Report - ransomware.live

Report Overview

Submitted URL
ransomware.live
IP
162.19.65.199
ASN
#16276 OVH SAS
Submitted
2024-05-10 09:39:36
Access
public
Website Title
Ransomware.live
Final URL
ransomware.live/#/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
unpkg.com	11693	2016-01-06	2016-01-08	2024-05-09	4.0 kB	91 kB	104.17.248.203
ransomware.live	unknown	2022-08-28	2021-07-03	2023-10-26	8.4 kB	1.1 MB	162.19.65.199
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-09	437 B	2.7 kB	104.17.24.14
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	929 B	11 kB	142.250.74.106
mirrors.creativecommons.org	259422	2001-01-15	2015-12-02	2024-05-04	1.4 kB	46 kB	172.67.1.191
stats.mousqueton.io	unknown	2019-12-09	2020-05-10	2024-02-25	2.1 kB	68 kB	51.178.87.219
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-09	5.4 kB	86 kB	151.101.129.229
cdn.buymeacoffee.com	80728	2015-02-06	2019-09-13	2024-05-10	445 B	5.5 kB	104.26.3.199
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	1.1 kB	60 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	ransomware.live/profiles.md	NTML Hash Dump output file - John/LC format
2024-05-10	medium	ransomware.live/profiles.md	Detects indicators found in LockBit ransomware

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	ransomware.live/js/config.js	2.2 kB	2024-04-02	2024-05-10
Pretty URL ransomware.live/js/config.js IP 162.19.65.199 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 10:43:23 Last Seen2024-05-10 11:39:38 Times Seen4 Hash dc76baaaf5714e503eea821c0a0e22bd 99ee7b6065652b66f1f357fc058a3ca55d855e4d d7bf708b93030a87f0f15803c82ddc3d7ce1d0db5f06298c52df6295be52fc42 Loading...

	cdn.jsdelivr.net/npm/@markbattistella/docsify-charty@latest	19 kB	2024-04-02	2024-05-10
Pretty URL cdn.jsdelivr.net/npm/@markbattistella/docsify-charty@latest IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 10:43:23 Last Seen2024-05-10 11:39:38 Times Seen8 Hash 3cd6c53f201e764d6370ca1f9009c309 3fdf5a3724b49dcbbf6e3a242931546e4c583ea5 953d9b410a570cf3fa95eb1820a8069c02eb8b458ed9a20099526bd833769279 Loading...

	cdn.jsdelivr.net/npm/docsify-progress@latest/dist/progress.min.js	1.8 kB	2024-04-02	2024-05-10
Pretty URL cdn.jsdelivr.net/npm/docsify-progress@latest/dist/progress.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 10:43:23 Last Seen2024-05-10 11:39:38 Times Seen8 Hash ea120bdfba351aa7d46b398848e082c4 ebbc4e651e6cfbe18361539cb893bf5025bbd6d4 6fc8d5044e0ae4ab8f5a58b6bcf466acbd9fbe15cf97b33580cb96fb75a2ac8f Loading...

	stats.mousqueton.io/matomo.js	67 kB	2023-12-04	2024-05-20
Pretty URL stats.mousqueton.io/matomo.js IP 51.178.87.219 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 12:51:07 Last Seen2024-05-20 01:50:11 Times Seen629 Hash 14cdc4216e8570c05349164d12516056 51bd805b6a84d245aaa345bcc7d221c43780bd3b b39abd9035f703b76dfed940898d572b9864f676eb1912a9142f0639dca6b2ce Loading...

	cdn.jsdelivr.net/npm/docsify@4/lib/plugins/matomo.min.js	714 B	2024-04-02	2024-05-10
Pretty URL cdn.jsdelivr.net/npm/docsify@4/lib/plugins/matomo.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 10:43:23 Last Seen2024-05-10 11:39:38 Times Seen8 Hash 06cc448a98903a6e776cf8398f0d3e89 97b47f9e929c9d50c11f07b8cbdd3ccfed0386c7 239e1326ef6e4bb7fa0bdd0c60fa7a78d257dbce7861d902348aa5eb5920eb5c Loading...

	cdn.jsdelivr.net/npm/docsify-darklight-theme@latest/dist/index.min.js	2.7 kB	2024-04-02	2024-05-10
Pretty URL cdn.jsdelivr.net/npm/docsify-darklight-theme@latest/dist/index.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 10:43:23 Last Seen2024-05-10 11:39:38 Times Seen8 Hash 7bf9a9a55c0f38885105b04d5539cf19 eb5de37361976f682f173dab256bca1b43c6338a bb4f8a712b3c869e1676ec7dbd28bbd6f5124756ebc6f9f12fed88e557e27bed Loading...

	unpkg.com/docsify-pdf-embed-plugin/src/docsify-pdf-embed.js	6.7 kB	2024-04-02	2024-05-10
Pretty URL unpkg.com/docsify-pdf-embed-plugin/src/docsify-pdf-embed.js IP 104.17.248.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 10:43:23 Last Seen2024-05-10 11:39:38 Times Seen6 Hash ea51e4bd9d772fbe7c9089920a259a7e 8a2f0f08c205c242bf1d804952b38599a21d0656 313f6722b365728529bb405932505ca24fdde7e5399630878e11e994d4d0eeae Loading...

	cdn.jsdelivr.net/npm/docsify-tabs@1	10 kB	2024-05-10	2024-05-10
Pretty URL cdn.jsdelivr.net/npm/docsify-tabs@1 IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 11:39:38 Last Seen2024-05-10 11:39:38 Times Seen2 Hash 2faa3901b73c56d71c9b6acba5ad5585 8ba3c192126f2abf15f78b742bd19b1f550aadcf cf18d617c2b53f2b407aab6c7c5d5df0e268b74c028b7db039472175ad7a5c92 Loading...

	cdnjs.cloudflare.com/ajax/libs/pdfobject/2.1.1/pdfobject.min.js	5.5 kB	2023-03-08	2024-05-10
Pretty URL cdnjs.cloudflare.com/ajax/libs/pdfobject/2.1.1/pdfobject.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:50:05 Last Seen2024-05-10 11:39:38 Times Seen56 Hash 7b182dba7871b9d622ee7876400673ed 43bca13a522bd30858d0a65f8b8cbb04135ac1cc ad83d7ddd5eaf0d879df612f092d9fa1ec93826cdb702f2efa70a4feb12d2970 Loading...

	cdn.jsdelivr.net/npm/docsify@4	161 kB	2023-06-29	2024-05-12
Pretty URL cdn.jsdelivr.net/npm/docsify@4 IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-29 10:44:33 Last Seen2024-05-12 20:59:18 Times Seen30 Hash b36fc22c95c1ac7584cdc453087c7406 4576a4d74296a74dcf001767640b1fbecc5fc238 9123f808d3f6ad736b4a8f99944a611f87c5d4f9328030080a5c029ed5f450a5 Loading...

