www.nomoreransom.org Open in urlscan Pro
13.32.21.5 Public Scan

URL:
https://www.nomoreransom.org/
Submission: On May 05 via manual (May 5th 2021, 4:14:52 pm UTC) from US

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 13.32.21.5, located in United States and belongs to AMAZON-02, US. The main domain is www.nomoreransom.org.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on October 21st 2020. Valid for: a year.

This is the only time www.nomoreransom.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	13.32.21.5 13.32.21.5	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9b	15169 (GOOGLE) (GOOGLE)
17	3

14 13.32.21.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-21-5.fra56.r.cloudfront.net

www.nomoreransom.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	nomoreransom.org www.nomoreransom.org	356 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	doubleclick.net stats.g.doubleclick.net	91 B
17	3

	Domain	Requested by
14	www.nomoreransom.org	www.nomoreransom.org
2	www.google-analytics.com	www.nomoreransom.org www.google-analytics.com
1	stats.g.doubleclick.net	www.google-analytics.com
17	3

This site contains no links.

Subject Issuer	Validity	Valid
*.nomoreransom.org GlobalSign RSA OV SSL CA 2018	`2020-10-21` - `2021-11-22`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.nomoreransom.org/
Frame ID: FF213EED88E15F793F8AACC78B3F93D2
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i
headers server /^AmazonS3$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

17
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

375 kB
Transfer

504 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.nomoreransom.org/ 12 KB
3 KB 181ms
143ms Document
text/html 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4e53e933ce90b8f7de1bddce05cc7549853b643f26a881c056d842a27254d198

Request headers

Host: www.nomoreransom.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 05 May 2021 16:14:35 GMT
x-amz-replication-status: REPLICA
Last-Modified: Wed, 24 Mar 2021 15:27:31 GMT
ETag: W/"59cbd59087c830afdf45fe4c59f54a8f"
x-amz-meta-replication-status: COMPLETED
x-amz-meta-version-id: a99L188yWOP42Vh2.AXZpYfBEj1nfpMk
x-amz-version-id: ycrrzuMuoRRNPFlAJWJrgQ04PXX0Qe_T
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 6c7a5d26be7fb35284e54d321f16b6f7.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Amz-Cf-Id: pCaXRCQNAe6Nud8n3e5C3j_KcCF9YNz1oRUxCK4iq0zWNIAIJOa0cg==

GET
H/1.1 200
OK fonts.css
www.nomoreransom.org/assets/css/ 2 KB
1 KB 140ms
139ms Stylesheet
text/css 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.nomoreransom.org/assets/css/fonts.css
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 859cb31b63f9449d8c6c90868b83ce857da4176836b4e51459007735a2e86cb1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: _w8W7aQem4BFDK7z1wCdEHsG4JrpYL80
Content-Encoding: gzip
ETag: W/"03c7875ae6448db3930efa5061fbc504"
X-Amz-Cf-Pop: FRA56-C2
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:28:55 GMT
Server: AmazonS3
Date: Wed, 05 May 2021 16:14:36 GMT
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 6c7a5d26be7fb35284e54d321f16b6f7.cloudfront.net (CloudFront)
x-amz-meta-version-id: 9czrtMsdhsQWo7v5LtLZLZSUY_JUEF8N
X-Amz-Cf-Id: ohALohdoWRJOe8G29eU6SKYJ137o9-Z8JFBexARHCqKUwhGvJwoDfQ==

GET
H/1.1 200
OK common.css
www.nomoreransom.org/assets/css/ 25 KB
5 KB 164ms
139ms Stylesheet
text/css 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.nomoreransom.org/assets/css/common.css
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fb3ebd5ef18d519c381c469a58c77a1d4d4c1be6809a840bf6c94c9605309d2d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: tduht4unbwmK3WTdHXK4m1DWUwAfpW5N
Content-Encoding: gzip
ETag: W/"7f38b1a92a988ae1264bcff3fa0ec708"
X-Amz-Cf-Pop: FRA56-C2
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:28:55 GMT
Server: AmazonS3
Date: Wed, 05 May 2021 16:14:36 GMT
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
x-amz-meta-version-id: 17RaElU.Ek7Qjer765dEaKU3lgGIZOJY
X-Amz-Cf-Id: G_ydq52vu6hg1CLfY0v8KUi2lSj-JpenVyP9sMYHWexUTCvyNqOOGQ==

