www.nomoreransom.org Open in urlscan Pro
52.222.149.252 Public Scan

URL:
https://www.nomoreransom.org/
Submission: On May 22 via api (May 22nd 2020, 4:03:38 am UTC) from US

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 16 HTTP transactions. The main IP is 52.222.149.252, located in Seattle, United States and belongs to AMAZON-02, US. The main domain is www.nomoreransom.org.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on September 9th 2019. Valid for: a year.

This is the only time www.nomoreransom.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	52.222.149.252 52.222.149.252	16509 (AMAZON-02) (AMAZON-02)
1 2	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
16	3

14 52.222.149.252 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-149-252.fra53.r.cloudfront.net

www.nomoreransom.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	nomoreransom.org www.nomoreransom.org	356 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
1	doubleclick.net stats.g.doubleclick.net	99 B
16	3

	Domain	Requested by
14	www.nomoreransom.org	www.nomoreransom.org
2	www.google-analytics.com	1 redirects www.nomoreransom.org
1	stats.g.doubleclick.net	www.nomoreransom.org
16	3

This site contains no links.

Subject Issuer	Validity	Valid
*.nomoreransom.org GlobalSign RSA OV SSL CA 2018	`2019-09-09` - `2020-10-22`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-05-05` - `2020-07-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-05-05` - `2020-07-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.nomoreransom.org/
Frame ID: 6C3EE84F1D0D595FE66B90B55FD37260
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i
headers server /^AmazonS3$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

16
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

374 kB
Transfer

500 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1072240842&t=pageview&_s=1&dl=https%3A%2F%2Fwww.nomoreransom.org%2F&ul=en-us&de=UTF-8&dt=The%20No%20More%20Ransom%20Project&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1680005529&gjid=141475751&cid=1134785869.1590120188&tid=UA-61587331-39&_gid=422090826.1590120188&_r=1&z=1527486798 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-61587331-39&cid=1134785869.1590120188&jid=1680005529&_gid=422090826.1590120188&gjid=141475751&_v=j82&z=1527486798

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.nomoreransom.org/ 12 KB
3 KB 253ms
60ms Document
text/html 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 94657510b89dac37fe3dbecf192a4a582c9239b5c31861df8672b36bcd4e3150

Request headers

Host: www.nomoreransom.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 22 May 2020 04:02:28 GMT
x-amz-replication-status: REPLICA
Last-Modified: Wed, 06 May 2020 13:26:09 GMT
x-amz-meta-replication-status: COMPLETED
x-amz-meta-version-id: JMPExZVHKSQEqVAYh4L.pNBxGbkposnS
x-amz-version-id: 1TrJEjI_Q43rZ3W3JBHPrypckRKVsNme
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53
X-Amz-Cf-Id: wFebEM7jVVPWxfH1hGBjFpfa5sILsTOxlGZEcgoKP74bmmGH5cdNTg==
Age: 40

GET
H/1.1 200
OK fonts.css
www.nomoreransom.org/assets/css/ 2 KB
1016 B 64ms
62ms Stylesheet
text/css 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/css/fonts.css
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 859cb31b63f9449d8c6c90868b83ce857da4176836b4e51459007735a2e86cb1

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: Gqbj.ZFmVkSUfUCRjyIXXcS19ffngygu
Content-Encoding: gzip
Age: 40
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:27:22 GMT
Server: AmazonS3
Date: Fri, 22 May 2020 04:02:28 GMT
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
x-amz-meta-version-id: bIAq3ipTpF01ysEEExuCOfynvkLISrBa
X-Amz-Cf-Pop: FRA53
X-Amz-Cf-Id: 5dGLoFcc4dMy5fcXuPUZvszJIP13p_E_iZiUtUDcj8e4f7zbbENNBQ==

GET
H/1.1 200
OK common.css
www.nomoreransom.org/assets/css/ 25 KB
5 KB 124ms
60ms Stylesheet
text/css 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/css/common.css
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fb3ebd5ef18d519c381c469a58c77a1d4d4c1be6809a840bf6c94c9605309d2d