	cdn.jsdelivr.net/npm/docsify/lib/plugins/search.min.js	8.2 kB	2023-06-29	2024-05-12
Pretty URL cdn.jsdelivr.net/npm/docsify/lib/plugins/search.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-29 10:44:33 Last Seen2024-05-12 20:59:18 Times Seen23 Hash 8487bc09429fd676399d6d2ec547064c 1fbad2860ee8f40a2516454587fe6f9f66252cbd ab20792dc69dfd9cdb19479f716f69a619e577dec452739196770134dd71f297 Loading...

	unpkg.com/docsify-scroll-to-top/dist/docsify-scroll-to-top.min.js	1.8 kB	2023-11-17	2024-05-10
Pretty URL unpkg.com/docsify-scroll-to-top/dist/docsify-scroll-to-top.min.js IP 104.17.248.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-17 12:25:15 Last Seen2024-05-10 11:39:38 Times Seen7 Hash d1a75f60721491d6d0f47b343379c043 547a6bee96b601f35bf571b50f81d84f1c36d471 529072c12abaa15f1494025d07e3cf3507662e8dd479206cb3d1a447c76728b6 Loading...

	cdn.jsdelivr.net/npm/docsify/lib/plugins/zoom-image.min.js	9.6 kB	2023-06-29	2024-05-10
Pretty URL cdn.jsdelivr.net/npm/docsify/lib/plugins/zoom-image.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-29 10:44:33 Last Seen2024-05-10 11:39:38 Times Seen18 Hash fde70dffa0a4dbaf364f5e93b115cb95 540779e6cad6fc66998fcfe9719ed87391a869ec 73e70a64af96532474cb43878ef43ad6e450316e37ebcee96b31e6fe4dc8cd43 Loading...

	unpkg.com/docsify-plugin-flexible-alerts	8.8 kB	2023-09-24	2024-05-10
Pretty URL unpkg.com/docsify-plugin-flexible-alerts IP 104.17.248.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-24 10:50:06 Last Seen2024-05-10 11:39:38 Times Seen9 Hash 665bbd04999ab2beedc072e4af3ea2dd c442d12a281aa0809498eb7e7c33e25628b02088 683a0c4d4851b4c95d9bb6ffe64c455fb186cb6d6a6a669568b30d90e935ec05 Loading...

	unpkg.com/docsify-footer-enh/dist/docsify-footer-enh.min.js	755 B	2024-04-02	2024-05-10
Pretty URL unpkg.com/docsify-footer-enh/dist/docsify-footer-enh.min.js IP 104.17.248.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 10:43:23 Last Seen2024-05-10 11:39:38 Times Seen6 Hash 5922c0515bd77ec03d8153b575653047 0cb5e42f22eea52bc133da7cf78d73d2339e3281 87320228a2dc5bc09bbe4bcc35af4c71ff847bcb2c50223e96f65d70cc4dc09a Loading...

HTTP Transactions (53)

URL IP Response Size

ransomware.live/images/loading.gif

162.19.65.199

200 OK

12 kB

URL GET HTTP/2
ransomware.live/images/loading.gif
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
GIF image data, version 89a, 220 x 220
Size
12 kB (12210 bytes)
Hash
a582f3725f463754d044a99fa83ebc57
56674224f39eaad5c99dd7b4005eb799ed6d8183
ceefaf137dff178a7730ca66ec81233999908eabcfe954aed7f1e93238e8efe4

HTTP Headers

GET /images/loading.gif HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:11 GMT
content-type: image/gif
content-length: 12210
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:11 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@markbattistella/docsify-charty@latest/dist/docsify-charty.min.css

151.101.129.229

200 OK

1.8 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/@markbattistella/docsify-charty@latest/dist/docsify-charty.min.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ransomware.live/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (3212)
Size
1.8 kB (1809 bytes)
Hash
ccc1b6ffa4aa94da2348b6089a63da7a
7cded7a43c2ebec938781f8a29bb33c1dd9f2e27
57e3b8d796c02ea399e98ae72b7822a7ae30a71f7eb86719366d845d731c0ec8

HTTP Headers

GET /npm/@markbattistella/docsify-charty@latest/dist/docsify-charty.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 2.0.2
x-jsd-version-type: version
etag: W/"1955-fN7XpDwuvsk4eB+KKbszwd2fLic"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 09:39:11 GMT
age: 33295
x-served-by: cache-fra-eddf8230148-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1809
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/docsify@4/lib/themes/vue.css

151.101.129.229

200 OK

3.8 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/docsify@4/lib/themes/vue.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ransomware.live/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (13061), with no line terminators
Size
3.8 kB (3815 bytes)
Hash
9d192f588e58cfb67f62e02d72257635
1ecac1f04167b4f6d9c83ffa98c660ac39f9eb1e
1f8ddcde10fe1d9f3ab60de8469ed26f9b09716fb882b225d666d4f62838de2e

HTTP Headers

GET /npm/docsify@4/lib/themes/vue.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.13.1
x-jsd-version-type: version
etag: W/"3305-HsrB8EFntPbZyD/6mMZgrDn56x4"
content-encoding: br
accept-ranges: bytes
age: 38166
date: Fri, 10 May 2024 09:39:11 GMT
x-served-by: cache-fra-etou8220106-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3815
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@markbattistella/docsify-charty@latest

151.101.129.229

200 OK

5.7 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/@markbattistella/docsify-charty@latest
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ransomware.live/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (18488)
Size
5.7 kB (5733 bytes)
Hash
3cd6c53f201e764d6370ca1f9009c309
3fdf5a3724b49dcbbf6e3a242931546e4c583ea5
953d9b410a570cf3fa95eb1820a8069c02eb8b458ed9a20099526bd833769279

HTTP Headers

GET /npm/@markbattistella/docsify-charty@latest HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.0.2
x-jsd-version-type: version
etag: W/"48e0-P99aNyS0ncu/bjokKTFUbkxYPqU"
content-encoding: br
accept-ranges: bytes
age: 11467
date: Fri, 10 May 2024 09:39:11 GMT
x-served-by: cache-fra-etou8220087-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 5733
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/docsify/lib/plugins/zoom-image.min.js

151.101.129.229

200 OK

3.2 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/docsify/lib/plugins/zoom-image.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ransomware.live/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (9569)
Size
3.2 kB (3160 bytes)
Hash
fde70dffa0a4dbaf364f5e93b115cb95
540779e6cad6fc66998fcfe9719ed87391a869ec
73e70a64af96532474cb43878ef43ad6e450316e37ebcee96b31e6fe4dc8cd43

