Overview

URLrespectphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
IP 188.114.96.1 (Colombia)
ASN#13335 CLOUDFLARENET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-07 07:43:02 UTC
StatusLoading report..
IDS alerts0
Blocklist alert2
urlquery alerts No alerts detected
Tags None

Domain Summary (34)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
geolocation.onetrust.com (1) 802 2018-02-07 11:23:41 UTC 2022-12-07 01:12:51 UTC 104.18.27.85
www.facebook.com (1) 99 No data No data 31.13.72.36
ocsp.digicert.com (8) 86 2012-05-21 07:02:23 UTC 2022-12-06 21:45:35 UTC 93.184.220.29
www.helpwire.com (24) 0 2019-12-09 23:07:07 UTC 2022-12-07 05:18:19 UTC 54.230.111.93 Domain (helpwire.com) ranked at: 925728
cdn.cookielaw.org (7) 502 2013-12-28 13:20:36 UTC 2022-12-06 17:29:30 UTC 104.16.149.64
ocsp.pki.goog (13) 175 2017-06-14 07:23:31 UTC 2022-12-06 17:12:08 UTC 216.58.211.3
connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2022-12-06 17:12:12 UTC 31.13.72.12
fonts.gstatic.com (1) 0 2014-04-02 10:51:04 UTC 2022-12-06 21:54:56 UTC 142.250.74.35 Domain (gstatic.com) ranked at: 540
respectphonesecurity.xyz (2) 0 2022-05-21 09:17:50 UTC 2022-12-07 04:43:17 UTC 188.114.96.1 Unknown ranking
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-06 17:13:17 UTC 34.117.237.239
redrotou.net (1) 145989 2021-03-16 05:03:50 UTC 2022-12-07 00:20:37 UTC 139.45.197.251
ocsp.sectigo.com (1) 487 2018-12-17 11:31:55 UTC 2022-12-06 21:32:26 UTC 172.64.155.188
ouhastay.net (2) 117137 2021-09-10 09:52:42 UTC 2022-12-07 00:25:52 UTC 139.45.197.239
r3.o.lencr.org (12) 344 2020-12-02 08:52:13 UTC 2022-12-06 17:12:17 UTC 95.101.11.115
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-12-06 17:17:39 UTC 34.160.144.191
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-12-06 17:19:43 UTC 44.236.232.139
fonts.googleapis.com (1) 8877 2012-05-23 12:41:44 UTC 2022-12-06 23:11:27 UTC 142.250.74.106
track.profitableredirect.com (1) 124496 2020-04-15 08:52:59 UTC 2022-12-07 06:00:31 UTC 18.192.108.151
my.rtmark.net (3) 9054 2015-02-04 09:54:57 UTC 2022-12-06 19:56:06 UTC 139.45.195.8
respectphonesecurity.xyz (2) 0 2022-05-21 09:17:50 UTC 2022-12-07 04:43:17 UTC 188.114.97.1 Unknown ranking
cdn.galattic.com (2) 0 2022-12-02 04:17:53 UTC 2022-12-06 21:11:01 UTC 95.110.203.212 Unknown ranking
firefox.settings.services.mozilla.com (2) 867 2020-05-25 20:06:39 UTC 2022-12-06 17:12:34 UTC 34.102.187.140
analytics.tiktok.com (4) 1182 2020-02-29 13:09:05 UTC 2022-12-06 17:13:10 UTC 95.101.10.113
app1-smartsecurity-etl.herokuapp.com (4) 115431 2021-11-12 17:04:25 UTC 2022-12-06 22:52:29 UTC 54.243.129.215
overalltrack.com (3) 112756 2018-12-01 03:47:10 UTC 2022-12-06 22:52:29 UTC 204.48.29.15
production-cmp.isgprivacy.cbsi.com (2) 11058 2019-10-31 03:32:28 UTC 2022-12-06 23:36:28 UTC 151.101.85.188
www.googletagservices.com (1) 169 2012-05-22 15:53:59 UTC 2022-12-07 01:09:17 UTC 142.250.74.34
securepubads.g.doubleclick.net (1) 190 2012-07-29 20:47:35 UTC 2022-12-06 17:15:33 UTC 142.250.74.130
partner.googleadservices.com (1) 798 2012-06-26 16:06:42 UTC 2022-12-06 17:12:43 UTC 216.58.207.226
afs.googleusercontent.com (2) 12123 2013-05-06 19:11:00 UTC 2022-12-06 17:12:43 UTC 216.58.207.225
revpu.sh (1) 711295 2020-05-09 09:05:15 UTC 2022-12-07 03:26:11 UTC 139.162.186.41
ocsp.sca1b.amazontrust.com (3) 1015 2016-02-14 02:37:56 UTC 2019-03-27 04:05:54 UTC 54.230.245.100
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-12-06 17:31:54 UTC 34.120.237.76
www.google.com (1) 7 2012-11-08 00:08:21 UTC 2022-12-06 23:42:40 UTC 216.58.207.228

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-12-07 2 ouhastay.net Sinkholed
2022-12-07 2 ouhastay.net Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 188.114.96.1
Date UQ / IDS / BL URL IP
2023-02-02 20:00:20 +0000 0 - 0 - 3 cakeglobaloffers.com/landingpages/vegas7en/in (...) 188.114.96.1
2023-02-02 19:56:26 +0000 0 - 0 - 6 happy-u.vip/bgv2?cep=5fjIOvElmQUXtI4yaGLiFCt6 (...) 188.114.96.1
2023-02-02 19:27:12 +0000 0 - 2 - 0 goroh.pp.ua/%D1%82%D1%80%D0%B0%D0%BD%D1%81%D0 (...) 188.114.96.1
2023-02-02 18:59:02 +0000 0 - 1 - 0 supportcheats.net/Loader/Spch.exe 188.114.96.1
2023-02-02 18:24:05 +0000 0 - 0 - 6 liquibill.ru/ID-63dbff7c57393 188.114.96.1


Last 5 reports on ASN: CLOUDFLARENET
Date UQ / IDS / BL URL IP
2023-02-02 20:26:09 +0000 0 - 6 - 0 www.bodycandy.com/collections/belly-rings?utm (...) 23.227.38.74
2023-02-02 20:25:27 +0000 0 - 0 - 0 wyzeiot.com 172.67.135.163
2023-02-02 20:24:59 +0000 0 - 5 - 0 sketchandetch.co/36107813004/orders/348916f78 (...) 23.227.38.65
2023-02-02 20:24:08 +0000 0 - 0 - 1 womenslifestyletoday.com/health-tips-to-creat (...) 188.114.97.1
2023-02-02 20:23:37 +0000 0 - 0 - 2 pakariklan.com/Mail-Server/vbd/a-l-l/admin_sy (...) 172.67.205.174


Last 5 reports on domain: respectphonesecurity.xyz
Date UQ / IDS / BL URL IP
2022-12-26 07:43:05 +0000 0 - 7 - 1 respectphonesecurity.xyz/smart-security-0/ind (...) 104.21.32.66
2022-12-25 07:44:01 +0000 0 - 7 - 2 respectphonesecurity.xyz/smart-security-0/ind (...) 104.21.32.66
2022-12-24 04:45:04 +0000 0 - 7 - 2 respectphonesecurity.xyz/smart-security-0/ind (...) 104.21.32.66
2022-12-20 22:43:05 +0000 0 - 7 - 2 respectphonesecurity.xyz/smart-security-0/ind (...) 104.21.32.66
2022-12-20 04:44:00 +0000 0 - 1 - 2 respectphonesecurity.xyz/smart-security-0/ind (...) 188.114.96.1


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-11-29 04:19:17 +0000 0 - 0 - 2 telefonica.site/co/lot2/nl/13/ 79.98.24.35
2022-11-29 01:10:02 +0000 0 - 0 - 3 tele123.store/cl/500/bx/nl 79.98.29.10
2022-11-28 21:51:17 +0000 0 - 0 - 4 telebroadband.site/ae/c/b/eg2/etisalat/ 79.98.29.16
2022-11-28 18:03:48 +0000 0 - 0 - 3 telebroadband.site/m/ae/ebx/ 79.98.29.16
2022-11-27 21:58:44 +0000 0 - 0 - 2 telefonica.site/co/fortune/nl/ 79.98.24.35

JavaScript

Executed Scripts (77)