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: SaYMHYq8j2uaC4IAbbzw_yKd2epA1dtp
Content-Encoding: gzip
Age: 40
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:27:22 GMT
Server: AmazonS3
Date: Fri, 22 May 2020 04:02:28 GMT
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
x-amz-meta-version-id: 6MK0PFYc1QeWaranZN5TB7M3Ivowtj4T
X-Amz-Cf-Pop: FRA53
X-Amz-Cf-Id: T1vR9yRgVGQWtoqfHTbXuuEAHjQhubSHQ4IWx5pp3ZwqLxErnfMb0A==

GET
H/1.1 200
OK logo.svg
www.nomoreransom.org/assets/img/ 18 KB
8 KB 186ms
60ms Image
image/svg+xml 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nomoreransom.org/assets/img/logo.svg
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 518c5e87f716fff4402e2d5e321ddaf506e1588bd7765410cce22c73b1d69ef1

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: 4iE7dMzFLymd1vqbZBOUCkLi.0cWh496
Content-Encoding: gzip
Age: 41
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:27:42 GMT
Server: AmazonS3
Date: Fri, 22 May 2020 04:02:28 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
x-amz-meta-version-id: kBK5SklewdMfBV9tqEkOO2QHDnQnlpAE
X-Amz-Cf-Pop: FRA53
X-Amz-Cf-Id: qFavnRyLLXjzVUKwBfaljhVGjV0iSMCxpIL6o8cvA_PSw7HCaX1ehQ==

GET
H/1.1 200
OK jquery-3.2.1.min.js Show response
www.nomoreransom.org/assets/js/ 85 KB
30 KB 174ms
60ms Script
application/javascript 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/js/jquery-3.2.1.min.js
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.nomoreransom.org/
Origin: https://www.nomoreransom.org

Response headers

x-amz-version-id: Xb0_eDraFaIjdYJYRPTdCTl54KHAlyHb
Content-Encoding: gzip
Age: 41
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:27:47 GMT
Server: AmazonS3
Date: Fri, 22 May 2020 04:02:28 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 ec27b2a550cb7db6ef54f74603010b29.cloudfront.net (CloudFront)
x-amz-meta-version-id: Gp_KpE0qsjrxkQo24L3BV.9Zls4MrA31
X-Amz-Cf-Pop: FRA53
X-Amz-Cf-Id: rcw5ssa0VWXX-iasP6GqTj1_gyKUf_eWUJJKMj8ORVd6pdEyl00eVw==

GET
H/1.1 200
OK common.js Show response
www.nomoreransom.org/assets/js/ 3 KB
2 KB 182ms
61ms Script
application/javascript 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/js/common.js
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: baaeebbe73aecdb80214a15316b92d9c7181cca2ba2ae7810fa4e6c1bb8844f8

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: YCp7kgORYlQLz1NpsTcrm2wLo__6R4su
Content-Encoding: gzip
Age: 41
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:27:47 GMT
Server: AmazonS3
Date: Fri, 22 May 2020 04:02:28 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 4d1cbe225c5d30aa78ec9a6fa1ba4211.cloudfront.net (CloudFront)
x-amz-meta-version-id: YVOwojn9JK7i1qXhhDpBOl6pXXUpXOgL
X-Amz-Cf-Pop: FRA53
X-Amz-Cf-Id: hSIczyPcDYV1Tl1yC_dD14t4tzbCyC_EsRF7m7olME4p4lZDqX7PDQ==

GET
H/1.1 200
OK cookies.js Show response
www.nomoreransom.org/assets/js/ 12 KB
4 KB 184ms
62ms Script
application/javascript 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/js/cookies.js
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7f4b06a7fdbfb965696fbd255e5b0d349ed67b82a96d2a4c6238bb6360102931