HTTP Headers

GET /npm/docsify/lib/plugins/zoom-image.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.13.1
x-jsd-version-type: version
etag: W/"2562-VAd55srW/GaZj8/pcZ7Yc5Goaew"
content-encoding: br
accept-ranges: bytes
age: 5956
date: Fri, 10 May 2024 09:39:11 GMT
x-served-by: cache-fra-eddf8230095-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3160
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/docsify-tabs@1

151.101.129.229

200 OK

3.3 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/docsify-tabs@1
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ransomware.live/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (9845)
Size
3.3 kB (3297 bytes)
Hash
2faa3901b73c56d71c9b6acba5ad5585
8ba3c192126f2abf15f78b742bd19b1f550aadcf
cf18d617c2b53f2b407aab6c7c5d5df0e268b74c028b7db039472175ad7a5c92

HTTP Headers

GET /npm/docsify-tabs@1 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.6.3
x-jsd-version-type: version
etag: W/"2728-i6PBkhJvKr8V94t0K9GbH1UKrc8"
content-encoding: br
accept-ranges: bytes
age: 29844
date: Fri, 10 May 2024 09:39:11 GMT
x-served-by: cache-fra-etou8220103-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3297
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/docsify-progress@latest/dist/progress.min.js

151.101.129.229

200 OK

928 B

URL GET HTTP/2
cdn.jsdelivr.net/npm/docsify-progress@latest/dist/progress.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ransomware.live/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (1478)
Size
928 B (928 bytes)
Hash
ea120bdfba351aa7d46b398848e082c4
ebbc4e651e6cfbe18361539cb893bf5025bbd6d4
6fc8d5044e0ae4ab8f5a58b6bcf466acbd9fbe15cf97b33580cb96fb75a2ac8f

HTTP Headers

GET /npm/docsify-progress@latest/dist/progress.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.0.3
x-jsd-version-type: version
etag: W/"717-67xOZR5s++GDYVOcuJO/UCW71tQ"
content-encoding: br
accept-ranges: bytes
age: 30595
date: Fri, 10 May 2024 09:39:11 GMT
x-served-by: cache-fra-etou8220130-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 928
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/docsify-darklight-theme@latest/dist/style.min.css

151.101.129.229

200 OK

3.9 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/docsify-darklight-theme@latest/dist/style.min.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ransomware.live/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (13400), with no line terminators
Size
3.9 kB (3877 bytes)
Hash
c5b878cd65644a5c6304a85c765084aa
7bf7442e7fe3a943bc90088f03b279638ad7b109
882b8ec6d61636be303cac53eeb5b3c87b3c6fc25c63b84afbed43b50e52f2e3

HTTP Headers

GET /npm/docsify-darklight-theme@latest/dist/style.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.2.0
x-jsd-version-type: version
etag: W/"3458-e/dELn/jqUO8kAiPA7J5Y4rXsQk"
content-encoding: br
accept-ranges: bytes
age: 9608
date: Fri, 10 May 2024 09:39:11 GMT
x-served-by: cache-fra-eddf8230047-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3877
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/pdfobject/2.1.1/pdfobject.min.js

104.17.24.14

200 OK

1.7 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/pdfobject/2.1.1/pdfobject.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (985)
Size
1.7 kB (1676 bytes)
Hash
7b182dba7871b9d622ee7876400673ed
43bca13a522bd30858d0a65f8b8cbb04135ac1cc
ad83d7ddd5eaf0d879df612f092d9fa1ec93826cdb702f2efa70a4feb12d2970

HTTP Headers

GET /ajax/libs/pdfobject/2.1.1/pdfobject.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 1676
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03f88-15a5"
last-modified: Mon, 04 May 2020 16:15:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 186861
expires: Wed, 30 Apr 2025 09:39:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mTMGg66VM28lO%2FMhYCSQjgmzWrX4T01nKQgW7Erk1Kzft3nSH7fwzUfwSpihTHRxm51h5QyyvJ6cAlRiciVHPeopLftWN8OktAj0bRm2Ze1DHTagfWTniDvlw87HFK35W%2FkyI3IR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8818f5ead9b80b02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/docsify@4

151.101.129.229

200 OK

50 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/docsify@4
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ransomware.live/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65522), with no line terminators
Size
50 kB (49766 bytes)
Hash
b36fc22c95c1ac7584cdc453087c7406
4576a4d74296a74dcf001767640b1fbecc5fc238
9123f808d3f6ad736b4a8f99944a611f87c5d4f9328030080a5c029ed5f450a5

HTTP Headers

GET /npm/docsify@4 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.13.1
x-jsd-version-type: version
etag: W/"27498-RXak10KWp03PABdnZAsfvsxfwjg"
content-encoding: br
accept-ranges: bytes
age: 9564
date: Fri, 10 May 2024 09:39:11 GMT
x-served-by: cache-fra-eddf8230075-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 49766
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/docsify@4/lib/plugins/matomo.min.js

151.101.129.229

200 OK

367 B

URL GET HTTP/2
cdn.jsdelivr.net/npm/docsify@4/lib/plugins/matomo.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ransomware.live/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (713)
Size
367 B (367 bytes)
Hash
06cc448a98903a6e776cf8398f0d3e89
97b47f9e929c9d50c11f07b8cbdd3ccfed0386c7
239e1326ef6e4bb7fa0bdd0c60fa7a78d257dbce7861d902348aa5eb5920eb5c

HTTP Headers

GET /npm/docsify@4/lib/plugins/matomo.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.13.1
x-jsd-version-type: version
etag: W/"2ca-l7R/npKcnVDBHwe4y908z+0Dhsc"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 09:39:11 GMT
age: 36604
x-served-by: cache-fra-etou8220125-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 367
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/docsify/lib/plugins/search.min.js

151.101.129.229

200 OK

3.4 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/docsify/lib/plugins/search.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ransomware.live/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (8164)
Size
3.4 kB (3404 bytes)
Hash
8487bc09429fd676399d6d2ec547064c
1fbad2860ee8f40a2516454587fe6f9f66252cbd
ab20792dc69dfd9cdb19479f716f69a619e577dec452739196770134dd71f297

HTTP Headers

GET /npm/docsify/lib/plugins/search.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.13.1
x-jsd-version-type: version
etag: W/"1fe7-H7rShg7o9AolFkVFh/5vn2YlLL0"
content-encoding: br
accept-ranges: bytes
age: 2292
date: Fri, 10 May 2024 09:39:11 GMT
x-served-by: cache-fra-eddf8230139-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3404
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/docsify-darklight-theme@latest/dist/index.min.js