GET
H/1.1 200
OK logo.svg
www.nomoreransom.org/assets/img/ 18 KB
8 KB 149ms
126ms Image
image/svg+xml 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://www.nomoreransom.org/assets/img/logo.svg
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 518c5e87f716fff4402e2d5e321ddaf506e1588bd7765410cce22c73b1d69ef1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: HnQ8FIsAD1LdfozK6wyajTS9Jf6CTAH3
Content-Encoding: gzip
ETag: W/"f305c11bad5f746a5b99e6d3bbef389f"
X-Amz-Cf-Pop: FRA56-C2
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:29:14 GMT
Server: AmazonS3
Date: Wed, 05 May 2021 16:14:36 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
x-amz-meta-version-id: bjzLfymz.QnsCDfH3XRiJ7WFlvYqDPAZ
X-Amz-Cf-Id: g3ah-pKDQVZB_AqX46f6a_6WcIUl0w7zUHuhlE0WfPCyJELOKi2IXg==

GET
H/1.1 200
OK jquery-3.2.1.min.js Show response
www.nomoreransom.org/assets/js/ 85 KB
30 KB 161ms
137ms Script
application/javascript 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.nomoreransom.org/assets/js/jquery-3.2.1.min.js
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.nomoreransom.org
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Origin: https://www.nomoreransom.org
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: RLrSPSOZ7mCIJs4L8MefjqGo0f3hdIxE
Content-Encoding: gzip
ETag: W/"c9f5aeeca3ad37bf2aa006139b935f0a"
X-Amz-Cf-Pop: FRA56-C2
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:29:19 GMT
Server: AmazonS3
Date: Wed, 05 May 2021 16:14:36 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 22b9ddafebf39d72780d68dad970d218.cloudfront.net (CloudFront)
x-amz-meta-version-id: UpOdpTNErsS5lbQvIc3SDDb_z3CLwSB8
X-Amz-Cf-Id: Q8T-R_cPBMQyd8BVXYiW5g7pINgCrYHddP_ATD_1WiJlIshAB3rypA==

GET
H/1.1 200
OK common.js Show response
www.nomoreransom.org/assets/js/ 3 KB
2 KB 143ms
120ms Script
application/javascript 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.nomoreransom.org/assets/js/common.js
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: baaeebbe73aecdb80214a15316b92d9c7181cca2ba2ae7810fa4e6c1bb8844f8

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: I4wxwUpgSRDPduxAfsKPGgXZaEQBqxj5
Content-Encoding: gzip
ETag: W/"58243acf0082858ad9118568013348a6"
X-Amz-Cf-Pop: FRA56-C2
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:29:18 GMT
Server: AmazonS3
Date: Wed, 05 May 2021 16:14:36 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
x-amz-meta-version-id: CMJFTyKXm7QIxJVtb3IT87.B.xQHcyqx
X-Amz-Cf-Id: ZrkEAn44k6KaWx_d11QiPC2DkQcsQCzCOV6ZZwrnOoNgCdRq-JQUaw==

GET
H/1.1 200
OK cookies.js Show response
www.nomoreransom.org/assets/js/ 12 KB
4 KB 152ms
128ms Script
application/javascript 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.nomoreransom.org/assets/js/cookies.js
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7f4b06a7fdbfb965696fbd255e5b0d349ed67b82a96d2a4c6238bb6360102931

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: hNM5Yrpq9Q83fmw2L2LOPfEerVWsfl9R
Content-Encoding: gzip
ETag: W/"b08d7a6d83abdd66e7bc5d24f5bb0793"
X-Amz-Cf-Pop: FRA56-C2
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:29:19 GMT
Server: AmazonS3
Date: Wed, 05 May 2021 16:14:36 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 a7631312afe99e40229aa0da70662113.cloudfront.net (CloudFront)
x-amz-meta-version-id: Wxg_3vkliaz1MmSC3XV47G6BzN7r0YzO
X-Amz-Cf-Id: PwTTuFzV8_f_TWYk-lscNJk3K03xqyIrJLQ8PauIwZIHXoL8wjn4Ww==