Executed Evals (2)
#1 JavaScript::Eval (size: 5) - SHA256: 35e6366764c85ff27d4eaa8798d75814c7c25d9aa684fc270eac4d8056341083
enSet
#2 JavaScript::Eval (size: 0) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Executed Writes (14)
#1 JavaScript::Write (size: 2) - SHA256: 1d97c9fec35ad3ba402a8bb3548546924ce958f8f4b8a65b0f39c9c6171bdf34
Ad
#2 JavaScript::Write (size: 112) - SHA256: 4448b50a0446877c729032fc7d2ac04b985f7838bfc700b779e132afa7c2803c
Your phone Android Android can work faster, we released a Cleaner update, and it is recommended
for every phone.
#3 JavaScript::Write (size: 10) - SHA256: f96f4d46e788614ae69e039ae032229de03f08cfe7f84c7f405ba021e50d3eca
Update Now
#4 JavaScript::Write (size: 68) - SHA256: 3d616b12fbe8aa4b171323dc696cebb002be86551f35cc23fe0bc2756abc58e7
< a class = "button"
id = "center-button"
href = "smartsecurityxzt://open" >
#5 JavaScript::Write (size: 53) - SHA256: 6ce64525848d677d6f619f970e996c47cc6a82bf85d40bb2acd64474d3a3046e
Click < strong > Allow < /strong> To Continue Using Chrome
#6 JavaScript::Write (size: 156) - SHA256: 949398833ecb71dace0d6a15f4166af32a8e0c16be1f945f93297956925b8f51
< img src = 'https://overalltrack.com/api/v3.0/clickapi/img?aid=1&clickId={clickid}'
style = 'position:absolute;width:1px;height:1px;left:0;bottom:0;opacity:0;' >
#7 JavaScript::Write (size: 305) - SHA256: 7bbb8f019c06d98e1d74e1d16fdf338d82d2fa0bec4ed978dc84a35449308b9e
< a class = "close exitpoint"
style = "display: none"
id = "close-button"
href = "market://details?id=com.smartsecurityxzt&referrer=publisher%3D{trafficsource.name}%26clickid%3D{clickid}%26utm_source%3Dvar1%26utm_medium%3Drestart_{offer.name}%26utm_campaign%3D{trafficsource.name}%26timestamp%3D1670398971954" > < /a>
#8 JavaScript::Write (size: 89) - SHA256: 6c19434f8282294efc05f0fd70015529942972352a6b00984ac14d444f61db9b
Update now
for < strong > FREE < /strong> to clean and boost your Android Android immediately!
#9 JavaScript::Write (size: 6) - SHA256: 19766ed6ccb2f4a32778eed80d1928d2c87a18d7c275ccb163ec6709d3eb2e27
Cancel
#10 JavaScript::Write (size: 8) - SHA256: 31fbef162594de01bab0cd525c51f74de7bcb15063029fa1a54b2cf5944c80d8
Continue
#11 JavaScript::Write (size: 50) - SHA256: be434f49ec21e26b619e4186cce641233e60036505ac9cf6de704ebeb72b0e6d
Cleaner Update
for Android Android is Recommended!
#12 JavaScript::Write (size: 294) - SHA256: 9da1e7a130eae99f1a84063b2ec405c47ac8a7e7b9597b8bd65e12f8640101e4
< a class = "button exitpoint right cancel"
id = "cancel-button"
href = "market://details?id=com.smartsecurityxzt&referrer=publisher%3D{trafficsource.name}%26clickid%3D{clickid}%26utm_source%3Dvar1%26utm_medium%3Drestart_{offer.name}%26utm_campaign%3D{trafficsource.name}%26timestamp%3D1670398971954" >
#13 JavaScript::Write (size: 4) - SHA256: ecd5b806462c7dfdf078ac76c549060a06660422d00e55bd5823be6747361085
< /a>
#14 JavaScript::Write (size: 290) - SHA256: 5094bf8f82cbd1ad2a8915f4062bb89d8151a59d2e1b99815e5d83a6fef49989
< a class = "button exitpoint install"
id = "install-button"
href = "market://details?id=com.smartsecurityxzt&referrer=publisher%3D{trafficsource.name}%26clickid%3D{clickid}%26utm_source%3Dvar1%26utm_medium%3Drestart_{offer.name}%26utm_campaign%3D{trafficsource.name}%26timestamp%3D1670398971954" >


HTTP Transactions (115)


Request Response
                                        
                                            GET /smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name} HTTP/1.1 
Host: respectphonesecurity.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         188.114.96.1
HTTP/1.1 301 Moved Permanently
                                        
Date: Wed, 07 Dec 2022 07:42:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 07 Dec 2022 08:42:51 GMT
Location: https://respectphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OI6P3Hh%2FO0Hp9W59MzZKKbHrSUVqFsr%2B00P6y%2Flg8dIhnSayruGGaZLHjZp4wIjGyTeDV6ICRZlwZPEWFP14Ft0YQ8oqkW3E8q8Rdwv%2FzgJ9mtzCTLFX3eo6tTiTDBAn5D0g%2BMK0OBT7hjs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775ba0825fe3b500-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19605
Expires: Wed, 07 Dec 2022 13:09:36 GMT
Date: Wed, 07 Dec 2022 07:42:51 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3043
Cache-Control: 'max-age=158059'
Date: Wed, 07 Dec 2022 07:42:51 GMT
Etag: "638f19f6-1d7"
Last-Modified: Wed, 07 Dec 2022 06:52:10 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19530
Expires: Wed, 07 Dec 2022 13:08:21 GMT
Date: Wed, 07 Dec 2022 07:42:51 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 07:18:45 GMT
cache-control: public,max-age=3600
age: 1446
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: pxww8KuPwDCIKzdkNmVZ1Ih7CxYtqSysERTFutdARrtT+/+i37mcyrNq+MwGKBsxbzsAGDQOIpUxKaaY+OTxtA==
x-amz-request-id: 6QVEPXCQ98G8QDMW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 06:49:16 GMT
age: 3215
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 07 Dec 2022 07:42:51 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Cache-Control: 'max-age=158059'
Date: Wed, 07 Dec 2022 07:42:51 GMT
Server: ECS (amb/6B72)
Content-Length: 280

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 07:08:58 GMT
cache-control: public,max-age=3600
age: 2033
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Date: Wed, 07 Dec 2022 07:42:52 GMT
Last-Modified: Wed, 07 Dec 2022 07:42:51 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3027
Cache-Control: 'max-age=158059'
Date: Wed, 07 Dec 2022 07:42:52 GMT
Last-Modified: Wed, 07 Dec 2022 06:52:25 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   2185
Md5:    0f37c27303b793b8d32d067e62eeb643
Sha1:   f2db11ee3f437b435d7e937e65a4aa515e3e280b
Sha256: 40dea938c01f8b759522dc6fbe9553ef67b50fb340a59ff0657ed37fa84ec9e6
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF2E0268A5ED0CA7D64DFC1BAA3D56D55F4062E4D84972BC9423FE56DF585673"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4899
Expires: Wed, 07 Dec 2022 09:04:31 GMT
Date: Wed, 07 Dec 2022 07:42:52 GMT
Connection: keep-alive

                                        
                                            GET /p.js?f=sync&lr=1&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://respectphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: text/javascript
                                        
server: nginx
date: Wed, 07 Dec 2022 07:42:52 GMT
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   697
Md5:    7e1da03b7d5254f7b1d93874c8f85ce4
Sha1:   c1ff6bec84dd9b2bf2bbcd11bb8791444f04b2d7
Sha256: ff9366f794284e39381efd6b8ae4b6273469134c741ca7c3d6a1e1248e1a98d4
                                        
                                            GET /i18n/pixel/events.js?sdkid=C8SQEGFV9S6N3MLDFVTG&lib=ttq HTTP/1.1 
Host: analytics.tiktok.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://respectphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         95.101.10.113
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: nginx
x-tt-logid: 20221207074252C2CDA45AB7742326CD3B
x-tt-trace-host: 01250e51f4d5abc0e156abb7e367bacbb61987e92ca6e82fe8f5ce61a0d782a00bf98a4d5aea4e3f6f42dcf3880b9005232e321fdc076c8b39c976855a693cf00f3af79d292cb9a8f5dd444b17270c10247026c13747d867ee7b0343688a437092
content-encoding: gzip
content-length: 1316
x-origin-response-time: 17,23.48.215.31
x-akamai-request-id: 933fcfb.6e1ba2ad
expires: Wed, 07 Dec 2022 07:42:52 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 07 Dec 2022 07:42:52 GMT
x-cache: TCP_MISS from a95-101-10-109.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
vary: Accept-Encoding
set-cookie: _ttp=2IZpU6Z3mJ9CMntXBPrOVS7TIEQ; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None
x-cache-remote: TCP_MISS from a23-48-215-31.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=97, origin; dur=17, inner; dur=3
x-parent-response-time: 113,95.101.10.109
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2645
Md5:    12204132c34805cc0059efc359ce72f8
Sha1:   1cfd9d6c8ee58d2485b78d8cfe159e1650802e45
Sha256: 191b324f98fdd626db46052f8ce7ee139762f1aee28c1af53b5c7676e86ee30c
                                        
