ransomrooter.com Open in urlscan Pro
134.209.172.38 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ransomrooter.com/
Submission: On June 11 via api (June 11th 2024, 7:49:58 pm UTC) from US — Scanned from DE

Summary HTTP 45 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 45 HTTP transactions. The main IP is 134.209.172.38, located in Clifton, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is ransomrooter.com.
TLS certificate: Issued by R11 on June 11th 2024. Valid for: 3 months.

This is the only time ransomrooter.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
34	134.209.172.38 134.209.172.38	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
45	5

34 134.209.172.38 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: cloud.magicwandhosting.us

ransomrooter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	ransomrooter.com ransomrooter.com	765 KB
7	gstatic.com fonts.gstatic.com	79 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 77	2 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2347	245 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	102 KB
45	5

	Domain	Requested by
34	ransomrooter.com	ransomrooter.com
7	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	ransomrooter.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	ransomrooter.com
45	5

This site contains links to these domains. Also see Links.

Domain
goo.gl
www.linkedin.com
www.wandzilakwebdesign.com

Subject Issuer	Validity	Valid
*.ransomrooter.com R11	`2024-06-11` - `2024-09-09`	3 months	crt.sh
upload.video.google.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
*.google-analytics.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
*.gstatic.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ransomrooter.com/
Frame ID: 29B9970E642ADB05AD4923E391804B18
Requests: 45 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Incident Response, Ransomware Recovery and Retainer

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Oxygen (Page builders) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href=(?:"|')[^>]*wp-content/plugins/oxygen/

three.js (JavaScript Graphics) Expand

Overall confidence: 100%
Detected patterns

three(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Revslider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/revslider/[/\w-]+/js

Page Statistics

45
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

947 kB
Transfer

2335 kB
Size

2
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://goo.gl/maps/d2J6aBBaxDZz4vRW6
Title: 813 E Main St, Luray, VA 22835-1617

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/strong-crypto-innovations/
Title: Visit our LinkedIn

Search URL Search Domain Scan URL

URL: https://www.wandzilakwebdesign.com/
Title: Website by Wandzilak Web Design

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
ransomrooter.com/ 89 KB
20 KB 612ms
117ms Document
text/html 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

1e17cc4a80f5d9996fcb4214e421ec22110267636ad1cab76dcbc5770a687be7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 19351
Content-Security-Policy: upgrade-insecure-requests
Content-Type: text/html; charset=UTF-8
Date: Tue, 11 Jun 2024 19:49:49 GMT
Expect-CT: max-age=7776000, enforce
Expires: Mon, 29 Oct 1923 20:30:00 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Sat, 01 Jun 2024 15:37:40 GMT
Permissions-Policy
Pragma: no-cache
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
Strict-Transport-Security: max-age=31536000
Vary: User-Agent,Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 10 KB
1 KB 140ms
49ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900|Play:100,200,300,400,500,600,700,800,900

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f59a69690596510556775f2b2875651ea4f75051678302401f4b1aa16cce1628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Jun 2024 19:49:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 11 Jun 2024 19:49:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Jun 2024 19:49:49 GMT

GET
H/1.1 200
OK 46bd.css
ransomrooter.com/wp-content/cache/wpfc-minified/mlhfxopu/ 21 KB
5 KB 223ms
117ms Stylesheet
text/css 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/cache/wpfc-minified/mlhfxopu/46bd.css

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

262ce2e47a90560d9ed702aaf802b35ded2468f2f238570e935132e42196cdfe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 4703
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 29 May 2024 20:31:49 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: max-age=A10368000, public

GET
H/1.1 200
OK 46bd.js Show response
ransomrooter.com/wp-content/cache/wpfc-minified/ftf1k6p5/ 86 KB
30 KB 363ms
136ms Script
application/javascript 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/cache/wpfc-minified/ftf1k6p5/46bd.js