151.101.129.229

200 OK

979 B

URL GET HTTP/2
cdn.jsdelivr.net/npm/docsify-darklight-theme@latest/dist/index.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ransomware.live/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (2680)
Size
979 B (979 bytes)
Hash
7bf9a9a55c0f38885105b04d5539cf19
eb5de37361976f682f173dab256bca1b43c6338a
bb4f8a712b3c869e1676ec7dbd28bbd6f5124756ebc6f9f12fed88e557e27bed

HTTP Headers

GET /npm/docsify-darklight-theme@latest/dist/index.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.2.0
x-jsd-version-type: version
etag: W/"a79-613jc2GXb2gvFz2rJWvKG0PGM4o"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 09:39:11 GMT
age: 248
x-served-by: cache-fra-eddf8230128-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 979
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=PT+Sans&Source+Sans+Pro&Roboto+Mono&display=swap

142.250.74.106

200 OK

923 B

URL GET HTTP/2
fonts.googleapis.com/css?family=PT+Sans&Source+Sans+Pro&Roboto+Mono&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
923 B (923 bytes)
Hash
18864e1b82cbbd8cfa91d7cca9780a25
be354f2111dc38bc6d4fb58fc34ba08298f05f57
5918d5648a817bdfad1398e439978b2906465af93e428dcaa3b1b56ca6085783

HTTP Headers

GET /css?family=PT+Sans&Source+Sans+Pro&Roboto+Mono&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 09:39:11 GMT
date: Fri, 10 May 2024 09:39:11 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ransomware.live/icon/android-icon-192x192.png

162.19.65.199

200 OK

34 kB

URL GET HTTP/2
ransomware.live/icon/android-icon-192x192.png
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
34 kB (34216 bytes)
Hash
8c3c1fb48929abdc918fe0ee8a8e803d
e8be0a8823493d9aac033485fd837b7e7ea59a09
ef344357c2573687081f66f2111efa83cbc1ef890a81eaec1c9650df6908e74e

HTTP Headers

GET /icon/android-icon-192x192.png HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: image/png
content-length: 34216
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

unpkg.com/docsify-scroll-to-top@1.0.2/dist/docsify-scroll-to-top.min.js

104.17.248.203

200 OK

2.4 kB

URL GET HTTP/2
unpkg.com/docsify-scroll-to-top@1.0.2/dist/docsify-scroll-to-top.min.js
IP
104.17.248.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type
JavaScript source, ASCII text, with very long lines (1836), with no line terminators
Size
2.4 kB (2417 bytes)
Hash
d1a75f60721491d6d0f47b343379c043
547a6bee96b601f35bf571b50f81d84f1c36d471
529072c12abaa15f1494025d07e3cf3507662e8dd479206cb3d1a447c76728b6

HTTP Headers

GET /docsify-scroll-to-top@1.0.2/dist/docsify-scroll-to-top.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ransomware.live/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:11 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "72c-VHpr7pa2AfNb9XG1D4HYTxw21HE"
via: 1.1 fly.io
fly-request-id: 01HXFMKNCB2V5CDHQP1N0TKZ26-arn
cf-cache-status: HIT
age: 43326
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8818f5ef6e8756c9-OSL
X-Firefox-Spdy: h2

ransomware.live/ransomwarelive.png

162.19.65.199

200 OK

37 kB

URL GET HTTP/2
ransomware.live/ransomwarelive.png
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
PNG image data, 957 x 577, 8-bit/color RGBA, non-interlaced
Size
37 kB (36922 bytes)
Hash
1c57b5c32bebe1e469210cc1a5ac4f45
83bdd420d6e61ba40abdbed3c7ee741d6c9aacf2
3a249ea94200d066172209f9973c42bec56c7c9f5d36c7b9aee290ec023f2e64

HTTP Headers

GET /ransomwarelive.png HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: image/png
content-length: 36922
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

ransomware.live/README.md

162.19.65.199

200 OK

2.6 kB

URL GET HTTP/2
ransomware.live/README.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (314)
Size
2.6 kB (2642 bytes)
Hash
6bf52ee2898066cb7662212674d07a20
1e0cf3330b88577aee4da9ce1574eb239b4490ea
70f0576fa9315f911e8cc9403d510443368efae1cfe4aebb79734476385b7d21

HTTP Headers

GET /README.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 2642
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

unpkg.com/docsify-plugin-flexible-alerts@1.1.1/dist/docsify-plugin-flexible-alerts.min.js

104.17.248.203

200 OK

49 kB

URL GET HTTP/2
unpkg.com/docsify-plugin-flexible-alerts@1.1.1/dist/docsify-plugin-flexible-alerts.min.js
IP
104.17.248.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type
JavaScript source, ASCII text, with very long lines (8530)
Size
49 kB (48642 bytes)
Hash
665bbd04999ab2beedc072e4af3ea2dd
c442d12a281aa0809498eb7e7c33e25628b02088
683a0c4d4851b4c95d9bb6ffe64c455fb186cb6d6a6a669568b30d90e935ec05

HTTP Headers

GET /docsify-plugin-flexible-alerts@1.1.1/dist/docsify-plugin-flexible-alerts.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ransomware.live/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:11 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "2231-xELRKigaoICUmOt+fDPiViiwIIg"
via: 1.1 fly.io
fly-request-id: 01HWR5J2PJ6CQ1T31SSF72N1JN-arn
cf-cache-status: HIT
age: 830858
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8818f5efcf4c56c9-OSL
X-Firefox-Spdy: h2

cdn.buymeacoffee.com/buttons/v2/default-yellow.png

104.26.3.199

200 OK

4.4 kB

URL GET HTTP/2
cdn.buymeacoffee.com/buttons/v2/default-yellow.png
IP
104.26.3.199:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectbuymeacoffee.com
Fingerprint3C:B2:AD:FD:9F:5F:2A:B1:8E:20:34:D2:84:08:3C:9E:2D:52:98:03
ValidityFri, 03 May 2024 03:12:03 GMT - Thu, 01 Aug 2024 03:12:02 GMT

File type
PNG image data, 545 x 153, 8-bit colormap, non-interlaced
Size
4.4 kB (4431 bytes)
Hash
d1d1e773a0bc722092cf828806b378d7
e1f376c4c9ea2582a7743b39d3c77802bca99d40
a72341bd3e0d51568e4c621bfb4bd315f6e71cf39fd3e71f7daf4a93f00425a7