                                            GET /i18n/pixel/static/main.MTk2NTc4NGU0MA.js HTTP/1.1 
Host: analytics.tiktok.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://respectphonesecurity.xyz/
Cookie: _ttp=2IZpU6Z3mJ9CMntXBPrOVS7TIEQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         95.101.10.113
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: nginx
cache-control: public, max-age=31536000, immutable
x-tt-logid: 20221206132732D0ECA0A6AEF9623F8A54
x-tt-trace-host: 014eb13aa4362f9dd2f6acd202ee4586f6cc2be1abb956fa86aa4dc7822d91eb681878c834a0bf3905d20952f57059d5498ad6745f86edb4261ab730e3788891ad407d101788fa5b87526d8c1d0913d567
content-encoding: gzip
content-length: 66584
date: Wed, 07 Dec 2022 07:42:52 GMT
x-cache: TCP_HIT from a95-101-10-109.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
vary: Accept-Encoding
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=4
x-akamai-request-id: 6e1ba34f
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21716)
Size:   66584
Md5:    a2ced8005c34dd0d76dda9f21d01afa5
Sha1:   d83e5c8cba4d9efdd3fb83c01cd8599ddf21b801
Sha256: 74b397f8b46b9f6747a4e2f3e817c883f466d33058c172759d2917635571c2e1
                                        
                                            GET /i18n/pixel/static/identify_7373d.js HTTP/1.1 
Host: analytics.tiktok.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://respectphonesecurity.xyz/
Cookie: _ttp=2IZpU6Z3mJ9CMntXBPrOVS7TIEQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         95.101.10.113
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: nginx
cache-control: public, max-age=31536000, immutable
x-tt-logid: 20221206132733A80B192CBC121C37E2D2
x-tt-trace-host: 014eb13aa4362f9dd2f6acd202ee4586f6cc2be1abb956fa86aa4dc7822d91eb6848eeec7666bf4bef48999ff53f693e32b35e570af7dbe6b8b28dc46e6340109e0f677d0ab0ff303ca92131a82741ece8
content-encoding: gzip
content-length: 30608
date: Wed, 07 Dec 2022 07:42:52 GMT
x-cache: TCP_MEM_HIT from a95-101-10-109.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
vary: Accept-Encoding
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=3
x-akamai-request-id: 6e1ba3bc
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   30608
Md5:    f903a41e043452e3ec96297bb8fe30de
Sha1:   21a750289fa7266253ab7b3b1a18b55bd0e0b857
Sha256: eebc96ed4144fe30c60fdbdaefe2ed2e4f09db990c29cebec4412bb804283eec
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A3EDB4813548859CFBEDD6F2BB070795ED6618A69AF768C5CE575287F2479E0"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2548
Expires: Wed, 07 Dec 2022 08:25:20 GMT
Date: Wed, 07 Dec 2022 07:42:52 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: I5i1Ni9LozBwHTq+e4oRRg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         44.236.232.139
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QgH6JNcUnUsC9/2syet8PfN551s=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8569A0CECA30B0C94FD81C46CF461CDD438FD03F469B162E565F2BDD3CC444A8"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6502
Expires: Wed, 07 Dec 2022 09:31:14 GMT
Date: Wed, 07 Dec 2022 07:42:52 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=134138
Date: Wed, 07 Dec 2022 07:42:52 GMT
Etag: "638f9e2c-1d7"
Expires: Thu, 08 Dec 2022 20:58:30 GMT
Last-Modified: Tue, 06 Dec 2022 19:55:24 GMT
Server: ECS (nyb/1D07)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8WYC4_3g-f-tH-d5LCfNV3iZJ8_DJKgNYQ_OpkVhBWsDPpGDnPN57w==
Age: 3786

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135242
Date: Wed, 07 Dec 2022 07:42:52 GMT
Etag: "638f9e2c-1d7"
Expires: Thu, 08 Dec 2022 21:16:54 GMT
Last-Modified: Tue, 06 Dec 2022 19:55:24 GMT
Server: ECS (bsa/EB1C)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2yfr2ndJ8jAcE57eAvseAfsm5rhEWPK9nk-8ho_DMDhcTbjChLxayA==
Age: 4890

                                        
                                            POST /api/v2/pixel HTTP/1.1 
Host: analytics.tiktok.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 918
Origin: https://respectphonesecurity.xyz
Connection: keep-alive
Referer: https://respectphonesecurity.xyz/
Cookie: _ttp=2IZpU6Z3mJ9CMntXBPrOVS7TIEQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         95.101.10.113
HTTP/2 200 OK
content-type: application/octet-stream
                                        
server: nginx
content-length: 0
access-control-allow-origin: *
x-tt-logid: 20221207074252151DD6975DF61F27B29F
x-tt-trace-host: 01250e51f4d5abc0e156abb7e367bacbb61987e92ca6e82fe8f5ce61a0d782a00b9a3df6c06e97d58c1cbc3e965ed0be6f63b28bdb17ea44d4311c6a7a638ceb6940d16c2eafaeeac79d8874e17aba2a0e9003a073014d82159f7be0983864607c
x-origin-response-time: 24,23.220.107.210
x-akamai-request-id: 3f3fd8b.6e1ba3dc
expires: Wed, 07 Dec 2022 07:42:52 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 07 Dec 2022 07:42:52 GMT
x-cache: TCP_MISS from a95-101-10-109.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-cache-remote: TCP_MISS from a23-220-107-210.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=96, origin; dur=24, inner; dur=18
x-parent-response-time: 116,95.101.10.109
X-Firefox-Spdy: h2

                                        
                                            OPTIONS /device_by_model?model=x64 HTTP/1.1 
Host: app1-smartsecurity-etl.herokuapp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://respectphonesecurity.xyz/
Origin: https://respectphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         54.243.129.215
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Connection: keep-alive
Server: gunicorn
Date: Wed, 07 Dec 2022 07:42:52 GMT
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Max-Age: 86400
Content-Length: 0
Via: 1.1 vegur

                                        
                                            GET /api/v3.0/clickapi/img?aid=1&clickId={clickid} HTTP/1.1 
Host: overalltrack.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://respectphonesecurity.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         204.48.29.15
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 07 Dec 2022 07:42:52 GMT
Content-Length: 43
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Set-Cookie: currentClickid=%7B%221%22%3A%22%7Bclickid%7D%22%7D; Max-Age=31536000; Path=/; Expires=Thu, 07 Dec 2023 07:42:52 GMT; Secure; SameSite=None

                                        
                                            OPTIONS /api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{offer.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1 HTTP/1.1 
Host: overalltrack.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://respectphonesecurity.xyz/
Origin: https://respectphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         204.48.29.15
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 07 Dec 2022 07:42:52 GMT
Content-Length: 8
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Allow: GET,HEAD


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   8
Md5:    f30c3a40e9a3e65c868c754a5de95919
Sha1:   65101ff283414b70636ff494d866190a66ed9978
Sha256: 875befe7cefc0715a17dc737f9514dda981f79a3c9f174badcae5bd1cc2425fe
                                        
                                            GET /device_by_model?model=x64 HTTP/1.1 
Host: app1-smartsecurity-etl.herokuapp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Basic bGFuZDptb2RlbGJyYW5k
Origin: https://respectphonesecurity.xyz
Connection: keep-alive
Referer: https://respectphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         54.243.129.215
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
                                        
Connection: keep-alive
Server: gunicorn
Date: Wed, 07 Dec 2022 07:42:52 GMT
Location: /device_by_model/?model=x64
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Vary: Origin
Access-Control-Allow-Origin: *
Content-Length: 0
Via: 1.1 vegur

                                        
                                            GET /api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{offer.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1 HTTP/1.1 
Host: overalltrack.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://respectphonesecurity.xyz
Connection: keep-alive
Referer: https://respectphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         204.48.29.15
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 07 Dec 2022 07:42:52 GMT
Content-Length: 126
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   126
Md5:    c8f85db18fe8f89306f6c0819c67036d
Sha1:   7b5c44e4a9fd70e664aa4fe54fc0bd7bb3963a31
Sha256: a71ab24977d03d440189548647bee7fdbdf0d6dee44478d1f6b44f17699a75ee
                                        
                                            GET /img.gif?f=sync&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8&ttl=&rurl=https%3A%2F%2Frespectphonesecurity.xyz%2Fsmart-security-0%2Findex.html%3Fclickid%3D%7Bclickid%7D%26utm_source%3D%7Bvar1%7D%26utm_medium%3Drestart_%7Boffer.name%7D%26publisher%3D%7Btrafficsource.name%7D%26utm_campaign%3D%7Btrafficsource.name%7D%23 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://respectphonesecurity.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 07 Dec 2022 07:42:52 GMT
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=470d179b8eca4aa0b55bebea2fb12353; expires=Thu, 07 Dec 2023 07:42:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            OPTIONS /device_by_model/?model=x64 HTTP/1.1 
Host: app1-smartsecurity-etl.herokuapp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://respectphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         54.243.129.215
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Connection: keep-alive
Server: gunicorn
Date: Wed, 07 Dec 2022 07:42:52 GMT
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Max-Age: 86400
Content-Length: 0
Via: 1.1 vegur