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: uVybFjg931r6fRmb3kCx66ejZt3VcbEr
Content-Encoding: gzip
Age: 40
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:27:47 GMT
Server: AmazonS3
Date: Fri, 22 May 2020 04:02:28 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 b7f7970e9c911e165d4cb9f70deac42a.cloudfront.net (CloudFront)
x-amz-meta-version-id: 4l2bBJEaFkUEcZ20stiCm.D.__hQag2U
X-Amz-Cf-Pop: FRA53
X-Amz-Cf-Id: D7P_A0NhtrKIwcGP5_xQp5Q19J-mYx6hAMV4oOr-xkBzyKN4qlhzMw==

GET
H/1.1 200
OK body-bg.jpg
www.nomoreransom.org/assets/img/slides_and_banners/ 49 KB
49 KB 68ms
68ms Image
image/jpeg 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nomoreransom.org/assets/img/slides_and_banners/body-bg.jpg
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f799a153d6aeb1d93bc52f67490b222e7719c81cb59086cc5848adde63422f09

Request headers

Referer: https://www.nomoreransom.org/assets/css/common.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 22 May 2020 04:02:28 GMT
Via: 1.1 23082ff4de65f70078e091bc7cd0cf24.cloudfront.net (CloudFront)
Age: 41
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 49691
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:28:18 GMT
Server: AmazonS3
ETag: "b9770d329541a81105bb783b573bfbf8"
x-amz-version-id: 5F9XT8w6LH27Bq39FVcFS93QK2EHVkhS
x-amz-meta-version-id: foQjrdVREyQIJC_HGRm8tezQYjltSaOe
X-Amz-Cf-Pop: FRA53
Accept-Ranges: bytes
Content-Type: image/jpeg
X-Amz-Cf-Id: Az1tuV-K3mpX0x4Y8Z8EBrbXXq8Y1kq3c4Ac4jxw8IdyUb2sKWKLhw==

GET
H/1.1 200
OK bg_3.png
www.nomoreransom.org/assets/img/ 2 KB
3 KB 68ms
68ms Image
image/png 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nomoreransom.org/assets/img/bg_3.png
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 79391f9f548ee9f88e82e58e5be1d7925e25d174c58f7e96aea27610c23ea336

Request headers

Referer: https://www.nomoreransom.org/assets/css/common.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: 7__mi2ipSAfvCMey84xl6kT9Yhxlzz00
Via: 1.1 c40ee2288a7db28fefd61c3f2ec7ccd7.cloudfront.net (CloudFront)
ETag: "d6b16ad16492c31a596ce9bc20e56a62"
Age: 41
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 2253
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:27:39 GMT
Server: AmazonS3
Date: Fri, 22 May 2020 04:02:28 GMT
Content-Type: image/png
x-amz-meta-version-id: 6jJ.epOXzIYeJaW1lGUEb4s26V8DJVT9
X-Amz-Cf-Pop: FRA53
Accept-Ranges: bytes
X-Amz-Cf-Id: M8Oa3Am2-FmdMTNKn-XFZ6jjd6Rv_ZVw1wWTmGHjF7G3Jxl9p3A9AA==

GET
H/1.1 200
OK b52-webfont.woff
www.nomoreransom.org/assets/fonts/ 124 KB
125 KB 118ms
66ms Font
application/font-woff 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/fonts/b52-webfont.woff
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd2af77afcebe707343a62043678559b2a4d0d788c0d37fe36d8c392ce112c6f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.nomoreransom.org/assets/css/fonts.css
Origin: https://www.nomoreransom.org

Response headers

x-amz-version-id: S4R0VrvWgykhrQUJxfYYnW4zC7LngH5X
Via: 1.1 4d1cbe225c5d30aa78ec9a6fa1ba4211.cloudfront.net (CloudFront)
ETag: "4b75e59280720ab9802f9f3d83701a4a"
Age: 41
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 126996
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:27:24 GMT
Server: AmazonS3
Date: Fri, 22 May 2020 04:02:28 GMT
Content-Type: application/font-woff
x-amz-meta-version-id: Ct6rSujY_QNfK_3gye5YL1EidPVs_eDi
X-Amz-Cf-Pop: FRA53
Accept-Ranges: bytes
X-Amz-Cf-Id: OlTmaia34hk1jjSUmi3oqOXw7KOIijpBldVP4JUhTx_wxZ9e7HXQuA==