GET
H/1.1 200
OK body-bg.jpg
www.nomoreransom.org/assets/img/slides_and_banners/ 49 KB
49 KB 124ms
122ms Image
image/jpeg 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://www.nomoreransom.org/assets/img/slides_and_banners/body-bg.jpg
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/assets/css/common.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f799a153d6aeb1d93bc52f67490b222e7719c81cb59086cc5848adde63422f09

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nomoreransom.org/assets/css/common.css
Connection: keep-alive
Referer: https://www.nomoreransom.org/assets/css/common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: w.rYu.McoxhDVLA1vOYmPBfIl3wakyE1
Via: 1.1 22b9ddafebf39d72780d68dad970d218.cloudfront.net (CloudFront)
ETag: "b9770d329541a81105bb783b573bfbf8"
X-Amz-Cf-Pop: FRA56-C2
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 49691
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:29:59 GMT
Server: AmazonS3
Date: Wed, 05 May 2021 16:14:36 GMT
Content-Type: image/jpeg
x-amz-meta-version-id: p4Ce1A0tRS1lmkgNrMNPwIJeN4jffULB
Accept-Ranges: bytes
X-Amz-Cf-Id: TPFVPlMK4ZBHF3OOsxWKTTY67xqyq2fvxxc5gC3NCVOV1ucZD_KkIg==

GET
H/1.1 200
OK bg_3.png
www.nomoreransom.org/assets/img/ 2 KB
3 KB 132ms
130ms Image
image/png 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://www.nomoreransom.org/assets/img/bg_3.png
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/assets/css/common.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 79391f9f548ee9f88e82e58e5be1d7925e25d174c58f7e96aea27610c23ea336

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nomoreransom.org/assets/css/common.css
Connection: keep-alive
Referer: https://www.nomoreransom.org/assets/css/common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: UINZGFgg8912lmFAMwKVThXmkY0FcS1T
Via: 1.1 a7631312afe99e40229aa0da70662113.cloudfront.net (CloudFront)
ETag: "d6b16ad16492c31a596ce9bc20e56a62"
X-Amz-Cf-Pop: FRA56-C2
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 2253
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:29:11 GMT
Server: AmazonS3
Date: Wed, 05 May 2021 16:14:36 GMT
Content-Type: image/png
x-amz-meta-version-id: x93pXDeNZYSIfK3xBb9ufFInTXsyLKpN
Accept-Ranges: bytes
X-Amz-Cf-Id: p3OwZl_b0Rl-O2IusYBiWQTLJ2H6inlTGM5V_395XeRCADO5NDnuog==

GET
H/1.1 200
OK b52-webfont.woff
www.nomoreransom.org/assets/fonts/ 124 KB
125 KB 132ms
132ms Font
application/font-woff 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.nomoreransom.org/assets/fonts/b52-webfont.woff
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/assets/css/fonts.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd2af77afcebe707343a62043678559b2a4d0d788c0d37fe36d8c392ce112c6f

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.nomoreransom.org
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.nomoreransom.org/assets/css/fonts.css
Connection: keep-alive
Origin: https://www.nomoreransom.org
Referer: https://www.nomoreransom.org/assets/css/fonts.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: GY3Yexr9EWt9W3H_XNKWlD3Lnawrgbyp
Via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
ETag: "4b75e59280720ab9802f9f3d83701a4a"
X-Amz-Cf-Pop: FRA56-C2
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 126996
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:28:57 GMT
Server: AmazonS3
Date: Wed, 05 May 2021 16:14:36 GMT
Content-Type: application/font-woff
x-amz-meta-version-id: OqtLbBqaN9UUQWiheb0uOwDQuTfWzijP
Accept-Ranges: bytes
X-Amz-Cf-Id: Mb2XWXseE6nX-AhvKxKBmYPoPtp-nD8UQEK2CEWaEDAGddoi7tK6WA==