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AB0637E276FFCA0D0246A3123594115216D59CCB7C8233AB88A9C49A9BACA238"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14577
Expires: Wed, 07 Dec 2022 11:45:50 GMT
Date: Wed, 07 Dec 2022 07:42:53 GMT
Connection: keep-alive

                                        
                                            GET /device_by_model/?model=x64 HTTP/1.1 
Host: app1-smartsecurity-etl.herokuapp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://respectphonesecurity.xyz
Authorization: Basic bGFuZDptb2RlbGJyYW5k
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         54.243.129.215
HTTP/1.1 404 Not Found
Content-Type: application/json
                                        
Connection: keep-alive
Server: gunicorn
Date: Wed, 07 Dec 2022 07:42:53 GMT
Allow: GET, HEAD, OPTIONS
X-Frame-Options: DENY
Content-Length: 86
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Vary: Origin
Access-Control-Allow-Origin: *
Via: 1.1 vegur


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size:   86
Md5:    024c203b02c3d88f5e07d125220aa18a
Sha1:   4450bc452d44c05834e068f5341745b2e81ebbe3
Sha256: a7360add54a81883d7f3e724d07de917a7fcd5cc190db96b7de642d34ceb2787
                                        
                                            GET /pfe/current/micro.tag.min.js?z=4826947&sw=/sw-check-permissions-8b114.js HTTP/1.1 
Host: redrotou.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://respectphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.197.251
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 07 Dec 2022 07:42:53 GMT
last-modified: Thu, 01 Dec 2022 15:42:46 GMT
etag: W/"6388cb76-9a87"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   14376
Md5:    32dddb8b5ded58ef494247625dc90261
Sha1:   8e76aa8103e0342b0c7452b33e885569ed5c78af
Sha256: 0be68626182cfc164fcdc2a83961b5330c9e5ffe5091d306dd69aa63f3bff2a4
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4980
Expires: Wed, 07 Dec 2022 09:05:53 GMT
Date: Wed, 07 Dec 2022 07:42:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4980
Expires: Wed, 07 Dec 2022 09:05:53 GMT
Date: Wed, 07 Dec 2022 07:42:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4980
Expires: Wed, 07 Dec 2022 09:05:53 GMT
Date: Wed, 07 Dec 2022 07:42:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4980
Expires: Wed, 07 Dec 2022 09:05:53 GMT
Date: Wed, 07 Dec 2022 07:42:53 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e484ee7-12d9-41dc-b674-890c51c30626.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5913
x-amzn-requestid: 355ca338-7d8e-4a60-a491-0509d0ff32d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlirF3DIAMF-vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb610-5bff7b5b3984102e1ef0e737;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RlnA4SSUIbIVtGBxqBtabKw58aXWE-jGIKLZ4DnoTiGzvH5bzBOUbA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:54:15 GMT
age: 35318
etag: "a1b7863c70f1d501560a5b2fb4442f4835f94341"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5913
Md5:    b079607b368263e3517dd30250f5f2af
Sha1:   a1b7863c70f1d501560a5b2fb4442f4835f94341
Sha256: e7ed3ed2aca312d82fb017e06c6493fafffff9a603d1498c9c05355c08b444e0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10362
x-amzn-requestid: 7fdd2011-e283-467e-9f04-741946a834ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpl_1EsooAMFhvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d5065-0cddad1919d984065bd0b03e;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 01:59:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WtZWFmfVSXYRQlYwpBxj8JG_WC91ik_p68HjX7-wCfYb0624CvcBSA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:58:02 GMT
age: 71600
etag: "acece1761a7d4d3926500726c19d528bb204ef4c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10362
Md5:    550ee57c325ce8d4892400deb24141d3
Sha1:   acece1761a7d4d3926500726c19d528bb204ef4c
Sha256: 7cc68e966362916947e7d6e24d3c001c64298fec2438a97538765d801fa7c92c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6846
x-amzn-requestid: 53452103-6559-460c-ac40-4685e6816aa4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGx4E-mIAMFatg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a5-5327ec9a2f247cc91654df80;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Znjnq24wuXoi43Bfc9aPdcUHhMh-a00hSCXUHFpHq3sTtQQoUYe6Uw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 07:10:36 GMT
age: 1937
etag: "6d55b299f906908309f91eaf0a720ad65866db04"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6846
Md5:    a7ee62c5e846e8ad4808f4724f15146d
Sha1:   6d55b299f906908309f91eaf0a720ad65866db04
Sha256: 0d8f51d6f7f3bad4bb9d9c3000999739147f6dd718b290b0dca71a4cba85cb38
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7609
x-amzn-requestid: 02299a39-6804-49ae-b415-313b6e06b2ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfj24G39oAMF25Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63894cf8-5f578e3f211063bd125b645a;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 00:55:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uMTaiFjrcbJxWm4M7BuSHPu0BFUMp9UIpMvnvlLs_dajlM0_iObY2A==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:57:52 GMT
age: 35101
etag: "b3d22d146c6094cb539de40a72b9c5a140802ee5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7609
Md5:    0d0219e6bee2a28f003f396f872eecf0
Sha1:   b3d22d146c6094cb539de40a72b9c5a140802ee5
Sha256: 41c1b037e8e654c19f36b74cceccd1fc841cc9fb7de39ac552ab5089dc3e82db
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9613
x-amzn-requestid: 3542fd4f-74e3-450b-b7fc-04034d680bf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cslIEEDtIAMFfuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e8233-40eaebed627d374d0910e456;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 23:43:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2aI7z8gOkQiNDlj2tbsoWibfupjl25ZjoO_QRbfmXQKwO-yF455yXg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 07:18:37 GMT
age: 1456
etag: "3628390c62642dcc375b28f58c9b48180c4abd73"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9613
Md5:    b92721cbe24623f1713a5248d6a7c1b2
Sha1:   3628390c62642dcc375b28f58c9b48180c4abd73
Sha256: 37d0451c03bc7cf0253aba6d3204cbf38502692a0fbc751a3ead01b07e9a65d6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6110
x-amzn-requestid: 2ebf542a-dacc-472a-81c0-0c69cb1ec143
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEQAH2doAMFljA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb3ff-7173ff7941b57fa163e3cc6b;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:16:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fxuPjC35VBDaymSCPY_iBxDnQY4CFHgolHSmnDhCRUjzw5UzY7ovA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 04:14:32 GMT
age: 12501
etag: "c3b915cb579b651db25442fea0bbedd0d292c0fc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6110
Md5:    fb1ea0161d261518c99909aff49e6f58
Sha1:   c3b915cb579b651db25442fea0bbedd0d292c0fc
Sha256: d877a21abfd883a368da0136c4e56d7f590fa9e9ea09dec3675823211fe56385
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A17633616BACD38F4F0EC3CCD4694B85F7C5887FC7613B3E50C757E7D3A17529"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 07 Dec 2022 13:42:53 GMT
Date: Wed, 07 Dec 2022 07:42:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF2E0268A5ED0CA7D64DFC1BAA3D56D55F4062E4D84972BC9423FE56DF585673"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4897
Expires: Wed, 07 Dec 2022 09:04:31 GMT
Date: Wed, 07 Dec 2022 07:42:54 GMT
Connection: keep-alive

                                        
                                            GET /img.gif?f=merge&userId=b4274568db4a42fb9a56e9d6e0890c4e HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouhastay.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 07 Dec 2022 07:42:54 GMT
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=b4274568db4a42fb9a56e9d6e0890c4e; expires=Thu, 07 Dec 2023 07:42:54 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:54 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 04:52:36 GMT
Expires: Mon, 12 Dec 2022 04:52:35 GMT
Etag: "fc3d05405c60679f2916d4d7f9456f66ee17b47e"
Cache-Control: max-age=421180,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775ba0941adbb4f9-OSL