GET
H/1.1 200
OK roboto-regular-webfont.woff2
www.nomoreransom.org/assets/fonts/ 37 KB
38 KB 121ms
66ms Font
application/octet-stream 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/fonts/roboto-regular-webfont.woff2
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a13ce21c487970ebfb8615b80207af9ffbf96f9b4c7c679e4348211fe1a30944

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.nomoreransom.org/assets/css/fonts.css
Origin: https://www.nomoreransom.org

Response headers

x-amz-version-id: vMEGjio9zCPWfBCYhXBZuUTXldq1Rd4d
Via: 1.1 b7f7970e9c911e165d4cb9f70deac42a.cloudfront.net (CloudFront)
ETag: "bec63f5b26821d00ab7768a004383943"
Age: 41
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 37908
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:27:36 GMT
Server: AmazonS3
Date: Fri, 22 May 2020 04:02:28 GMT
Content-Type: application/octet-stream
x-amz-meta-version-id: 19Am3KtKZnebcXbig3Bag3GzDLUo0N76
X-Amz-Cf-Pop: FRA53
Accept-Ranges: bytes
X-Amz-Cf-Id: FpbWkilWRugedrs344CqyKR_L8eaOYkCfrLYLFH2zWw-e43HSvEFNg==

GET
H/1.1 200
OK roboto-light-webfont.woff2
www.nomoreransom.org/assets/fonts/ 37 KB
38 KB 110ms
57ms Font
application/octet-stream 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/fonts/roboto-light-webfont.woff2
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0ef6aa90e8125366170a1b07ec6f04da94be383d4e75a9334025027b7494cc8b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.nomoreransom.org/assets/css/fonts.css
Origin: https://www.nomoreransom.org

Response headers

x-amz-version-id: WVYNHzUHeQ8LJXGCbqfXpTwtssKSjw2O
Via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
ETag: "9e5f6f3ac09757ba97e4d2ba3913fd14"
Age: 41
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 37864
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:27:35 GMT
Server: AmazonS3
Date: Fri, 22 May 2020 04:02:28 GMT
Content-Type: application/octet-stream
x-amz-meta-version-id: 6aMGMgKMIay0f2O4iiwcBof0ZEHUSO7E
X-Amz-Cf-Pop: FRA53
Accept-Ranges: bytes
X-Amz-Cf-Id: NOkDimRtdPzDWi3g-gkSnl6qtp9_Z5u1ng8vyjkfklkwwNaBKHLdhQ==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 4009
date: Fri, 22 May 2020 02:56:19 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18433
expires: Fri, 22 May 2020 04:56:19 GMT

GET
H/1.1 200
OK /
www.nomoreransom.org/ 12 KB
12 KB 63ms
63ms Image
text/html 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nomoreransom.org/
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 22 May 2020 04:02:28 GMT
Content-Encoding: gzip
Age: 41
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:26:09 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-version-id: 1TrJEjI_Q43rZ3W3JBHPrypckRKVsNme
Via: 1.1 ec27b2a550cb7db6ef54f74603010b29.cloudfront.net (CloudFront)
x-amz-meta-version-id: JMPExZVHKSQEqVAYh4L.pNBxGbkposnS
X-Amz-Cf-Pop: FRA53
Content-Type: text/html
X-Amz-Cf-Id: WqQU3yCFo1qOI1k2Zy8ySZuz25zJXSqmxRHJt8zDeM4slboAsKzreg==

GET
H/1.1 200
OK roboto-bold-webfont.woff2
www.nomoreransom.org/assets/fonts/ 38 KB
39 KB 93ms
92ms Font
application/octet-stream 52.222.149.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nomoreransom.org/assets/fonts/roboto-bold-webfont.woff2
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.252 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-252.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 659ebe79422bc9fe13e768ff54462233086a47f50d8617392227b9876ade160f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.nomoreransom.org/assets/css/fonts.css
Origin: https://www.nomoreransom.org