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

c274eff25cbed304e055ee97bfe736bf85e15fde1e7e2332d9814f3775b1cbb6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 30430
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 29 May 2024 20:31:49 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: max-age=A10368000, public

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 305 KB
102 KB 164ms
73ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-00Z1CFPBNW

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3048633ac8589c5fbe04f96d2eb7382bf4345daf54f0b41d6a6428dd8ce11522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 19:49:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 103718
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 11 Jun 2024 19:49:49 GMT

GET
H/1.1 200
OK 46bd.css
ransomrooter.com/wp-content/cache/wpfc-minified/keh0moo8/ 68 KB
9 KB 347ms
123ms Stylesheet
text/css 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/cache/wpfc-minified/keh0moo8/46bd.css

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

5425844ac2dd875cf90647cdd93544a18b493f5544bb9eff338afbb7165b8a40

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 8961
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 29 May 2024 20:31:49 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: max-age=A10368000, public

GET
H/1.1 200
OK RansomRooter_png_white_wide_revised.png
ransomrooter.com/wp-content/uploads/2023/08/ 40 KB
41 KB 467ms
139ms Image
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/RansomRooter_png_white_wide_revised.png

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

56d74783b3a24073b0afd2b55bc9955c648b8cc6eef05697ab57452f44483344

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 41043
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 12 Aug 2023 02:25:13 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: max-age=A10368000, public

GET
H/1.1 200
OK dummy.png
ransomrooter.com/wp-content/plugins/revslider/sr6/assets/assets/ 68 B
685 B 473ms
124ms Image
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/plugins/revslider/sr6/assets/assets/dummy.png

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 68
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 10 Apr 2024 19:02:37 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Expires: max-age=A10368000, public

GET
H/1.1 200
OK nasa_small.png
ransomrooter.com/wp-content/uploads/2023/08/ 8 KB
9 KB 119ms
118ms Image
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/nasa_small.png

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

324657fbb1ef7f3400e570bdd83df41ffa6a62f5dfbf0b85bc63269f16524cac

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 8264
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 23 Aug 2023 23:56:57 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Expires: max-age=A10368000, public

GET
H/1.1 200
OK 90012015-ISO.png
ransomrooter.com/wp-content/uploads/2023/08/ 8 KB
8 KB 120ms
119ms Image
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/90012015-ISO.png

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

35c2e4bb3ee04dbc1c7216c1174ccdd07b0ae1d0fb70c8f2ec72139a98d64ed1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 7748
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 23 Aug 2023 23:57:53 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: max-age=A10368000, public

GET
H/1.1 200
OK ariba-logo.jpg
ransomrooter.com/wp-content/uploads/2023/08/ 8 KB
9 KB 121ms
118ms Image
image/jpeg 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/ariba-logo.jpg

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

d28d6d3398982be07d40f5c1057eb52c65c9dc7c20184cc2dfa0fe632a9cbc97

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 8137
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 23 Aug 2023 23:58:45 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: max-age=A10368000, public

GET
H/1.1 200
OK dandb-verified.png
ransomrooter.com/wp-content/uploads/2023/08/ 9 KB
10 KB 129ms
119ms Image
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/dandb-verified.png

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

8fa4cdf06323ba1e486eadfb4ddde859390caa82d1202de22bab6c9f6dd90dc9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 9509
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 23 Aug 2023 23:59:03 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Expires: max-age=A10368000, public

GET
H/1.1 200
OK department-of-labor.jpg
ransomrooter.com/wp-content/uploads/2023/08/ 10 KB
11 KB 161ms
120ms Image
image/jpeg 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/department-of-labor.jpg

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

19686051e9bd97c34c25c478af6b8a8a970b9fd5fe7720c3d86f4a328dfe3383

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 10398
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 23 Aug 2023 23:59:55 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: max-age=A10368000, public

GET
H/1.1 200
OK irs.png
ransomrooter.com/wp-content/uploads/2023/08/ 6 KB
7 KB 224ms
114ms Image
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/irs.png