                                        
                                            POST /?z=3647676&syncedCookie=true&rhd=false HTTP/1.1 
Host: ouhastay.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 455
Origin: https://ouhastay.net
Connection: keep-alive
Referer: https://ouhastay.net/afu.php?zoneid=3647676&var=3647676&rid=ksX-wKK1z8yLZCaWKyzJyw%3D%3D&rhd=false
Cookie: OAID=b4274568db4a42fb9a56e9d6e0890c4e; oaidts=1670398973
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         139.45.197.239
HTTP/2 302 Found
                                        
server: nginx
date: Wed, 07 Dec 2022 07:42:54 GMT
content-length: 0
location: https://revpu.sh/redir?page=aHR0cHM6Ly93d3cuaGVscHdpcmUuY29tL2FydGljbGVzL2Vhc3ktaG9tZS1pbXByb3ZlbWVudD9xPVZlZWFtK1JhbnNvbXdhcmUrUHJvdGVjdGlvbiZzcmM9bWcmZ2NoPVQwMDAwMDEyJnZpc2l0b3JfaWQ9JTI0JTdCU1VCSUQlN0QmdGFyZ2V0X2lkPSU3QnpvbmVpZCU3RCZjYW1wYWlnbl9pZD0lN0JjYW1wYWlnbmlkJTdEJmxpbmtfa2V5PTA0NGIxOWM0OTA5OTg4YzFhNTFiOTU4YWE3ZTJiZmRk&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd&rdk=rk3
x-trace-id: fea309264ea9da42e8cf69e42dacf00a
link: <https://revpu.sh>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
access-control-allow-origin: https://ouhastay.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=b4274568db4a42fb9a56e9d6e0890c4e; expires=Thu, 07 Dec 2023 07:42:54 GMT; path=/; secure; SameSite=None oaidts=1670398973; expires=Thu, 07 Dec 2023 07:42:54 GMT; path=/; secure; SameSite=None syncedCookie=true; expires=Wed, 14 Dec 2022 07:42:54 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=140023
Date: Wed, 07 Dec 2022 07:42:54 GMT
Etag: "638fbbb0-1d7"
Expires: Thu, 08 Dec 2022 22:36:37 GMT
Last-Modified: Tue, 06 Dec 2022 22:01:20 GMT
Server: ECS (dcb/7F3C)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: zL4eTDm8ndOg9wfOBFUpcuZYAPwRGfc_NKQDR129xfejFptfts-P2w==
Age: 2117

                                        
                                            GET /_next/static/chunks/4963.2b7c7ead79fd7562.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 705
date: Wed, 07 Dec 2022 00:44:14 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: "032c63d7d69c01f1d1e645bd93ff7210"
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NCmbg7qLponRHJSupt3nivwfHzqTqnEFamHJluD6JlybTPx--ywGXA==
age: 25122
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (705), with no line terminators
Size:   705
Md5:    032c63d7d69c01f1d1e645bd93ff7210
Sha1:   3c0677bd33069b32ac660f354ab807d9625c7e08
Sha256: a24eef15ae3579a3947bd6798c646fcb8b556a293bfb8c24a00225376a7c0316
                                        
                                            GET /_next/static/AwjeBsmdDVNGYeOtHruZM/_ssgManifest.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 77
date: Wed, 07 Dec 2022 00:44:14 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: "b6652df95db52feb4daf4eca35380933"
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: p2BvsaSXu4H1KTtOQoI4uknZg1O_3DZn9t83w8uOBI84vj5YtOXk5g==
age: 25122
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   77
Md5:    b6652df95db52feb4daf4eca35380933
Sha1:   65451d110137761b318c82d9071c042db80c4036
Sha256: 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
                                        
                                            GET /_next/static/chunks/c16184b3-278d9312fe59238e.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 00:44:12 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"11bc8ea090dda19d4435839a4b7ab376"
cache-control: public, max-age=31536000, immutable
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RMSmQxuvEBguxLiv_J48ivhyfXuDthvl7o9DhO71xPCw4R_YSbv7CA==
age: 25124
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2570
Md5:    40c2fbc22c130458adab98196ac61a45
Sha1:   2bb360d40d1b6f14ad834de7aa7d2400fc804895
Sha256: 5be443480aa3ca6fa741eb63d203469f54ec0dbd9b32e2a6c03e9fca368a48a4
                                        
                                            GET /scripttemplates/otSDKStub.js HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.16.149.64
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 07:42:55 GMT
content-length: 7151
content-encoding: gzip
content-md5: bKkFjZE43AfZo3jm8gqLew==
last-modified: Tue, 06 Dec 2022 07:45:09 GMT
etag: 0x8DAD75DCC9E2F9F
x-ms-request-id: b80b8554-f01e-014c-18d0-0959ac000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 21197
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 775ba09bbf15b50b-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21747)
Size:   7151
Md5:    6ca9058d9138dc07d9a378e6f20a8b7b
Sha1:   ff5f65ad24a8e2b3042cbb0136be7edb52215c1a
Sha256: 1561d36bd995a09ea69c243767e196dd2e76a2753b59b78ecbf999161904f86d
                                        
                                            GET /dist/optanon-v1.1.0.js HTTP/1.1 
Host: production-cmp.isgprivacy.cbsi.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.85.188
HTTP/2 200 OK
content-type: application/x-javascript
                                        
x-amz-id-2: jtR/w/ggy4yJybv8Q6oEEVlLz2NZxrzjcRxyRWtbYV7zCAyFvJhKzrR2NoszBfi2tPd/SVORBTc=
last-modified: Wed, 30 Nov 2022 19:44:06 GMT
etag: "bea9da88ccef790fb77abaea44ea345e"
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-2:485666168322:build/prod-optanon-pipeline:8320ed39-e573-464a-ae46-962fa1ee7233
access-control-allow-origin: *
access-control-expose-headers: X-CDN
content-encoding: gzip
accept-ranges: bytes
date: Wed, 07 Dec 2022 07:42:55 GMT
via: 1.1 varnish
age: 3157
x-served-by: cache-bma1637-BMA
x-cache: HIT
x-cache-hits: 46
x-timer: S1670398975.337619,VS0,VE0
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 10990
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (30787)
Size:   10990
Md5:    67ef57e9804d6164ab0228529c00634a
Sha1:   b6221503720655cb5587ac02ab142e86547752c6
Sha256: 3e017104b5ad4b26d0365897e175f1c912c7d0272bfbf685a61187ed83ab95d8
                                        
                                            GET /consent/87c26e94-acc3-41b3-85ed-3c9e1e798677/87c26e94-acc3-41b3-85ed-3c9e1e798677.json HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.helpwire.com
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.16.149.64
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Wed, 07 Dec 2022 07:42:55 GMT
content-length: 1727
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: syva4P9DcY3+3gXgJPIG4A==
last-modified: Tue, 27 Sep 2022 17:18:48 GMT
etag: 0x8DAA0AC5785A8E9
x-ms-request-id: b719c1ee-f01e-00c0-7995-d252a2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 7675
expires: Thu, 08 Dec 2022 07:42:55 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 775ba09bf9b3b51d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (4419), with no line terminators
Size:   1727
Md5:    b32bdae0ff43718dfede05e024f206e0
Sha1:   06fc34e0d6682a3238ef79ad52d7d2d2d91a8bc6
Sha256: 09454c280e22b4b2d6396fd04e3a9e728068cace45e990a8dce5b44e1bd8c2bc
                                        
                                            GET /cps/shamanNotifier.js HTTP/1.1 
Host: production-cmp.isgprivacy.cbsi.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         151.101.85.188
HTTP/2 200 OK
content-type: application/x-javascript
                                        
x-amz-id-2: uubeTO18Dft9kzTBI/Toah17xX2B9HhMK6uDNdisIz7t5yffuVq6RDpXmOO3yypBeEdy+jCZy8Q=
last-modified: Fri, 22 Jul 2022 19:02:28 GMT
etag: "3e0cf3a78511da0d4110ac814d88e0ec"
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-2:485666168322:build/prod-shaman-notifier-pipeline:65247f02-0cba-4f78-bd98-f251a31929ac
access-control-allow-origin: *
access-control-expose-headers: X-CDN
content-encoding: gzip
accept-ranges: bytes
date: Wed, 07 Dec 2022 07:42:55 GMT
via: 1.1 varnish
age: 1857
x-served-by: cache-bma1637-BMA
x-cache: HIT
x-cache-hits: 25
x-timer: S1670398975.367751,VS0,VE0
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1598
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4276), with no line terminators
Size:   1598
Md5:    763348e62c55c7dd9305ec53c9625fb8
Sha1:   4ab12704650190c06e311bb87b1061189aeef8ed
Sha256: ad386546b56fdbc7ca27432d19cc95b00804bad4222e51e2d9edc3e46526c0e2
                                        
                                            GET /scripts/optanonApiBootstrap.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 541
date: Wed, 07 Dec 2022 07:42:56 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: "a350eef484fa9186bf408beda6538334"
accept-ranges: bytes
server: AmazonS3
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EED2D_EyTb-Cy_K2SrhORufE4N238QOcydxk5XkMpITKCWzBPbJnAA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   541
Md5:    a350eef484fa9186bf408beda6538334
Sha1:   39838a84ccd3d3407b873bf64d20830ee1174a9e
Sha256: 759eb2ef0ee7c0dd29b8d3d17f9d4b3da3549ff715fa764745cb5129ccc53009
                                        