HTTP Headers

GET /buttons/v2/default-yellow.png HTTP/1.1
Host: cdn.buymeacoffee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: image/png
content-length: 4431
age: 835914
cache-control: max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=4811, status=vary_header_present
alt-svc: h3=":443"; ma=86400
etag: "42fd33d40f198e2768efb362cd14a614"
last-modified: Wed, 02 Sep 2020 06:17:42 GMT
vary: Accept-Encoding, Origin
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-id: dkmZcneozQwwp2I8lC0W3lDVta2ufUFYOSpm7KiXXuLIvL4uNnmlMQ==
x-amz-cf-pop: OSL50-P1
x-amz-version-id: IRrP6poRR9RCvjPDSU1l1vpegsuo1elq
x-cache: Hit from cloudfront
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q40t1dNNnhiRBldArktNtqc2bg2rfq1DtMZ6h3zaHdwT4h22Uye06fTN7kIEVsQoDGZfbHZTlptjiJXv3FfvhN143XStl9st6Ez9vk6J3eXstzo%2FSchEnwWrcoxSxHxh7feAviNQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8818f5f119925696-OSL
X-Firefox-Spdy: h2

ransomware.live/_sidebar.md

162.19.65.199

200 OK

743 B

URL GET HTTP/2
ransomware.live/_sidebar.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
Unicode text, UTF-8 text
Size
743 B (743 bytes)
Hash
3997ea9f741704ae69603ed62826d2e3
7c427fd538c1d99de7622e9a51099a9bcdeb07f1
6941d9113598355d097f2aedb6105eb7997830654ffa8b32f8ddc62ca0b7afb6

HTTP Headers

GET /_sidebar.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 743
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2

216.58.207.227

200 OK

13 kB

URL GET HTTP/2
fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 12764, version 1.0
Size
13 kB (12764 bytes)
Hash
32cb6e15327552c8968f500de2911299
077b0ab74cbfa4fe8168b99415c43d5d17d25b7d
32c8a74ac0816253d69a7cc68a60986d91c77c80fb17101058527bffa45a13ba

HTTP Headers

GET /s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ransomware.live
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12764
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 01:37:37 GMT
expires: Sat, 10 May 2025 01:37:37 GMT
cache-control: public, max-age=31536000
age: 28895
last-modified: Thu, 14 Sep 2023 01:16:46 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ransomware.live/recentdiscoveredvictims.md

162.19.65.199

200 OK

62 kB

URL GET HTTP/2
ransomware.live/recentdiscoveredvictims.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (423)
Size
62 kB (62531 bytes)
Hash
2748731bbc513a4dff4403e161d26b3b
b37e9a2c772031d65bc9813860e2a64ff84e0206
a7be45a33e31d3534f58e02ba3cc19694f270c65d0d3a498ab4780cb839518d5

HTTP Headers

GET /recentdiscoveredvictims.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 62531
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

ransomware.live/country.md

162.19.65.199

200 OK

15 kB

URL GET HTTP/2
ransomware.live/country.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
Unicode text, UTF-8 text, with very long lines (473)
Size
15 kB (15046 bytes)
Hash
e0cc49b5049ecd60dcf569ead515c326
8b7926788b443945d44c35c19b31e0e059a2ca61
d76db00492bbfc9cab70c9263bbc17d4a459ad28198b8e2aee8bb53fe1692923

HTTP Headers

GET /country.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 15046
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

ransomware.live/map.md

162.19.65.199

200 OK

131 B

URL GET HTTP/2
ransomware.live/map.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
Unicode text, UTF-8 text
Size
131 B (131 bytes)
Hash
8c91e80a0a018d4eb2c821cb6d49bd22
3f95f4b078fe0858bc680d6673149aa9b55c5f83
b3e2a9fade8165f4cb46d5d9e9a7b51bd8903bb627e36d377be2a62bad947221

HTTP Headers

GET /map.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 131
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

mirrors.creativecommons.org/presskit/icons/nc.svg?ref=chooser-v1

172.67.1.191

200 OK

41 kB

URL GET HTTP/2
mirrors.creativecommons.org/presskit/icons/nc.svg?ref=chooser-v1
IP
172.67.1.191:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectcreativecommons.org
Fingerprint5A:43:03:C1:EF:EC:9F:BA:CB:F6:FA:5D:26:AF:06:78:DB:CA:C0:8F
ValidityFri, 29 Mar 2024 00:26:17 GMT - Thu, 27 Jun 2024 00:26:16 GMT

File type
gzip compressed data, from Unix
Size
41 kB (40873 bytes)
Hash
2726b9b2410c83b339950e4e27aafac3
be30bf5fb6456f6243377073d4c9019f466827a2
926020618b73f311d3cb048f1ee5db7d3ffd02af8ec4902a802948231e6548a6

HTTP Headers

GET /presskit/icons/nc.svg?ref=chooser-v1 HTTP/1.1
Host: mirrors.creativecommons.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: image/svg+xml
last-modified: Thu, 19 Feb 2009 20:07:34 GMT
etag: W/"499dbc06-7c1"
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 4100
vary: Accept-Encoding
server: cloudflare
cf-ray: 8818f5f19d3556bb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ransomware.live/status.md

162.19.65.199

200 OK

110 kB

URL GET HTTP/2
ransomware.live/status.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (320)
Size
110 kB (110162 bytes)
Hash
dfb1ba9314803b24b97d1cccde6b9622
6c073b41de2d1581bbc2949caa8c81bb00abe0b3
af8be5ddf0db5acb551d143d7d7611b3ff0e3d0fd1623b9b374afc43a64e8f3f

HTTP Headers

GET /status.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 110162
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

ransomware.live/ransomnotes.md

162.19.65.199

200 OK

3.9 kB

URL GET HTTP/2
ransomware.live/ransomnotes.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
Unicode text, UTF-8 text, with very long lines (311)
Size
3.9 kB (3858 bytes)
Hash
746c549ecba70fe6e3777576072377ec
46235767aefd050f6a898b884a0d4c6dd7b2ffc0
83c53577c9885a3407a665c687e3c60daece5515360b7e86339047327070d040

HTTP Headers

GET /ransomnotes.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 3858
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

ransomware.live/negotiations.md

162.19.65.199

200 OK

21 kB

URL GET HTTP/2
ransomware.live/negotiations.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
21 kB (21341 bytes)
Hash
d7d282e4c62b676fbf59930cce93acb7
bbeea45c3b56b3d0832b7f62455686595df3ad4b
55fb4ef3287bc03f1949eec3a826a2020fd7a25f56d79041a1d7e6abcca706d1

HTTP Headers

GET /negotiations.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 21341
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

ransomware.live/cartography.md

162.19.65.199

200 OK

1.3 kB

URL GET HTTP/2
ransomware.live/cartography.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
Unicode text, UTF-8 text, with very long lines (530)
Size
1.3 kB (1346 bytes)
Hash
69aa2df40e51389aa9ad628f0c073d74
1ba790487af0919c35ed6cca09d41d167428492e
aeebedf4ac134f09e90cf0a88f505322fb1a53a35457608ea552b3277a18824c