Response headers

x-amz-version-id: wZKj2dvV78t_TjBPFLHkpOnWZ6g04Jsb
Via: 1.1 c40ee2288a7db28fefd61c3f2ec7ccd7.cloudfront.net (CloudFront)
ETag: "28426a84d4574266bf5488fe42814c51"
Age: 41
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 38892
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 06 May 2020 13:27:33 GMT
Server: AmazonS3
Date: Fri, 22 May 2020 04:02:28 GMT
Content-Type: application/octet-stream
x-amz-meta-version-id: E8yBKDcksYqbdyeA7oggjiy6p9EFLu7r
X-Amz-Cf-Pop: FRA53
Accept-Ranges: bytes
X-Amz-Cf-Id: KYPRKu384v5JZrmr1jWKXcgz3Q6Equl-uIc-h8uI-RGfWkqp09ysCQ==

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1072240842&t=pageview&_s=1&dl=https%3A%2F%2Fwww.nomoreransom.org%2F&ul=en-us&de=UTF-8&dt=The%20No%20More%20Ransom%20Project&sd=24-bit&sr=1600...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-61587331-39&cid=1134785869.1590120188&jid=1680005529&_gid=422090826.1590120188&gjid=141475751&_v=j82&z=1527486798

35 B
99 B

15ms
15ms

Image
image/gif

2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-61587331-39&cid=1134785869.1590120188&jid=1680005529&_gid=422090826.1590120188&gjid=141475751&_v=j82&z=1527486798

Requested by

Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 22 May 2020 04:03:08 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 22 May 2020 04:03:08 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-61587331-39&cid=1134785869.1590120188&jid=1680005529&_gid=422090826.1590120188&gjid=141475751&_v=j82&z=1527486798
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 419
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nomoreransom.org/	1970-01-19 09:43:26	Name: _gid Value: GA1.2.422090826.1590120188
.nomoreransom.org/	1970-01-19 09:42:00	Name: _gat Value: 1
.nomoreransom.org/	1970-01-20 03:13:12	Name: _ga Value: GA1.2.1134785869.1590120188

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

stats.g.doubleclick.net
www.google-analytics.com
www.nomoreransom.org
2a00:1450:4001:81b::200e
2a00:1450:400c:c00::9d
52.222.149.252
0ef6aa90e8125366170a1b07ec6f04da94be383d4e75a9334025027b7494cc8b
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
518c5e87f716fff4402e2d5e321ddaf506e1588bd7765410cce22c73b1d69ef1
659ebe79422bc9fe13e768ff54462233086a47f50d8617392227b9876ade160f
79391f9f548ee9f88e82e58e5be1d7925e25d174c58f7e96aea27610c23ea336
7f4b06a7fdbfb965696fbd255e5b0d349ed67b82a96d2a4c6238bb6360102931
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
859cb31b63f9449d8c6c90868b83ce857da4176836b4e51459007735a2e86cb1
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
94657510b89dac37fe3dbecf192a4a582c9239b5c31861df8672b36bcd4e3150
a13ce21c487970ebfb8615b80207af9ffbf96f9b4c7c679e4348211fe1a30944
baaeebbe73aecdb80214a15316b92d9c7181cca2ba2ae7810fa4e6c1bb8844f8
cd2af77afcebe707343a62043678559b2a4d0d788c0d37fe36d8c392ce112c6f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f799a153d6aeb1d93bc52f67490b222e7719c81cb59086cc5848adde63422f09
fb3ebd5ef18d519c381c469a58c77a1d4d4c1be6809a840bf6c94c9605309d2d

www.nomoreransom.org Open in urlscan Pro 52.222.149.252 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

374 kBTransfer

500 kBSize

3 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

3 Cookies

Indicators

www.nomoreransom.org Open in urlscan Pro
52.222.149.252 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

374 kB
Transfer

500 kB
Size

3
Cookies

16 HTTP transactions
0 data transactions