                                            GET /_next/static/chunks/3493.e102016899dee344.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 00:44:13 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"1fe1f60389ad9fd611c6389ff6e2611e"
cache-control: public, max-age=31536000, immutable
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mSTFAB11R82Kdh2t4Lb09Lu5E_qJoM2VDewQKLm98Wn28LzbTKmLmA==
age: 25123
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2739
Md5:    e56f50f16d6ed460c00addc06b2ef6c5
Sha1:   03a95799412e6b1aeb746b610a50f53323e0fad0
Sha256: 75bceaeb01bb48ff51a651df856e51a7ae09ef61751a49d61822fc748634ffe5
                                        
                                            GET /bidder/cbs/filter.js HTTP/1.1 
Host: cdn.galattic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         95.110.203.212
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.20.1
Date: Wed, 07 Dec 2022 09:55:39 GMT
Content-Length: 424
Connection: keep-alive
Last-Modified: Wed, 03 Aug 2022 11:33:13 GMT
ETag: "2be-5e55499294238-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Cacheable: YES
cache-control: max-age=900
X-UnsetCookies: TRUE
X-Varnish: 145773547 587140619
Via: 1.1 varnish (Varnish/5.2)
age: 0
X-Cache: HIT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (337)
Size:   424
Md5:    7ce4858083c37871907f2f338f4371a0
Sha1:   1e0050323a2b1216eb0e9d2c0091ee91659a0503
Sha256: 8c6c7f84863db2932af068a41425b1532fa27df39688fdb0e016c336dfb74145
                                        
                                            GET /bidder/pm.v2.js HTTP/1.1 
Host: cdn.galattic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         95.110.203.212
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.20.1
Date: Wed, 07 Dec 2022 09:55:39 GMT
Content-Length: 5091
Connection: keep-alive
Last-Modified: Wed, 27 Jul 2022 12:40:52 GMT
ETag: "3642-5e4c8ba3332cf-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Cacheable: YES
cache-control: max-age=900
X-UnsetCookies: TRUE
X-Varnish: 151587886 482902296
Via: 1.1 varnish (Varnish/5.2)
age: 0
X-Cache: HIT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (537)
Size:   5091
Md5:    7b1ee989885daae551165c112a58d3b3
Sha1:   baa841b1efd1d200195d210ba5384d0e3707ed45
Sha256: f469628f6362b1dac4bd5b82394cceb85366ca1fe5346d2591ac21786d221bad
                                        
                                            GET /scripts/jquery.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 734
date: Wed, 07 Dec 2022 07:42:56 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: "8ffe2fe575d8d70031baae73f19cbaeb"
accept-ranges: bytes
server: AmazonS3
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CbApUR4OymtktVPidTI3CC2_9hy9gx0i3FvilXKaa5LXahN6tN36fg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   734
Md5:    8ffe2fe575d8d70031baae73f19cbaeb
Sha1:   c5afaec856ef45509bd5e9fda32c72ca62cbaf6d
Sha256: 3704ddc18365094439dcd2fbb36cbefec4e69c0b81c3dd6331d886984f29cab6
                                        
                                            GET /scripts/google_head.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 123
date: Wed, 07 Dec 2022 07:42:56 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: "f8c8167390a88fb75b4faac761c487e5"
accept-ranges: bytes
server: AmazonS3
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 51V4t5m-JXedlPCjq2z6GYZWAw0JWLZiFyYpv4LSqxycpjDXLf4A_g==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   123
Md5:    f8c8167390a88fb75b4faac761c487e5
Sha1:   ab257ec7e73a989a17553450985fcfd660be8e7a
Sha256: 1278654f4fa2f333df55a3f0ef92282fdfb657dd40b952e17c84f2372ef76727
                                        
                                            GET /scripts/google_rs_body.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 07:42:56 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"8d537ab256654672dd15b33bb8ac6eac"
server: AmazonS3
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XkkI4SvOEgZAxqpDboOfcGXFvypSm438WP74lprY5s6IdDzvaaq9uA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   28163
Md5:    517e0a68a2da5523d066b6847cd680db
Sha1:   8cf059228a361ef2ec277b7fc362ea3f4f060ee6
Sha256: c129e1651b7d7df35f9193315dbb968024297333e6ad003e06b036d1cdf85c2d
                                        
                                            GET /_next/image?url=%2Fassets%2Fhelpwire%2Flogo.png&w=96&q=75 HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 1502
server: CloudFront
date: Wed, 07 Dec 2022 07:42:56 GMT
cache-control: public, max-age=60
etag: "9FmRsAILy9Mf+1Ifcm1w1zw0V03eIVUtrNj7AFOhKJA="
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
x-cache: LambdaGeneratedResponse from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4hgbhr1FbTcEilhHAmTDHX0PgrLN2c39eizgk1U3CnToxM5WhzujjA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   1502
Md5:    496eacb1c842a860b2605faa05ae0140
Sha1:   fdc7453e70ea04ad9398e2ef803acf5f0dea7b18
Sha256: f45991b0020bcbd31ffb521f726d70d73c34574dde21552dacd8fb0053a12890
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /tag/js/gpt.js HTTP/1.1 
Host: www.googletagservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.34
HTTP/2 200 OK
content-type: text/javascript
                                        
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27564
date: Wed, 07 Dec 2022 07:42:56 GMT
expires: Wed, 07 Dec 2022 07:42:56 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1414 / 328 of 1000 / last-modified: 1670367953"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (40252)
Size:   27564
Md5:    9f220d7f24304047ffe2176bb485bc01
Sha1:   f91c90d658491f94e73dfc9855c47b8fa877dff6
Sha256: abfca8bf66c69e0e2136f9609c0ded21b387fdcef710b40618dee7ad4d070631
                                        
                                            GET /_next/static/chunks/9063-1bec776d34b6942e.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 00:44:14 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"4e505b655b165ba96b14f7a6ad8d06f9"
cache-control: public, max-age=31536000, immutable
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5qZRiJGtbyRm2zr3PxYtDbj9L5ovMy0Ql5OgFeR5NaxJ1qDZyvTHYw==
age: 25122
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   3515
Md5:    05a1aabb4e7b61b80cd5cfe978ebfe77
Sha1:   fd9d27be4249ec40175fa806dad732d5174b9ca2
Sha256: 34c27f740a2a00228f538b644663c51f175132046465c19db9cf0c1e9410b10b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /adsense/search/ads.js HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.228
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 07 Dec 2022 07:42:56 GMT
expires: Wed, 07 Dec 2022 07:42:56 GMT
cache-control: private, max-age=3600
etag: "6213113356093713992"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   54935
Md5:    c4ae411f5bf59f711d253ccbcaeba8aa
Sha1:   fa1e6bd898e519793bee68e106005ea5dc7e2006
Sha256: 9d8417d69f8a8dd0ebe9744c47b1ad3edf820d44cc1551651a9d13c0f83348da
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3855
Cache-Control: max-age=108633
Date: Wed, 07 Dec 2022 07:42:56 GMT
Etag: "638f3a4a-1d7"
Expires: Thu, 08 Dec 2022 13:53:29 GMT
Last-Modified: Tue, 06 Dec 2022 12:49:14 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/ppub_config?ippd=www.helpwire.com HTTP/1.1 
Host: securepubads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.helpwire.com
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.130
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
date: Wed, 07 Dec 2022 07:42:56 GMT
expires: Wed, 07 Dec 2022 07:42:56 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 53
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 07-Dec-2022 07:57:56 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   53
Md5:    dc3a0ef5da57705b1fe3d54ad354c65b
Sha1:   cc19b634ab794f0039560319bb7b0fc472999679
Sha256: f54b1818340e775893dcedbb70603f2475bc2b869414b49b323d9271676bc2be
                                        
                                            GET /scripts/fb.js?v=0 HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 07:42:57 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"e9075df74bdbf0956f03b84308a735d8"
server: AmazonS3
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: AsJcbQBbfs-nNxptxZGEcPb1JWWZOoXXPnicUywIk0ZCDlbCGAvUPA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64337)
Size:   133793
Md5:    314764c90e75707784e6b5508071a7d0
Sha1:   ead65f436f92cacbddcf040fc9889bc9c1dd534d
Sha256: b46622e143daafa11042f480c8fd8d9153b49df47b5784879d27bf086252fe28
                                        