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

78b75dc15e0dba73d3323b992a0fd35c3bc636c97fd2b14d9c501803dab1b0ee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 6627
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 24 Aug 2023 00:01:22 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Expires: max-age=A10368000, public

GET
H/1.1 200
OK OPM-e1634511504944.jpg
ransomrooter.com/wp-content/uploads/2023/08/ 9 KB
10 KB 126ms
117ms Image
image/jpeg 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/OPM-e1634511504944.jpg

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

de102d12ba800fcc07a82ba030087f3151948f4c4212e2b2f2abf29549160e19

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 9499
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 24 Aug 2023 00:01:51 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Expires: max-age=A10368000, public

GET
H/1.1 200
OK social-security-administration.jpg
ransomrooter.com/wp-content/uploads/2023/08/ 9 KB
10 KB 120ms
118ms Image
image/jpeg 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/social-security-administration.jpg

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

dabdb6ac7d6effecdc58795d03f79ed65b4584e054be0d99ea6578253c98a5af

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 9119
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 24 Aug 2023 00:04:31 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Expires: max-age=A10368000, public

GET
H/1.1 200
OK Strong-crypto-logo.png
ransomrooter.com/wp-content/uploads/2023/08/ 46 KB
47 KB 200ms
116ms Image
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/Strong-crypto-logo.png

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

bfdbf778162117856d8102228e0d928dd279bb3a26c7284addf948cb7d026d6f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 47129
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 24 Aug 2023 00:06:20 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Expires: max-age=A10368000, public

GET
H/1.1 200
OK usdohaud.png
ransomrooter.com/wp-content/uploads/2023/08/ 10 KB
10 KB 140ms
117ms Image
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/usdohaud.png

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

7bb98f9b6e9dfad20909c4df4e2070719340e28f0727f0539f8b2219ce8960c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 9873
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 24 Aug 2023 00:06:49 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Expires: max-age=A10368000, public

GET
H/1.1 200
OK usdohs.png
ransomrooter.com/wp-content/uploads/2023/08/ 9 KB
10 KB 127ms
116ms Image
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/usdohs.png

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

feeb39958a83a6dbb4327df280a8a7284e2c17d35fef0896c9d0296c36bd62b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 9715
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 24 Aug 2023 00:07:10 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Expires: max-age=A10368000, public

GET
H/1.1 200
OK usdota1.png
ransomrooter.com/wp-content/uploads/2023/08/ 11 KB
11 KB 121ms
119ms Image
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/usdota1.png

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

c5717b719b2e4c9b044e623b97a1a9b95ac45fb504bdf0e18137b5c3d9aa5804

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 10854
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 24 Aug 2023 00:10:00 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Expires: max-age=A10368000, public

GET
H/1.1 200
OK verizon-client-e1634513372777.png
ransomrooter.com/wp-content/uploads/2023/08/ 23 KB
24 KB 156ms
120ms Image
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/verizon-client-e1634513372777.png

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

d74c050c2c80a33f98bfecf525898cfb811c47eebf0b3ae8be3e254717bf5e23

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 23527
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 24 Aug 2023 00:10:19 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: max-age=A10368000, public

GET
H/1.1 200
OK yahoo.jpg
ransomrooter.com/wp-content/uploads/2023/08/ 5 KB
5 KB 170ms
123ms Image
image/jpeg 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/yahoo.jpg

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

5066f3ebf9dd8648310c2fa54fcacc11cb40bc32a6bf5abbf111a9df5828b00f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 4693
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 24 Aug 2023 00:10:52 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Expires: max-age=A10368000, public

GET
H2 200 css
fonts.googleapis.com/ 8 KB
903 B 55ms
51ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400%7CPlay:400%2C700%7CArchivo+Narrow:400&display=swap

