKHConl0h_90w_x
Via: 1.1 e029c86e892e2d8a35492f6625a1d26e.cloudfront.net (CloudFront)
ETag: "9e5f6f3ac09757ba97e4d2ba3913fd14"
X-Amz-Cf-Pop: AMS1-C1
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 37864
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:06:16 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:25 GMT
Content-Type: application/octet-stream
x-amz-meta-version-id: H.a9Rivp3hkCwwcP2obYV788iB6_ynIX
Accept-Ranges: bytes
X-Amz-Cf-Id: bUT1mSTmIp3zKdWavrKRZ3D1dJt9ztO2k6PB0HAXDK4ZteKIlxd9yg==

GET
H/1.1 200
OK bg_3.png
www.nomoreransom.org/assets/img/ 2 KB
3 KB 139ms
139ms Image
image/png 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nomoreransom.org/assets/img/bg_3.png
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/assets/css/common.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 79391f9f548ee9f88e82e58e5be1d7925e25d174c58f7e96aea27610c23ea336

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nomoreransom.org/assets/css/common.css
Connection: keep-alive
Referer: https://www.nomoreransom.org/assets/css/common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: IkW_RMYN1ejk6SepgLoZELLDZhAdALyK
Via: 1.1 682270ef163d219cc7a50d1af232b97f.cloudfront.net (CloudFront)
ETag: "d6b16ad16492c31a596ce9bc20e56a62"
X-Amz-Cf-Pop: AMS1-C1
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 2253
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:06:21 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:25 GMT
Content-Type: image/png
x-amz-meta-version-id: VtE12oI8SH0H6f0p3j4ISZDgtxxQ_Mmu
Accept-Ranges: bytes
X-Amz-Cf-Id: PVdXWEn1RRpMQUHgSijMqgJY9cK-5BqXlV71Ff3VkFko9eH7mUJMdQ==

GET
H/1.1 200
OK roboto-regular-webfont.woff2
www.nomoreransom.org/assets/fonts/ 37 KB
38 KB 149ms
148ms Font
application/octet-stream 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/fonts/roboto-regular-webfont.woff2
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/assets/css/fonts.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a13ce21c487970ebfb8615b80207af9ffbf96f9b4c7c679e4348211fe1a30944

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.nomoreransom.org
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.nomoreransom.org/assets/css/fonts.css
Connection: keep-alive
Origin: https://www.nomoreransom.org
Referer: https://www.nomoreransom.org/assets/css/fonts.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: g9ZFT9E0w0WT8LRIh6ZpYNoiKVlvzoAE
Via: 1.1 025692f042f48f4d5f15fa44d00c09ee.cloudfront.net (CloudFront)
ETag: "bec63f5b26821d00ab7768a004383943"
X-Amz-Cf-Pop: AMS1-C1
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 37908
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:06:18 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:25 GMT
Content-Type: application/octet-stream
x-amz-meta-version-id: 3uPLT3vptmLaG4LYp6OSUEK4nxyxYSHK
Accept-Ranges: bytes
X-Amz-Cf-Id: 52QcN9OTEHx9HWny3LCKww-s49H_UTS-JBz8OGsRDiz-FAXhkO7JUA==

GET
H/1.1 200
OK b52-webfont.woff
www.nomoreransom.org/assets/fonts/ 124 KB
125 KB 138ms
138ms Font
application/font-woff 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/fonts/b52-webfont.woff
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/assets/css/fonts.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cd2af77afcebe707343a62043678559b2a4d0d788c0d37fe36d8c392ce112c6f

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.nomoreransom.org
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.nomoreransom.org/assets/css/fonts.css
Connection: keep-alive
Origin: https://www.nomoreransom.org
Referer: https://www.nomoreransom.org/assets/css/fonts.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 1E2nCZpyPpypH_00JfZOwzB6oyXPiQan
Via: 1.1 084f866feba2345e668d9a32662696cf.cloudfront.net (CloudFront)
ETag: "4b75e59280720ab9802f9f3d83701a4a"
X-Amz-Cf-Pop: AMS1-C1
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 126996
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:06:01 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:25 GMT
Content-Type: application/font-woff
x-amz-meta-version-id: HxWDhZOyxw3eo_ebL8z9Qs0T76gsgssw
Accept-Ranges: bytes
X-Amz-Cf-Id: 2Kr25t78VfKuq9WDkXixPZVNQeoeK0mPMHgqRc1n0IHJOpqcOcRjIA==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 4179
date: Wed, 30 Jun 2021 13:31:45 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Wed, 30 Jun 2021 15:31:45 GMT