                                            GET /scripts/productAdsScroll.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 07:42:57 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"315aa28ec31f4142831cef224bc0b74f"
server: AmazonS3
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: d569shbt-2xtU01RYe5ews37DooMrBxh-iLiFcQaqvybSm0FiBSM3Q==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   670
Md5:    53d05c701987257553c9c92c4d7396d8
Sha1:   78c2e756296a713826ecc1c6c98e761235ed5d1f
Sha256: 018da9921c8e21b8d2645ca0657817273f79ab65648777593dc5a97563001d0e
                                        
                                            GET /en_US/fbevents.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: HM+UuCfS/2JUkzaXIJiFGdlAqOlCN/IAe06/uNEb+43JATQ4Lek+DniiyIsr7fWHGQ3dYmZoJauFz8mjY8riZg==
priority: u=3,i
content-length: 27340
x-fb-trip-id: 1904183273
date: Wed, 07 Dec 2022 07:42:56 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64348)
Size:   27340
Md5:    44ecaa3c2a4929a40141edc4540aaf84
Sha1:   f29a573182333b2500d41bfc389d6c5232dfb348
Sha256: 6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3855
Cache-Control: max-age=108633
Date: Wed, 07 Dec 2022 07:42:56 GMT
Etag: "638f3a4a-1d7"
Expires: Thu, 08 Dec 2022 13:53:29 GMT
Last-Modified: Tue, 06 Dec 2022 12:49:14 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /gampad/cookie.js?domain=www.helpwire.com&client=partner-helpwire-content-4&product=SAS&callback=__sasCookie HTTP/1.1 
Host: partner.googleadservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.226
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 07 Dec 2022 07:42:56 GMT
server: cafe
cache-control: private
content-length: 180
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   180
Md5:    2a2cb415c34fa0afec9d58c8137cdcde
Sha1:   5b60b3a555a74df2fd6d429ca57853ee424aba08
Sha256: 636fdbae876ab3e6c0db038c6f26cde412448aea38514384f866d3dde8f27cab
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=Roboto&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Dec 2022 07:42:56 GMT
date: Wed, 07 Dec 2022 07:42:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1 
Host: afs.googleusercontent.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.225
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 03:03:04 GMT
expires: Thu, 08 Dec 2022 02:03:04 GMT
cache-control: public, max-age=82800
age: 16792
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size:   174
Md5:    4de8b85c8915995b571bde50e231be7c
Sha1:   29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
Sha256: 2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
                                        
                                            GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23fce8b2 HTTP/1.1 
Host: afs.googleusercontent.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.225
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 273
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 22:34:13 GMT
expires: Wed, 07 Dec 2022 21:34:13 GMT
cache-control: public, max-age=82800
age: 32923
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Size:   273
Md5:    e3279c6d5fa9ce038a2f9035f7131494
Sha1:   67f33a60f04ceb99b1dcf3958eeff5c726531a8d
Sha256: 2145830c0b63bffb4b0417cb9ac3974e42c1e30621f5d728149b3437aa28e7c0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.35
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 562142
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /assets/helpwire/favicon.ico HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
                                        
content-length: 17798
date: Wed, 07 Dec 2022 07:42:57 GMT
last-modified: Wed, 07 Dec 2022 00:38:34 GMT
etag: "8c88e3b6919c49409bd9744ee68c5511"
cache-control: public, max-age=31536000, must-revalidate
accept-ranges: bytes
server: AmazonS3
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bnNNUJsh7Ah5nqAF4k_siVC1gP7tcr-2Jy5LbhMyy3DdAS-3Kn0JTg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 4 icons, 16x16, 8 bits/pixel, 24x24, 32 bits/pixel\012- data
Size:   17798
Md5:    8c88e3b6919c49409bd9744ee68c5511
Sha1:   70c07b82f79743ca83711009dc42985580b078fe
Sha256: e676a7382a18b26fe268599dbd08bfd5380eafd20042f544b25d00df10a35f09
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 07:42:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   86450
Md5:    160f7abeebb3dd7dd10cc516d892a212
Sha1:   9dda0940c98be94a5fef9d80c66e9bbd256e4ee1
Sha256: 4438a74afb7e7e32fd03db968bc651d4f811f6578273403ad14fd3e3813dc3c4
                                        
                                            GET /tr/?id=1741246512876651&ev=PageView&dl=https%3A%2F%2Fwww.helpwire.com%2Farticles%2Feasy-home-improvement%3Fq%3DVeeam%2520Ransomware%2520Protection%26src%3Dmg%26gch%3DT0000012%26visitor_id%3D624261141501321669%26target_id%3D3647676%26campaign_id%3D6397242%26link_key%3D044b19c4909988c1a51b958aa7e2bfdd&rl=&if=false&ts=1670398976712&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670398976712.793302210&it=1670398976533&coo=false&dpo=LDU&dpoco=0&dpost=0&tm=1&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 07 Dec 2022 07:42:57 GMT
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2374
Cache-Control: max-age=104270
Date: Wed, 07 Dec 2022 07:42:57 GMT
Etag: "638f2f09-117"
Expires: Thu, 08 Dec 2022 12:40:47 GMT
Last-Modified: Tue, 06 Dec 2022 12:01:13 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /scripttemplates/6.32.0/otBannerSdk.js HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.149.64
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 07:42:57 GMT
content-length: 81095
content-encoding: gzip
content-md5: ryfZhYsqLisJEnBsOqgVsQ==
last-modified: Fri, 18 Mar 2022 16:29:23 GMT
etag: 0x8DA08FC76466F7A
x-ms-request-id: 4e03c84a-e01e-0031-75f4-3a8331000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 21171
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 775ba0a6ea1cb50b-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65455)
Size:   81095
Md5:    af27d9858b2a2e2b0912706c3aa815b1
Sha1:   10c1fa093e80cbcb3ba39b8e54e934b37cb3aa57
Sha256: a736527d6f80163a1b0ec8f7f8a2902c7005b4ec61fce5295d9612df48a72d06
                                        
                                            GET /consent/87c26e94-acc3-41b3-85ed-3c9e1e798677/db9a8bfb-f407-4613-87a1-5679f28a722a/en.json HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.helpwire.com/
Origin: https://www.helpwire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.149.64
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Wed, 07 Dec 2022 07:42:57 GMT
content-length: 13391
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: +jcY3zr9bndpLkQ52v2fQw==
last-modified: Tue, 27 Sep 2022 17:18:58 GMT
etag: 0x8DAA0AC5CF2AD31
x-ms-request-id: ceb7e151-301e-00ff-4795-d2e57e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 7656
expires: Thu, 08 Dec 2022 07:42:57 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 775ba0a76df9b51d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (50338), with no line terminators
Size:   13391
Md5:    fa3718df3afd6e77692e4439dafd9f43
Sha1:   7948e94914845712bfcde422358430aa7f802b2f
Sha256: 773000749ff033354710f616a152ee9c13cc6004e08dcd883fc114815716d675
                                        
                                            GET /scripttemplates/6.32.0/assets/otFloatingRoundedCorner.json HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.helpwire.com/
Origin: https://www.helpwire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.149.64
HTTP/2 200 OK
content-type: application/json
                                        
date: Wed, 07 Dec 2022 07:42:57 GMT
content-length: 2565
content-encoding: gzip
content-md5: socGP4QnjnoZ3QOM3y7Ztg==
last-modified: Fri, 18 Mar 2022 16:29:16 GMT
etag: 0x8DA08FC71DCDA25
x-ms-request-id: aab9ca01-701e-00da-19b4-567dcd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 2651
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 775ba0a78e29b51d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (7860)
Size:   2565
Md5:    b287063f84278e7a19dd038cdf2ed9b6
Sha1:   ad982f153b4e3fab6f0a33714d7ba60fc963c5f0
Sha256: aafb5e4fd2ee23d7b06bbdbd0be1c00ca7f804fb29e9171f2a97995e3644bb36
                                        