GET
H/1.1 200
OK roboto-regular-webfont.woff2
www.nomoreransom.org/assets/fonts/ 37 KB
38 KB 141ms
130ms Font
application/octet-stream 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.nomoreransom.org/assets/fonts/roboto-regular-webfont.woff2
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/assets/css/fonts.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a13ce21c487970ebfb8615b80207af9ffbf96f9b4c7c679e4348211fe1a30944

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.nomoreransom.org
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.nomoreransom.org/assets/css/fonts.css
Connection: keep-alive
Origin: https://www.nomoreransom.org
Referer: https://www.nomoreransom.org/assets/css/fonts.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Tz89iZnFJUnWm0Tx0.ar0SOHqPtrpkOe
Via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
ETag: "bec63f5b26821d00ab7768a004383943"
X-Amz-Cf-Pop: FRA56-C2
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 37908
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:29:09 GMT
Server: AmazonS3
Date: Wed, 05 May 2021 16:14:36 GMT
Content-Type: application/octet-stream
x-amz-meta-version-id: XlzS4KccYuaGF4DykHvWHjOojocH.8G_
Accept-Ranges: bytes
X-Amz-Cf-Id: 42oAK8Px6251dSeKuSHwMViV4oVwdnfuDi5bZ1kydSVXFbIXubNdSA==

GET
H/1.1 200
OK roboto-light-webfont.woff2
www.nomoreransom.org/assets/fonts/ 37 KB
38 KB 127ms
126ms Font
application/octet-stream 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.nomoreransom.org/assets/fonts/roboto-light-webfont.woff2
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/assets/css/fonts.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0ef6aa90e8125366170a1b07ec6f04da94be383d4e75a9334025027b7494cc8b

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.nomoreransom.org
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.nomoreransom.org/assets/css/fonts.css
Connection: keep-alive
Origin: https://www.nomoreransom.org
Referer: https://www.nomoreransom.org/assets/css/fonts.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: MnwKCN7XDUTrFMjXoy9qJrNs7fMS1C2T
Via: 1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
ETag: "9e5f6f3ac09757ba97e4d2ba3913fd14"
X-Amz-Cf-Pop: FRA56-C2
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 37864
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:29:08 GMT
Server: AmazonS3
Date: Wed, 05 May 2021 16:14:36 GMT
Content-Type: application/octet-stream
x-amz-meta-version-id: 8v8apb_ydlFzGrpxsjCjPdzMe7Ib0Ees
Accept-Ranges: bytes
X-Amz-Cf-Id: eYCiErIiM2Tq4P7m30BI26KSeNd2Pvq6em5gmEKe6pHNTw3fS9S-xw==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6463
date: Wed, 05 May 2021 14:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Wed, 05 May 2021 16:26:52 GMT

GET
H/1.1 200
OK /
www.nomoreransom.org/ 12 KB
12 KB 13ms
12ms Image
text/html 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://www.nomoreransom.org/
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nomoreransom.org/
Connection: keep-alive
Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 05 May 2021 16:14:35 GMT
Content-Encoding: gzip
Age: 1
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:27:31 GMT
Server: AmazonS3
ETag: W/"59cbd59087c830afdf45fe4c59f54a8f"
Vary: Accept-Encoding
x-amz-version-id: ycrrzuMuoRRNPFlAJWJrgQ04PXX0Qe_T
Via: 1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
x-amz-meta-version-id: a99L188yWOP42Vh2.AXZpYfBEj1nfpMk
X-Amz-Cf-Pop: FRA56-C2
Content-Type: text/html
X-Amz-Cf-Id: iPVrRQKUklj0YYXHVPyTwbBUJJPfnPeS8Gav7kQulbKiGRt_g_wjdQ==

GET
H/1.1 200
OK roboto-bold-webfont.woff2
www.nomoreransom.org/assets/fonts/ 38 KB
39 KB 147ms
144ms Font
application/octet-stream 13.32.21.5
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.nomoreransom.org/assets/fonts/roboto-bold-webfont.woff2
Requested by: Host: www.nomoreransom.org
URL: https://www.nomoreransom.org/assets/css/fonts.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-5.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 659ebe79422bc9fe13e768ff54462233086a47f50d8617392227b9876ade160f