GET
H/1.1 200
OK /
www.nomoreransom.org/ 12 KB
12 KB 29ms
29ms Image
text/html 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nomoreransom.org/
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: oHLXpW8LB6fOpCJ296xlnrvYIFOBYUAJ
Content-Encoding: gzip
ETag: W/"59cbd59087c830afdf45fe4c59f54a8f"
Age: 1
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:05:42 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:24 GMT
Vary: Accept-Encoding
Content-Type: text/html
Via: 1.1 ed3a324a0ea0d1dfe339969855915050.cloudfront.net (CloudFront)
x-amz-meta-version-id: FE5DTRz6fmKr_I.MkiIPJp_nG41eG7H.
X-Amz-Cf-Pop: AMS1-C1
X-Amz-Cf-Id: X9ioKoZUdDyIeXvvwbYWqUNeERuq7P-t3Kl_BRorv6Z2BEhx-kYfFw==

GET
H/1.1 200
OK roboto-bold-webfont.woff2
www.nomoreransom.org/assets/fonts/ 38 KB
39 KB 84ms
61ms Font
application/octet-stream 65.9.77.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/fonts/roboto-bold-webfont.woff2
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/assets/css/fonts.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 659ebe79422bc9fe13e768ff54462233086a47f50d8617392227b9876ade160f

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.nomoreransom.org
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.nomoreransom.org/assets/css/fonts.css
Connection: keep-alive
Origin: https://www.nomoreransom.org
Referer: https://www.nomoreransom.org/assets/css/fonts.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: RBiUJ2m_3LM4e_nq4blPuI6m7QD5Sjj_
Via: 1.1 e029c86e892e2d8a35492f6625a1d26e.cloudfront.net (CloudFront)
ETag: "28426a84d4574266bf5488fe42814c51"
X-Amz-Cf-Pop: AMS1-C1
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 38892
x-amz-meta-replication-status: COMPLETED
Last-Modified: Tue, 29 Jun 2021 13:06:13 GMT
Server: AmazonS3
Date: Wed, 30 Jun 2021 14:41:25 GMT
Content-Type: application/octet-stream
x-amz-meta-version-id: OJnP4A2DU6V1Yb92y3JwkuJzSs9lI6PH
Accept-Ranges: bytes
X-Amz-Cf-Id: gO6Zg6_vBs4q58dBJqT5NYcB5EGi9hOHWTi5uc-kK8A8Fj6Z-oJjog==

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=885386991&t=pageview&_s=1&dl=https%3A%2F%2Fwww.nomoreransom.org%2F&ul=en-us&de=UTF-8&dt=The%20No%20More%20Ransom%20Project&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1263371405&gjid=2035133453&cid=1989106544.1625064084&tid=UA-61587331-39&_gid=892512621.1625064084&_r=1&_slc=1&z=898553413

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 14:41:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.nomoreransom.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
464 B 42ms
16ms XHR
text/plain 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-61587331-39&cid=1989106544.1625064084&jid=1263371405&gjid=2035133453&_gid=892512621.1625064084&_u=IEBAAEAAAAAAAC~&z=492733279

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 30 Jun 2021 14:41:24 GMT
content-type: text/plain
access-control-allow-origin: https://www.nomoreransom.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nomoreransom.org/	1970-01-19 19:25:50	Name: _gid Value: GA1.2.892512621.1625064084
.nomoreransom.org/	1970-01-19 19:24:24	Name: _gat Value: 1
.nomoreransom.org/	1970-01-20 12:55:36	Name: _ga Value: GA1.2.1989106544.1625064084

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

stats.g.doubleclick.net
www.google-analytics.com
www.nomoreransom.org
2a00:1450:4001:80f::200e
2a00:1450:400c:c08::9d
65.9.77.28
0ef6aa90e8125366170a1b07ec6f04da94be383d4e75a9334025027b7494cc8b
4e53e933ce90b8f7de1bddce05cc7549853b643f26a881c056d842a27254d198
518c5e87f716fff4402e2d5e321ddaf506e1588bd7765410cce22c73b1d69ef1
659ebe79422bc9fe13e768ff54462233086a47f50d8617392227b9876ade160f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
79391f9f548ee9f88e82e58e5be1d7925e25d174c58f7e96aea27610c23ea336
7f4b06a7fdbfb965696fbd255e5b0d349ed67b82a96d2a4c6238bb6360102931
859cb31b63f9449d8c6c90868b83ce857da4176836b4e51459007735a2e86cb1
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
a13ce21c487970ebfb8615b80207af9ffbf96f9b4c7c679e4348211fe1a30944
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
baaeebbe73aecdb80214a15316b92d9c7181cca2ba2ae7810fa4e6c1bb8844f8
cd2af77afcebe707343a62043678559b2a4d0d788c0d37fe36d8c392ce112c6f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f799a153d6aeb1d93bc52f67490b222e7719c81cb59086cc5848adde63422f09
fb3ebd5ef18d519c381c469a58c77a1d4d4c1be6809a840bf6c94c9605309d2d

www.nomoreransom.org Open in urlscan Pro 65.9.77.28 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

376 kBTransfer

504 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

3 Cookies

Indicators

www.nomoreransom.org Open in urlscan Pro
65.9.77.28 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

376 kB
Transfer

504 kB
Size

3
Cookies

17 HTTP transactions
0 data transactions