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

42684b03adcc4d73163773f914f6ca013a0304570130e6477f0af3d106999093

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Jun 2024 19:49:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 11 Jun 2024 19:49:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Jun 2024 19:49:49 GMT

GET
H/1.1 200
OK 46bd.css
ransomrooter.com/wp-content/cache/wpfc-minified/6lu4b3aq/ 53 KB
11 KB 229ms
121ms Stylesheet
text/css 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/cache/wpfc-minified/6lu4b3aq/46bd.css

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

03d781223d91bd4720334419fd7851f818233dd7328b5a6f673a84fafc627c98

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 10723
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 29 May 2024 20:31:49 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Expires: max-age=A10368000, public

GET
H/1.1 200
OK page-scroll-to-id.min.js Show response
ransomrooter.com/wp-content/plugins/page-scroll-to-id/js/ 26 KB
7 KB 240ms
118ms Script
application/javascript 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/plugins/page-scroll-to-id/js/page-scroll-to-id.min.js?ver=1.7.9

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

683194a1ccdbff2ccb1d049dbead875f871f0916266d3cb01e92023303aba203

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 6370
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 16 Feb 2024 02:34:41 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: max-age=A10368000, public

GET
H/1.1 200
OK rbtools.min.js Show response
ransomrooter.com/wp-content/plugins/revslider/sr6/assets/js/ 161 KB
61 KB 151ms
127ms Script
application/javascript 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/plugins/revslider/sr6/assets/js/rbtools.min.js?ver=6.7.1

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Transfer-Encoding: chunked
Connection: keep-alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 10 Apr 2024 19:02:37 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Expires: max-age=A10368000, public

GET
H/1.1 200
OK rs6.min.js Show response
ransomrooter.com/wp-content/plugins/revslider/sr6/assets/js/ 405 KB
107 KB 137ms
127ms Script
application/javascript 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/plugins/revslider/sr6/assets/js/rs6.min.js?ver=6.7.1

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

91323501b4428f241d16acd5c52f616634af09669fc6291a24da5449d17f063b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Transfer-Encoding: chunked
Connection: keep-alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 10 Apr 2024 19:02:37 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Expires: max-age=A10368000, public

GET
H/1.1 200
OK smooth-back-to-top-button.js Show response
ransomrooter.com/wp-content/plugins/smooth-back-to-top-button/assets/js/ 1 KB
1 KB 133ms
119ms Script
application/javascript 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/plugins/smooth-back-to-top-button/assets/js/smooth-back-to-top-button.js?ver=1.1.14

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

beaf46c2dddcba315a4c8ca636b7a8348ea3c2d2b5580bce33a82ca2780160f0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 371
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 15 Apr 2024 21:52:04 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: max-age=A10368000, public

GET
H/1.1 200
OK wpmssab.min.js Show response
ransomrooter.com/wp-content/uploads/wpmss/ 49 B
679 B 202ms
119ms Script
application/javascript 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/uploads/wpmss/wpmssab.min.js?ver=1698439016

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

a32f766f2db51e03c7b2ca639b479f52e620b26004302a5408ad3c59ac9aeefa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 49
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 14 Aug 2023 15:40:06 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: max-age=A10368000, public

GET
H/1.1 200
OK SmoothScroll.min.js Show response
ransomrooter.com/wp-content/plugins/mousewheel-smooth-scroll/js/ 7 KB
4 KB 230ms
119ms Script
application/javascript 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/plugins/mousewheel-smooth-scroll/js/SmoothScroll.min.js?ver=1.4.10

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

620bd01c4c002f0889fdc659369a7b16f69ab51e0972d53baefd0798e2e09469

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 3213
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 22 Mar 2024 23:21:20 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Expires: max-age=A10368000, public

GET
H/1.1 200
OK wpmss.min.js Show response
ransomrooter.com/wp-content/uploads/wpmss/ 181 B
830 B 154ms
117ms Script
application/javascript 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/uploads/wpmss/wpmss.min.js?ver=1698439016