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.nomoreransom.org
Accept-Encoding: gzip, deflate, br
Host: www.nomoreransom.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.nomoreransom.org/assets/css/fonts.css
Connection: keep-alive
Origin: https://www.nomoreransom.org
Referer: https://www.nomoreransom.org/assets/css/fonts.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: x6KUJQRftTu1VLLHPwDiyweHoUBsM6PF
Via: 1.1 a7631312afe99e40229aa0da70662113.cloudfront.net (CloudFront)
ETag: "28426a84d4574266bf5488fe42814c51"
X-Amz-Cf-Pop: FRA56-C2
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: REPLICA
Connection: keep-alive
Content-Length: 38892
x-amz-meta-replication-status: COMPLETED
Last-Modified: Wed, 24 Mar 2021 15:29:06 GMT
Server: AmazonS3
Date: Wed, 05 May 2021 16:14:36 GMT
Content-Type: application/octet-stream
x-amz-meta-version-id: FP87r3_SHRHv8unXZwgxURvMq.klkS98
Accept-Ranges: bytes
X-Amz-Cf-Id: R0pQ6O1_isHxDTtibNAE3AV-4acjWwAK-dcbiTB0wPf6y0ptEJKuoQ==

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 13ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=636604012&t=pageview&_s=1&dl=https%3A%2F%2Fwww.nomoreransom.org%2F&ul=en-us&de=UTF-8&dt=The%20No%20More%20Ransom%20Project&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1160491267&gjid=1972858666&cid=2129491153.1620231275&tid=UA-61587331-39&_gid=1833460193.1620231275&_r=1&_slc=1&z=126582148

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 05 May 2021 16:14:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.nomoreransom.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
91 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-61587331-39&cid=2129491153.1620231275&jid=1160491267&gjid=1972858666&_gid=1833460193.1620231275&_u=IEBAAEAAAAAAAC~&z=115224941

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nomoreransom.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 05 May 2021 16:14:35 GMT
content-type: text/plain
access-control-allow-origin: https://www.nomoreransom.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nomoreransom.org/	1970-01-19 18:05:17	Name: _gid Value: GA1.2.1833460193.1620231275
.nomoreransom.org/	1970-01-19 18:03:51	Name: _gat Value: 1
.nomoreransom.org/	1970-01-20 11:35:03	Name: _ga Value: GA1.2.2129491153.1620231275

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

stats.g.doubleclick.net
www.google-analytics.com
www.nomoreransom.org
13.32.21.5
2a00:1450:4001:828::200e
2a00:1450:400c:c04::9b
0ef6aa90e8125366170a1b07ec6f04da94be383d4e75a9334025027b7494cc8b
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
4e53e933ce90b8f7de1bddce05cc7549853b643f26a881c056d842a27254d198
518c5e87f716fff4402e2d5e321ddaf506e1588bd7765410cce22c73b1d69ef1
659ebe79422bc9fe13e768ff54462233086a47f50d8617392227b9876ade160f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
79391f9f548ee9f88e82e58e5be1d7925e25d174c58f7e96aea27610c23ea336
7f4b06a7fdbfb965696fbd255e5b0d349ed67b82a96d2a4c6238bb6360102931
859cb31b63f9449d8c6c90868b83ce857da4176836b4e51459007735a2e86cb1
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
a13ce21c487970ebfb8615b80207af9ffbf96f9b4c7c679e4348211fe1a30944
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
baaeebbe73aecdb80214a15316b92d9c7181cca2ba2ae7810fa4e6c1bb8844f8
cd2af77afcebe707343a62043678559b2a4d0d788c0d37fe36d8c392ce112c6f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f799a153d6aeb1d93bc52f67490b222e7719c81cb59086cc5848adde63422f09
fb3ebd5ef18d519c381c469a58c77a1d4d4c1be6809a840bf6c94c9605309d2d

www.nomoreransom.org Open in urlscan Pro 13.32.21.5 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

375 kBTransfer

504 kBSize

3 Cookies

0 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

3 Cookies

Indicators

www.nomoreransom.org Open in urlscan Pro
13.32.21.5 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

375 kB
Transfer

504 kB
Size

3
Cookies

17 HTTP transactions
0 data transactions