                                            GET /_next/static/chunks/pages/articles/%5Bslug%5D-8d887ec3c4fe42a8.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 00:44:14 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"e15eeefc27e2f5e37f3cbb8759623c5b"
cache-control: public, max-age=31536000, immutable
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ppKrBnKqam4wCB6viN83a2CMiXo5kINzi7j1-0RbJF5yEBu_NvXd7A==
age: 25122
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (36232)
Size:   13197
Md5:    16409e32d67ca833c181aedcc8fc8b95
Sha1:   86c182d564bcba7f5fb423e1fd12b7dcc8acf48c
Sha256: 8ae4951e9fa6f8ff832f6e7d6b8159b78959508d695bdc362f5727ffcd157525
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6483
Cache-Control: max-age=148689
Date: Wed, 07 Dec 2022 07:43:00 GMT
Etag: "638fcc83-118"
Expires: Fri, 09 Dec 2022 01:01:09 GMT
Last-Modified: Tue, 06 Dec 2022 23:13:07 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /logos/static/poweredBy_ot_logo.svg HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.149.64
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Wed, 07 Dec 2022 07:42:57 GMT
content-md5: LpuayL42jB78xRllx0vkOw==
last-modified: Tue, 06 Dec 2022 07:45:20 GMT
x-ms-request-id: 89c12fbb-201e-0101-31d9-099f4e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 21201
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 775ba0a7fb77b50b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_next/static/chunks/main-b9cb64723e338c4c.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 00:44:14 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"2fb1f137ee1b94f6d707d0e5bb718d68"
cache-control: public, max-age=31536000, immutable
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9JDx2GhjWjYjQySKgvcyCZqMsGdgn_X6VABNneyXl_7HzkSXlIvkUw==
age: 25122
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_next/static/chunks/2121-4fe4ce6739beb5e7.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 00:44:14 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"df06edd9f2d58887377191e1def2d748"
cache-control: public, max-age=31536000, immutable
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ldQmg0vPYzDPUSZEQBI_FfYaI05J3i0ej8AZOZt5BAa7FB9BSLpGqA==
age: 25122
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_next/static/AwjeBsmdDVNGYeOtHruZM/_buildManifest.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 00:44:14 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"58ae92e18213cfd5cd715261c7a63634"
cache-control: public, max-age=31536000, immutable
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NgOcukqXJc-SLciCbMAKaGLcmYt2lhVz9J4qGySXJJ0DzMwohSgVtw==
age: 25122
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: CloudFront
date: Wed, 07 Dec 2022 07:42:55 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: public, max-age=600, s-maxage=1200, stale-while-revalidate=60
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: PHP 8.1.2
set-cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}; path=/; secure; httponly
etag: W/"zzpuq16x60xf0"
content-encoding: gzip
vary: Accept-Encoding
x-cache: LambdaGeneratedResponse from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1hecoj4ACe3eTbrI_oCJGfZ8YKI3y_Ek9nsGxwYZpa2u6GMELrXtsA==
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_next/static/chunks/webpack-6bf17bd08c9c0c1f.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 00:44:14 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"6352db52f27a8ed05afa440d06cfbe9e"
cache-control: public, max-age=31536000, immutable
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TvP_c5EfEv8cJETtcR-xmGuTy9irm7I4SKPzAtzOg3o4e2dhIEHqlA==
age: 25122
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_next/static/chunks/framework-a661be0ab3977016.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 00:44:14 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"42969190930a47add78d0553ad3decd6"
cache-control: public, max-age=31536000, immutable
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ttPunI1sYZxrHsyQ8Vwm4SVjaup1ezbe5OTmyrAdZX01q-OHQIId5g==
age: 25122
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_next/static/chunks/pages/_app-ae91de5da9f4357b.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 00:44:14 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"63a86bcb0a35020870cc81256fbc1581"
cache-control: public, max-age=31536000, immutable
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dwQ9Ast4jNILiIIzkW5bba-xhN30pfg0uGEFwXlGxUnIiwKYQ417Pg==
age: 25122
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /cookieconsentpub/v1/geo/location HTTP/1.1 
Host: geolocation.onetrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.helpwire.com
Connection: keep-alive
Referer: https://www.helpwire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.18.27.85
HTTP/2 200 OK
content-type: application/json
                                        
date: Wed, 07 Dec 2022 07:42:57 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 775ba0a6b99bb4f4-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /scripttemplates/6.32.0/assets/otCommonStyles.css HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.helpwire.com/
Origin: https://www.helpwire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.149.64
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 07 Dec 2022 07:42:57 GMT
content-md5: SHFDtZO2nDZuiPDW83p1IQ==
last-modified: Fri, 18 Mar 2022 16:29:27 GMT
x-ms-request-id: 27c0e757-101e-00a7-5d44-66e105000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 2651
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 775ba0a79e2eb51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name} HTTP/1.1 
Host: respectphonesecurity.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         188.114.97.1
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Wed, 07 Dec 2022 07:42:52 GMT
last-modified: Thu, 05 May 2022 04:35:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KEhgQY%2FV8%2FR6WrGkJ6c6ybDSMY6sL3zikqibYUmnQZIQFbzT3lmwelK49Mf5bKIQ3atzY15H256GVeCbbmMtlFZI0hUGqxyZGCPGepMq2mrDYPdj6ldEEEfl2AeP6ZSBBszL7p04W7YXflo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775ba085593fb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /redirect?target=BASE64aHR0cHM6Ly9vdWhhc3RheS5uZXQvYWZ1LnBocD96b25laWQ9MzY0NzY3Ng&ts=1670398973303&hash=aRCcCJyQ2ztxXlte2zXYyXn7VYRiQgSd53WZP3GT6jw&rm=D HTTP/1.1 
Host: track.profitableredirect.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: e69b0e43-f199-496b-87cc-2daa322bb681-v4=E1xQBSu3KM7VjtBsVdfFfYKA67Glt68F12cHRib7GDU; cc-v4=zrH2QyTqgzLqbn1mfYxa9kFQjt%2FNNmeeNueZpuCNj9kPUB%2B0n4MoJ2yA%2F3fLjREowmkFK%2B4XVCLdF3BlBwFx8pg9kaQRYFtTpn2o711YoM7FLwlRxbYfTmlYEqXSsuVALzirdv%2FQqIrSjKs2H7vGVw%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         18.192.108.151
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
                                        
server: nginx
date: Wed, 07 Dec 2022 07:42:53 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /afu.php?zoneid=3647676 HTTP/1.1 
Host: ouhastay.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         139.45.197.239
HTTP/2 200 OK
content-type: text/html; charset=utf8
                                        
server: nginx
date: Wed, 07 Dec 2022 07:42:53 GMT
x-trace-id: a5d42d14862f65da1f6de75db6d1495f
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=b4274568db4a42fb9a56e9d6e0890c4e; expires=Thu, 07 Dec 2023 07:42:53 GMT; path=/; secure; SameSite=None oaidts=1670398973; expires=Thu, 07 Dec 2023 07:42:53 GMT; path=/; secure; SameSite=None syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /redir?page=aHR0cHM6Ly93d3cuaGVscHdpcmUuY29tL2FydGljbGVzL2Vhc3ktaG9tZS1pbXByb3ZlbWVudD9xPVZlZWFtK1JhbnNvbXdhcmUrUHJvdGVjdGlvbiZzcmM9bWcmZ2NoPVQwMDAwMDEyJnZpc2l0b3JfaWQ9JTI0JTdCU1VCSUQlN0QmdGFyZ2V0X2lkPSU3QnpvbmVpZCU3RCZjYW1wYWlnbl9pZD0lN0JjYW1wYWlnbmlkJTdEJmxpbmtfa2V5PTA0NGIxOWM0OTA5OTg4YzFhNTFiOTU4YWE3ZTJiZmRk&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd&rdk=rk3 HTTP/1.1 
Host: revpu.sh
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         139.162.186.41
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
server: nginx
location: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
cache-control: no-cache, private
date: Wed, 07 Dec 2022 07:42:50 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_next/static/css/8f57e9c85b5d5070.css HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 07 Dec 2022 00:44:12 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"dcb484010de231dc283a4396d33734d0"
cache-control: public, max-age=31536000, immutable
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pbVhFpJGWihSKpy_2-VbnLVrQChNDlL73JgBLK3COMZAYk4Klt110w==
age: 25124
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_next/static/chunks/2489-8969c03bb192615f.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 00:44:13 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"91e4cc118694d429f40b290fabc6c486"
cache-control: public, max-age=31536000, immutable
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yIpplxFm2q2L7TglWRloFWSvOkLF7LpjgiwFkpiazoWff3e1SW7NvA==
age: 25123
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /scripts/google_body.js HTTP/1.1 
Host: www.helpwire.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.helpwire.com/articles/easy-home-improvement?q=Veeam%20Ransomware%20Protection&src=mg&gch=T0000012&visitor_id=624261141501321669&target_id=3647676&campaign_id=6397242&link_key=044b19c4909988c1a51b958aa7e2bfdd
Cookie: np_data_cookie={"src":"mg","site":"helpwire","tt":"T0000000","q":"Veeam Ransomware Protection","gch":"T0000012","usx":"2ae3f64b-944a-4e6a-bc87-5aa341250e0e","htc":"07122022-12121559fd67a700c75346ccc1df09f67a34f9"}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.93
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 07 Dec 2022 07:42:56 GMT
last-modified: Wed, 07 Dec 2022 00:38:33 GMT
etag: W/"bc241cfddb77e291a3781f1946b1796e"
server: AmazonS3
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QqWxhy6qLYKlc-fwrNn4n7JNC6C95-XYX0nQCnXGj2r6uxpqbSv8Tw==
X-Firefox-Spdy: h2


--- Additional Info ---