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

17b18307699b67e749b8eda9784d775fcf67142738da1eff34c33e04cac2ac08

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 152
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 14 Aug 2023 15:40:06 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: max-age=A10368000, public

GET
H/1.1 200
OK revolution.addon.thecluster.min.js Show response
ransomrooter.com/wp-content/plugins/revslider-thecluster-addon/sr6/assets/js/ 63 KB
15 KB 129ms
122ms Script
application/javascript 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/plugins/revslider-thecluster-addon/sr6/assets/js/revolution.addon.thecluster.min.js?ver=6.7.0

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

bd4d173c22f386e2318e43c32a19af6f9c338e741cffd9a71348efe1e7bfe301

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 14873
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 10 Apr 2024 19:00:27 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Expires: max-age=A10368000, public

GET
H/1.1 200
OK three.min.js Show response
ransomrooter.com/wp-content/plugins/revslider/sr6/assets/js/libs/ 628 KB
155 KB 221ms
137ms Script
application/javascript 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/plugins/revslider/sr6/assets/js/libs/three.min.js?ver=6.7.1

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

e56c89bcbb02568335befb886d5f0fb9b5f7d57a6955fa2d3b0f46520069f078

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Transfer-Encoding: chunked
Connection: keep-alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 10 Apr 2024 19:02:38 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Expires: max-age=A10368000, public

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 178ms
82ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900|Play:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://ransomrooter.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 11:25:40 GMT
x-content-type-options: nosniff
age: 30249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:01:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 11:25:40 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 200ms
105ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900|Play:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://ransomrooter.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 11:39:13 GMT
x-content-type-options: nosniff
age: 29436
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 11:39:13 GMT

GET
H2 200 6ae84K2oVqwItm4TCpAy2g.woff2
fonts.gstatic.com/s/play/v19/ 18 KB
18 KB 137ms
42ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/play/v19/6ae84K2oVqwItm4TCpAy2g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900|Play:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42d25e75823f99564c199e3dc486ff8562ce77625ea50ee07385df687296f69f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://ransomrooter.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 07:44:46 GMT
x-content-type-options: nosniff
age: 43503
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18100
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 19:54:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 07:44:46 GMT

GET
H2 200 6aez4K2oVqwIvtU2Hw.woff2
fonts.gstatic.com/s/play/v19/ 18 KB
18 KB 183ms
89ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/play/v19/6aez4K2oVqwIvtU2Hw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900|Play:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0964aee1973c5818130723f3bf5b8e0b51bf775a5074949c91d815d91f2924f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://ransomrooter.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 11:22:11 GMT
x-content-type-options: nosniff
age: 30458
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18088
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:26:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 11:22:11 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 149ms
55ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900|Play:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://ransomrooter.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 01:13:10 GMT
x-content-type-options: nosniff
age: 66999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 01:13:10 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
245 B 141ms
52ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-00Z1CFPBNW&gtm=45je46a0v9164956570za200&_p=1718135389695&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=699009828.1718135390&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1718135389&sct=1&seg=0&dl=https%3A%2F%2Fransomrooter.com%2F&dt=Incident%20Response%2C%20Ransomware%20Recovery%20and%20Retainer&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1396
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-00Z1CFPBNW
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 11 Jun 2024 19:49:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ransomrooter.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK wpxpress.ttf
ransomrooter.com/wp-content/plugins/smooth-back-to-top-button/assets/fonts/ 2 KB
2 KB 151ms
120ms Font
x-font/ttf 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/plugins/smooth-back-to-top-button/assets/fonts/wpxpress.ttf?9zg56

Requested by

Host: ransomrooter.com
URL: https://ransomrooter.com/wp-content/cache/wpfc-minified/mlhfxopu/46bd.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