HTTP Headers

GET /cartography.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 1346
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

ransomware.live/stats.md

162.19.65.199

200 OK

1.1 kB

URL GET HTTP/2
ransomware.live/stats.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
Unicode text, UTF-8 text
Size
1.1 kB (1112 bytes)
Hash
6a09d4e7bcd7860827936592435b8456
5ddcf0deb1b5493579277a4f3def88011a2b7366
976f5ef3e12b73b5954dc801bae1287cbedae4ebe9ebd5244d6666254644f76a

HTTP Headers

GET /stats.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 1112
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

ransomware.live/about.md

162.19.65.199

200 OK

5.9 kB

URL GET HTTP/2
ransomware.live/about.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (913)
Size
5.9 kB (5918 bytes)
Hash
8c0cae6cb3e5b7cc54005c2a7400b15f
bdeddb95407f21768b151f5efc9af4b9cac28d53
adcb66f114e1d4eb141c143b9eac64bb2d0e8d01c597fa95657a98ff6b18fff6

HTTP Headers

GET /about.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 5918
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

ransomware.live/disclaimer.md

162.19.65.199

200 OK

764 B

URL GET HTTP/2
ransomware.live/disclaimer.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
Unicode text, UTF-8 text, with very long lines (392)
Size
764 B (764 bytes)
Hash
3f8adc8af2486720cc419de744e1f7da
f7c151c32acaf70c945c44276e8f05e9023901e3
b28bc53f443f6cc56db64796486882a3d75394d258fdf35509d4b0d5b45e31d2

HTTP Headers

GET /disclaimer.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 764
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/docsify-darklight-theme@latest/icons/moon.svg

151.101.129.229

200 OK

192 B

URL GET HTTP/3
cdn.jsdelivr.net/npm/docsify-darklight-theme@latest/icons/moon.svg
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ransomware.live/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
SVG Scalable Vector Graphics image
Size
192 B (192 bytes)
Hash
3a8c6da908393d148e11a131353cb800
a6a120adf2bb00029e6ce60d7efd892714ac0ce6
b4e128e64b14f5bf1981d475eb6314e97871b666f28d622fb111b7452c7d2be5

HTTP Headers

GET /npm/docsify-darklight-theme@latest/icons/moon.svg HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/npm/docsify-darklight-theme@latest/dist/style.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 192
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
x-jsd-version: 3.2.0
x-jsd-version-type: version
etag: W/"117-pqEgrfK7AAKebOYNfv2JJxSsDOY"
content-encoding: br
accept-ranges: bytes
age: 3292
date: Fri, 10 May 2024 09:39:12 GMT
x-served-by: cache-fra-etou8220078-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

ransomware.live/profiles.md

162.19.65.199

200 OK

752 kB

URL GET HTTP/2
ransomware.live/profiles.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1350)
Size
752 kB (751625 bytes)
Hash
2efcd9ebb942b05b28679df85fb0bf66
f049be600dac5618fadb995fe91fe264e5882d19
b89463faf67a8403da258816ca394eeec6a5ab45e3ecb4826c46901fc75f6fcb

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	NTML Hash Dump output file - John/LC format
Public Nextron YARA rules	malware	Detects indicators found in LockBit ransomware

HTTP Headers

GET /profiles.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 751625
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

stats.mousqueton.io/matomo.php?action_name=Ransomware.live&idsite=10&rec=1&r=821997&h=9&m=39&s=12&url=https%3A%2F%2Fransomware.live%2F%23%2F&_id=40766f884f7366f1&_idn=1&send_image=0&_refts=0&pv_id=48f6Ax&pf_net=99&pf_srv=20&pf_tfr=1&pf_dm1=1059&uadata=%7B%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024

51.178.87.219

204 No Content

0 B

URL POST HTTP/2
stats.mousqueton.io/matomo.php?action_name=Ransomware.live&idsite=10&rec=1&r=821997&h=9&m=39&s=12&url=https%3A%2F%2Fransomware.live%2F%23%2F&_id=40766f884f7366f1&_idn=1&send_image=0&_refts=0&pv_id=48f6Ax&pf_net=99&pf_srv=20&pf_tfr=1&pf_dm1=1059&uadata=%7B%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024
IP
51.178.87.219:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectstats.mousqueton.io
Fingerprint29:E5:F3:AE:04:3B:F6:1C:ED:68:F3:06:AC:1F:0B:6F:69:23:9B:4D
ValidityWed, 24 Apr 2024 21:17:34 GMT - Tue, 23 Jul 2024 21:17:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /matomo.php?action_name=Ransomware.live&idsite=10&rec=1&r=821997&h=9&m=39&s=12&url=https%3A%2F%2Fransomware.live%2F%23%2F&_id=40766f884f7366f1&_idn=1&send_image=0&_refts=0&pv_id=48f6Ax&pf_net=99&pf_srv=20&pf_tfr=1&pf_dm1=1059&uadata=%7B%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024 HTTP/1.1
Host: stats.mousqueton.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: https://ransomware.live
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 10 May 2024 09:39:12 GMT
access-control-allow-origin: https://ransomware.live
access-control-allow-credentials: true
referrer-policy: origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto+Mono|Source+Sans+Pro:300,400,600

142.250.74.106

200 OK

8.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto+Mono|Source+Sans+Pro:300,400,600
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
8.4 kB (8371 bytes)
Hash
527c1b4a93ed50aff8eeee5d2873e213
efec962b17a046f1ffb9fd9d665d625ab40cb1a4
f4894b8ecf1bbc3e4c32f271c3a99eb49bca2564d22f821c5d443f4a6107ce5b

HTTP Headers

GET /css?family=Roboto+Mono|Source+Sans+Pro:300,400,600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 09:39:11 GMT
date: Fri, 10 May 2024 09:39:11 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

stats.mousqueton.io/matomo.php?action_name=Ransomware.live%20%F0%9F%91%80%20-%20Ransomware%20Groups%27%20Victims%20Tracking%20%26%20Monitoring&idsite=10&rec=1&r=130923&h=9&m=39&s=12&url=https%3A%2F%2Fransomware.live%2F&_id=40766f884f7366f1&_idn=0&send_image=0&_refts=0&pv_id=iytfNk&pf_net=99&pf_srv=20&pf_tfr=1&pf_dm1=1059&uadata=%7B%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024