7613f88667432d2b7c096cb01bf5fce0279bea9476d0895caed2884940362487

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/wp-content/cache/wpfc-minified/mlhfxopu/46bd.css
Origin: https://ransomrooter.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 1301
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 15 Apr 2024 21:52:04 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: x-font/ttf
Cache-Control: max-age=0
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: max-age=A10368000, public

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 40ms
40ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900|Play:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://ransomrooter.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 11:31:03 GMT
x-content-type-options: nosniff
age: 29927
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7840
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:02:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 11:31:03 GMT

GET
H2 200 tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6o3ms.woff2
fonts.gstatic.com/s/archivonarrow/v30/ 12 KB
12 KB 44ms
44ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6o3ms.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400%7CPlay:400%2C700%7CArchivo+Narrow:400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c3ba3bf6bf1617ee7e82251b6d4193082545eeedc60979b031d772ffb5a878

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://ransomrooter.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 11:19:48 GMT
x-content-type-options: nosniff
age: 30602
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11808
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:27:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 11:19:48 GMT

GET
H/1.1 200
OK data_wave.jpg
ransomrooter.com/wp-content/uploads/2023/08/ 111 KB
112 KB 121ms
120ms Image
image/jpeg 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/data_wave.jpg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

f1c94024d87b9dabd6e1f43903f926db8bf0c310762b3b2ec3ccaf9718c9acd8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 113726
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 12 Aug 2023 04:57:22 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Expires: max-age=A10368000, public

GET
H/1.1 200
OK cropped-favicon-32x32.png
ransomrooter.com/wp-content/uploads/2023/08/ 1 KB
2 KB 115ms
114ms Other
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://ransomrooter.com/wp-content/uploads/2023/08/cropped-favicon-32x32.png

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

dc2856793a5ce8f8ba603e7e68c5f44c55174d64c615193c71304c3bdd5aab32

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 1484
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 21 Aug 2023 13:13:13 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Expires: max-age=A10368000, public

GET
H/1.1 200
OK par2.png
ransomrooter.com/wp-content/plugins/revslider-thecluster-addon/sr6/lib/ 629 B
1 KB 115ms
115ms Image
image/png 134.209.172.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ransomrooter.com/wp-content/plugins/revslider-thecluster-addon/sr6/lib/par2.png

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

134.209.172.38 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

cloud.magicwandhosting.us

Software

Apache /

Resource Hash

6bc0e80dd9c968e65e7b85aa9e203acc54efa5fabcf03ad2d5a68f4af1a0b0e5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://ransomrooter.com/
Origin: https://ransomrooter.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 19:49:51 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive, Keep-Alive
Content-Length: 629
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 10 Apr 2024 19:00:27 GMT
Server: Apache
Expect-CT: max-age=7776000, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=10368000
Permissions-Policy
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Expires: max-age=A10368000, public

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.ransomrooter.com/	1970-01-21 06:51:35	Name: _ga_00Z1CFPBNW Value: GS1.1.1718135389.1.0.1718135389.0.0.0
			.ransomrooter.com/	1970-01-21 06:51:35	Name: _ga Value: GA1.1.699009828.1718135390

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
ransomrooter.com
region1.google-analytics.com
www.googletagmanager.com
134.209.172.38
2001:4860:4802:32::36
2a00:1450:4001:80b::2003
2a00:1450:4001:827::200a
2a00:1450:4001:828::2008
03d781223d91bd4720334419fd7851f818233dd7328b5a6f673a84fafc627c98
17b18307699b67e749b8eda9784d775fcf67142738da1eff34c33e04cac2ac08
19686051e9bd97c34c25c478af6b8a8a970b9fd5fe7720c3d86f4a328dfe3383
1e17cc4a80f5d9996fcb4214e421ec22110267636ad1cab76dcbc5770a687be7
262ce2e47a90560d9ed702aaf802b35ded2468f2f238570e935132e42196cdfe
3048633ac8589c5fbe04f96d2eb7382bf4345daf54f0b41d6a6428dd8ce11522
324657fbb1ef7f3400e570bdd83df41ffa6a62f5dfbf0b85bc63269f16524cac
35c2e4bb3ee04dbc1c7216c1174ccdd07b0ae1d0fb70c8f2ec72139a98d64ed1
42684b03adcc4d73163773f914f6ca013a0304570130e6477f0af3d106999093
42d25e75823f99564c199e3dc486ff8562ce77625ea50ee07385df687296f69f
5066f3ebf9dd8648310c2fa54fcacc11cb40bc32a6bf5abbf111a9df5828b00f
5425844ac2dd875cf90647cdd93544a18b493f5544bb9eff338afbb7165b8a40
56d74783b3a24073b0afd2b55bc9955c648b8cc6eef05697ab57452f44483344
620bd01c4c002f0889fdc659369a7b16f69ab51e0972d53baefd0798e2e09469
65c3ba3bf6bf1617ee7e82251b6d4193082545eeedc60979b031d772ffb5a878
683194a1ccdbff2ccb1d049dbead875f871f0916266d3cb01e92023303aba203
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6bc0e80dd9c968e65e7b85aa9e203acc54efa5fabcf03ad2d5a68f4af1a0b0e5
7613f88667432d2b7c096cb01bf5fce0279bea9476d0895caed2884940362487
78b75dc15e0dba73d3323b992a0fd35c3bc636c97fd2b14d9c501803dab1b0ee
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7bb98f9b6e9dfad20909c4df4e2070719340e28f0727f0539f8b2219ce8960c7
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
8fa4cdf06323ba1e486eadfb4ddde859390caa82d1202de22bab6c9f6dd90dc9
91323501b4428f241d16acd5c52f616634af09669fc6291a24da5449d17f063b
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
a32f766f2db51e03c7b2ca639b479f52e620b26004302a5408ad3c59ac9aeefa
bd4d173c22f386e2318e43c32a19af6f9c338e741cffd9a71348efe1e7bfe301
beaf46c2dddcba315a4c8ca636b7a8348ea3c2d2b5580bce33a82ca2780160f0
bfdbf778162117856d8102228e0d928dd279bb3a26c7284addf948cb7d026d6f
c274eff25cbed304e055ee97bfe736bf85e15fde1e7e2332d9814f3775b1cbb6
c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094
c5717b719b2e4c9b044e623b97a1a9b95ac45fb504bdf0e18137b5c3d9aa5804
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
d0964aee1973c5818130723f3bf5b8e0b51bf775a5074949c91d815d91f2924f
d28d6d3398982be07d40f5c1057eb52c65c9dc7c20184cc2dfa0fe632a9cbc97
d74c050c2c80a33f98bfecf525898cfb811c47eebf0b3ae8be3e254717bf5e23
dabdb6ac7d6effecdc58795d03f79ed65b4584e054be0d99ea6578253c98a5af
dc2856793a5ce8f8ba603e7e68c5f44c55174d64c615193c71304c3bdd5aab32
de102d12ba800fcc07a82ba030087f3151948f4c4212e2b2f2abf29549160e19
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e56c89bcbb02568335befb886d5f0fb9b5f7d57a6955fa2d3b0f46520069f078
f1c94024d87b9dabd6e1f43903f926db8bf0c310762b3b2ec3ccaf9718c9acd8
f59a69690596510556775f2b2875651ea4f75051678302401f4b1aa16cce1628
feeb39958a83a6dbb4327df280a8a7284e2c17d35fef0896c9d0296c36bd62b5

ransomrooter.com Open in urlscan Pro 134.209.172.38 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

45 Requests

100 %HTTPS

80 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

947 kBTransfer

2335 kBSize

2 Cookies

3 Outgoing links

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

ransomrooter.com Open in urlscan Pro
134.209.172.38 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

947 kB
Transfer

2335 kB
Size

2
Cookies

45 HTTP transactions
0 data transactions