51.178.87.219

204 No Content

0 B

URL POST HTTP/2
stats.mousqueton.io/matomo.php?action_name=Ransomware.live%20%F0%9F%91%80%20-%20Ransomware%20Groups%27%20Victims%20Tracking%20%26%20Monitoring&idsite=10&rec=1&r=130923&h=9&m=39&s=12&url=https%3A%2F%2Fransomware.live%2F&_id=40766f884f7366f1&_idn=0&send_image=0&_refts=0&pv_id=iytfNk&pf_net=99&pf_srv=20&pf_tfr=1&pf_dm1=1059&uadata=%7B%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024
IP
51.178.87.219:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectstats.mousqueton.io
Fingerprint29:E5:F3:AE:04:3B:F6:1C:ED:68:F3:06:AC:1F:0B:6F:69:23:9B:4D
ValidityWed, 24 Apr 2024 21:17:34 GMT - Tue, 23 Jul 2024 21:17:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /matomo.php?action_name=Ransomware.live%20%F0%9F%91%80%20-%20Ransomware%20Groups%27%20Victims%20Tracking%20%26%20Monitoring&idsite=10&rec=1&r=130923&h=9&m=39&s=12&url=https%3A%2F%2Fransomware.live%2F&_id=40766f884f7366f1&_idn=0&send_image=0&_refts=0&pv_id=iytfNk&pf_net=99&pf_srv=20&pf_tfr=1&pf_dm1=1059&uadata=%7B%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024 HTTP/1.1
Host: stats.mousqueton.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: https://ransomware.live
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 10 May 2024 09:39:13 GMT
access-control-allow-origin: https://ransomware.live
access-control-allow-credentials: true
referrer-policy: origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2

mirrors.creativecommons.org/presskit/icons/by.svg?ref=chooser-v1

172.67.1.191

200 OK

1.6 kB

URL GET HTTP/2
mirrors.creativecommons.org/presskit/icons/by.svg?ref=chooser-v1
IP
172.67.1.191:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectcreativecommons.org
Fingerprint5A:43:03:C1:EF:EC:9F:BA:CB:F6:FA:5D:26:AF:06:78:DB:CA:C0:8F
ValidityFri, 29 Mar 2024 00:26:17 GMT - Thu, 27 Jun 2024 00:26:16 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1563 bytes)
Hash
3c003d70e5f96970867cd15f2087ae0a
fd0194bf03ad485f4661b14f57430bf99a9019e5
e0821802464319935c1807384a76bd71f0eb0ec2242625effd150310eb078c91

HTTP Headers

GET /presskit/icons/by.svg?ref=chooser-v1 HTTP/1.1
Host: mirrors.creativecommons.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: image/svg+xml
last-modified: Thu, 19 Feb 2009 20:07:33 GMT
etag: W/"499dbc05-61b"
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1657
vary: Accept-Encoding
server: cloudflare
cf-ray: 8818f5f19d2c56bb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ransomware.live/js/config.js

162.19.65.199

200 OK

2.2 kB

URL GET HTTP/2
ransomware.live/js/config.js
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2341), with no line terminators
Size
2.2 kB (2241 bytes)
Hash
f7fa97b214aaef38b99e678f9cef1950
3947da67db3f415c0c9f7ae77e2578bdd74a8bca
51afb778cbf79e3ce0515a5faca1c97d2c77b6100fa66419894e09be1b3fd225

HTTP Headers

GET /js/config.js HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:11 GMT
content-type: application/javascript
vary: Accept-Encoding
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:11 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

stats.mousqueton.io/matomo.js

51.178.87.219

200 OK

67 kB

URL GET HTTP/2
stats.mousqueton.io/matomo.js
IP
51.178.87.219:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectstats.mousqueton.io
Fingerprint29:E5:F3:AE:04:3B:F6:1C:ED:68:F3:06:AC:1F:0B:6F:69:23:9B:4D
ValidityWed, 24 Apr 2024 21:17:34 GMT - Tue, 23 Jul 2024 21:17:33 GMT

File type
JavaScript source, ASCII text, with very long lines (1601)
Size
67 kB (66607 bytes)
Hash
14cdc4216e8570c05349164d12516056
51bd805b6a84d245aaa345bcc7d221c43780bd3b
b39abd9035f703b76dfed940898d572b9864f676eb1912a9142f0639dca6b2ce

HTTP Headers

GET /matomo.js HTTP/1.1
Host: stats.mousqueton.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/javascript
last-modified: Sun, 10 Mar 2024 17:45:28 GMT
vary: Accept-Encoding
etag: W/"65edf1b8-1042f"
expires: Fri, 10 May 2024 10:39:12 GMT
pragma: public
cache-control: max-age=3600, public
content-encoding: gzip
X-Firefox-Spdy: h2

ransomware.live/icon/favicon-16x16.png

162.19.65.199

200 OK

1.5 kB

URL GET HTTP/2
ransomware.live/icon/favicon-16x16.png
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.5 kB (1516 bytes)
Hash
7c120a27571658f62e421416d4522b90
fc7c6a2811a7b1f21f34e14cda46c9cf488f1906
27a7fa81ef1409934a14afe24bd4961de6afeba3d961a6f8caf7f5b9dbe751b9

HTTP Headers

GET /icon/favicon-16x16.png HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: image/png
content-length: 1516
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

unpkg.com/docsify-plugin-flexible-alerts@1.1.1

104.17.248.203

302 Found

8.8 kB

URL GET HTTP/2
unpkg.com/docsify-plugin-flexible-alerts@1.1.1
IP
104.17.248.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type

Size
8.8 kB (8753 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /docsify-plugin-flexible-alerts@1.1.1 HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ransomware.live/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 09:39:11 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
location: /docsify-plugin-flexible-alerts@1.1.1/dist/docsify-plugin-flexible-alerts.min.js
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01HWRA8KJMBH7NBYYZW63K4Y9K-arn
cf-cache-status: HIT
age: 825926
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8818f5efaf0656c9-OSL
X-Firefox-Spdy: h2

unpkg.com/docsify-footer-enh@0.0.9/dist/docsify-footer-enh.min.js

104.17.248.203

200 OK

755 B

URL GET HTTP/2
unpkg.com/docsify-footer-enh@0.0.9/dist/docsify-footer-enh.min.js
IP
104.17.248.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type
JavaScript source, ASCII text, with very long lines (777), with no line terminators
Size
755 B (755 bytes)
Hash
50df23a119fb6c5682ab8a29480a695e
e2d88ad934812c205825745d1ede97d04a9e4ade
80f4fe147c235fe566246c63073be3305d70e125df267a85679c05741c96e15c

HTTP Headers

GET /docsify-footer-enh@0.0.9/dist/docsify-footer-enh.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ransomware.live/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:11 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "2f3-DLXkLyLupSvBM9p8941z0jOeMoE"
via: 1.1 fly.io
fly-request-id: 01HX7E38NA2X82PXTE467GGQQ8-arn
cf-cache-status: HIT
age: 318590
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8818f5eace4256c9-OSL
X-Firefox-Spdy: h2

unpkg.com/docsify-pdf-embed-plugin@1.0.8/src/docsify-pdf-embed.js

104.17.248.203

200 OK

6.7 kB

URL GET HTTP/2
unpkg.com/docsify-pdf-embed-plugin@1.0.8/src/docsify-pdf-embed.js
IP
104.17.248.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type
JavaScript source, ASCII text, with very long lines (7467), with no line terminators
Size
6.7 kB (6748 bytes)
Hash
c86455a003bec90ede9e0ede8f1db155
afa709d735b01ae59f40df65f77fd0825991134c
ae9dee9d23c8ee702e3abf7ab19176294546a6c81824ed519dfb7cc609dcce44

HTTP Headers

GET /docsify-pdf-embed-plugin@1.0.8/src/docsify-pdf-embed.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ransomware.live/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:11 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "1a5c-ii8PCMIFwkK/HYBJUrOFmaIdBlY"
via: 1.1 fly.io
fly-request-id: 01HWRX9FY9NYQ8PFD3KYYKSPAZ-arn
cf-cache-status: HIT
age: 805974
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8818f5ed8af656c9-OSL
X-Firefox-Spdy: h2

ransomware.live/

162.19.65.199

200 OK

8.9 kB

URL User Request GET HTTP/2
ransomware.live/
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (8030), with no line terminators
Size
8.9 kB (8866 bytes)
Hash
8d17760ff3ddfcf453b2df823c82ff68
98946ce239a4b58cbdb75c15c55c310a08178329
4551266dfe436e525706877ad2738d9ba1b32c2f0bf378e7537e963e80e11bed

HTTP Headers

GET / HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:10 GMT
content-type: text/html
vary: Accept-Encoding
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:10 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

ransomware.live/recentcyberattacks.md

162.19.65.199

200 OK

40 kB

URL GET HTTP/2
ransomware.live/recentcyberattacks.md
IP
162.19.65.199:443
ASN
#16276 OVH SAS

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectransomware.live
Fingerprint67:FB:6C:2D:EE:DF:D5:C8:A4:37:3D:CE:9E:21:D8:0C:73:D8:8A:E4
ValidityMon, 15 Apr 2024 11:02:03 GMT - Sun, 14 Jul 2024 11:02:02 GMT

File type

Size
40 kB (39748 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /recentcyberattacks.md HTTP/1.1
Host: ransomware.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: application/octet-stream
content-length: 39748
server: Ransomware.live by Julien Mousqueton v202404
last-modified: Friday, 10-May-2024 09:39:12 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

unpkg.com/docsify-footer-enh/dist/docsify-footer-enh.min.js

104.17.248.203

302 Found

755 B

URL GET HTTP/2
unpkg.com/docsify-footer-enh/dist/docsify-footer-enh.min.js
IP
104.17.248.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type

Size
755 B (755 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /docsify-footer-enh/dist/docsify-footer-enh.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 09:39:11 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /docsify-footer-enh@0.0.9/dist/docsify-footer-enh.min.js
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01HXGXGCTDTK8XRV0QWGR0ZZXD-arn
cf-cache-status: HIT
age: 441
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8818f5ea8ddc56c9-OSL
X-Firefox-Spdy: h2

unpkg.com/docsify-pdf-embed-plugin/src/docsify-pdf-embed.js

104.17.248.203

302 Found

6.7 kB

URL GET HTTP/2
unpkg.com/docsify-pdf-embed-plugin/src/docsify-pdf-embed.js
IP
104.17.248.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type

Size
6.7 kB (6748 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /docsify-pdf-embed-plugin/src/docsify-pdf-embed.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 09:39:11 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /docsify-pdf-embed-plugin@1.0.8/src/docsify-pdf-embed.js
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01HXGXXVPVVBC5XJ1A6SV2A4EJ-arn
cf-cache-status: EXPIRED
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8818f5eade5a56c9-OSL
X-Firefox-Spdy: h2

mirrors.creativecommons.org/presskit/icons/cc.svg?ref=chooser-v1

172.67.1.191

200 OK

2.6 kB

URL GET HTTP/2
mirrors.creativecommons.org/presskit/icons/cc.svg?ref=chooser-v1
IP
172.67.1.191:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerLet's Encrypt
Subjectcreativecommons.org
Fingerprint5A:43:03:C1:EF:EC:9F:BA:CB:F6:FA:5D:26:AF:06:78:DB:CA:C0:8F
ValidityFri, 29 Mar 2024 00:26:17 GMT - Thu, 27 Jun 2024 00:26:16 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2573 bytes)
Hash
86f82d934a5aa6a7cc4f18b22d362e96
e95484b4a0749f86420aa2ac0b20c461daa4cda1
a7f62204e143f4cd81e8c2d88ff18bac45d6c22c0adbc5f5ef9f9185f8b39809

HTTP Headers

GET /presskit/icons/cc.svg?ref=chooser-v1 HTTP/1.1
Host: mirrors.creativecommons.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:39:12 GMT
content-type: image/svg+xml
last-modified: Thu, 19 Feb 2009 20:07:34 GMT
etag: W/"499dbc06-a0d"
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5256
vary: Accept-Encoding
server: cloudflare
cf-ray: 8818f5f18d2256bb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

unpkg.com/docsify-plugin-flexible-alerts

104.17.248.203

302 Found

8.8 kB

URL GET HTTP/2
unpkg.com/docsify-plugin-flexible-alerts
IP
104.17.248.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type

Size
8.8 kB (8753 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /docsify-plugin-flexible-alerts HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 09:39:11 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /docsify-plugin-flexible-alerts@1.1.1
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01HXGXXVP5QDET74DP6SHE1SNE-arn
cf-cache-status: EXPIRED
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8818f5eaae2556c9-OSL
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2

216.58.207.227

200 OK

45 kB

URL GET HTTP/2
fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 45300, version 1.0
Size
45 kB (45300 bytes)
Hash
5fe660c3a23b871807b0e1d3ee973d23
62a9dd423b30b6ee3ab3dd40d573545d579af10a
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d

HTTP Headers

GET /s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ransomware.live
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 45300
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:15:04 GMT
expires: Fri, 09 May 2025 02:15:04 GMT
cache-control: public, max-age=31536000
age: 113048
last-modified: Wed, 27 Apr 2022 16:11:08 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

unpkg.com/docsify-scroll-to-top/dist/docsify-scroll-to-top.min.js

104.17.248.203

302 Found

1.8 kB

URL GET HTTP/2
unpkg.com/docsify-scroll-to-top/dist/docsify-scroll-to-top.min.js
IP
104.17.248.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ransomware.live/
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type

Size
1.8 kB (1836 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /docsify-scroll-to-top/dist/docsify-scroll-to-top.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomware.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 09:39:11 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /docsify-scroll-to-top@1.0.2/dist/docsify-scroll-to-top.min.js
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01HXGXXVNV0Q28AZ250Z4R72DH-arn
cf-cache-status: EXPIRED
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8818f5ea9dfb56c9-OSL
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML