Submitted URL: http://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Effective URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Submission: On August 30 via manual from DK — Scanned from DK

Summary

This website contacted 14 IPs in 4 countries across 11 domains to perform 107 HTTP transactions. The main IP is 2606:4700:3033::ac43:d3a2, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.helminfosec.com.
TLS certificate: Issued by GTS CA 1P5 on August 15th 2022. Valid for: 3 months.
This is the only time www.helminfosec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
58 parastorage.com
static.parastorage.com — Cisco Umbrella Rank: 5412
siteassets.parastorage.com — Cisco Umbrella Rank: 5652
1 MB
19 wix.com
frog.wix.com — Cisco Umbrella Rank: 5066
5 KB
7 helminfosec.com
www.helminfosec.com
297 KB
4 wixapps.net
engage.wixapps.net — Cisco Umbrella Rank: 12625
12 KB
4 wixstatic.com
static.wixstatic.com — Cisco Umbrella Rank: 5096
14 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 54
www.googleapis.com — Cisco Umbrella Rank: 47
2 KB
3 pinterest.com
assets.pinterest.com — Cisco Umbrella Rank: 2685
log.pinterest.com — Cisco Umbrella Rank: 3654
19 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 158
131 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 111
315 B
2 gstatic.com
fonts.gstatic.com
44 KB
1 firebaseio.com
wix-engage-visitors-prod-15.firebaseio.com — Cisco Umbrella Rank: 154861
320 B
107 11
Domain Requested by
54 static.parastorage.com www.helminfosec.com
static.parastorage.com
engage.wixapps.net
19 frog.wix.com www.helminfosec.com
static.parastorage.com
7 www.helminfosec.com 1 redirects www.helminfosec.com
static.parastorage.com
4 engage.wixapps.net static.parastorage.com
4 static.wixstatic.com www.helminfosec.com
4 siteassets.parastorage.com www.helminfosec.com
3 connect.facebook.net www.helminfosec.com
connect.facebook.net
2 www.googleapis.com static.parastorage.com
2 assets.pinterest.com static.parastorage.com
assets.pinterest.com
2 www.facebook.com www.helminfosec.com
2 fonts.gstatic.com www.helminfosec.com
static.parastorage.com
1 wix-engage-visitors-prod-15.firebaseio.com static.parastorage.com
1 log.pinterest.com www.helminfosec.com
1 fonts.googleapis.com static.parastorage.com
107 14

This site contains links to these domains. Also see Links.

Domain
blueteamcon.com
www.facebook.com
twitter.com
www.linkedin.com
Subject Issuer Validity Valid
*.helminfosec.com
GTS CA 1P5
2022-08-15 -
2022-11-13
3 months crt.sh
*.wix.com
Sectigo RSA Domain Validation Secure Server CA
2022-05-16 -
2022-11-12
6 months crt.sh
*.parastorage.com
Sectigo RSA Domain Validation Secure Server CA
2022-05-16 -
2022-11-12
6 months crt.sh
*.wixstatic.com
Sectigo RSA Domain Validation Secure Server CA
2022-04-30 -
2022-10-27
6 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-08-08 -
2022-10-31
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-06-08 -
2022-09-06
3 months crt.sh
*.pinterest.com
DigiCert TLS RSA SHA256 2020 CA1
2022-08-01 -
2023-08-08
a year crt.sh
*.wixapps.net
Sectigo RSA Domain Validation Secure Server CA
2022-04-27 -
2022-10-24
6 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-08-08 -
2022-10-31
3 months crt.sh
*.us-central1.firebasedatabase.app
GTS CA 1D4
2022-08-02 -
2022-10-31
3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Frame ID: 6B0868CA7BA16DDBBC7446FA89410B17
Requests: 81 HTTP requests in this frame

Frame: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Frame ID: 8A10B42A18D519C077AE8D656D515574
Requests: 28 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: DB055EA76BDF5D8264EA237EF0EBCA17
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Easy Playbooks to Make Ransomware Criminals Cry

Page URL History Show full URLs

  1. http://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry HTTP 301
    https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • static\.parastorage\.com

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • require.*\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • lodash.*\.js

Overall confidence: 100%
Detected patterns
  • moment(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • //assets\.pinterest\.com/js/pinit\.js

Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js

Page Statistics

107
Requests

98 %
HTTPS

62 %
IPv6

11
Domains

14
Subdomains

14
IPs

4
Countries

1640 kB
Transfer

5847 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry HTTP 301
    https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

107 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request easy-playbooks-to-make-ransomware-criminals-cry
www.helminfosec.com/post/
Redirect Chain
  • http://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
  • https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
773 KB
127 KB
Document
General
Full URL
https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:d3a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ce5fa3d2d339b2ffd43388e9e10a4952a0a610cd49cadd13ab67ed9b80031b6
Security Headers
Name Value
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
da-DK,da;q=0.9

Response headers

age
27859
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private,max-age=0,must-revalidate
cf-cache-status
DYNAMIC
cf-ray
742d990f2d599b4c-FRA
content-encoding
br
content-language
en-US
content-type
text/html; charset=UTF-8
date
Tue, 30 Aug 2022 12:40:57 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
link
<https://static.parastorage.com/>; rel=preconnect; crossorigin;,<https://static.parastorage.com/>; rel=preconnect;,<https://fonts.gstatic.com>; rel=preconnect; crossorigin;,<https://static.wixstatic.com/>; rel=preconnect; crossorigin;,<https://static.wixstatic.com/>; rel=preconnect;,<https://siteassets.parastorage.com>; rel=preconnect; crossorigin;,
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1tSLNw5p%2BZULRF1uai6TxkCulM%2FI7BkHQb%2By3guyl5xd3%2FW8BtiVBKNHTDvE8iQVfezQV2FupgPlLrT2MHB6fj2n34fJb0Dyev8D8zSmROh8fBOcrzqt3NyGElUiMFmwDJIAef4IF54MkfUJ%2Bmjb1CbF"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cache;desc=hit, varnish;desc=hit, dc;desc=euw3
strict-transport-security
max-age=3600
vary
Accept-Encoding
x-content-type-options
nosniff
x-seen-by
sHU62EDOGnH2FBkJkG/Wx8EeXWsWdHrhlvbxtlynkVi/p8x2vQazP+ZzbdlgXQmT,qquldgcFrj2n046g4RNSVJu5ErIsUmUN39d9jOoRfIY=,2d58ifebGbosy5xc+FRalkNeIQcbZGvonZXB+iPtbDeMJ45p1sN3p2VsYh52cBELGLC2TD/UgrnlY2mEQHTqy/GPQpilXhVhVHKK5gHOR3w=,2UNV7KOq4oGjA5+PKsX47GTyisN7iVCrYEwBeRKnkmpYgeUJqUXtid+86vZww+nL
x-wix-request-id
1661863257.48154415249132752

Redirect headers

Age
0
CF-Cache-Status
DYNAMIC
CF-RAY
742d990dc9d4923b-FRA
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Date
Tue, 30 Aug 2022 12:40:57 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ZoZfRZu099%2BbAQp5i2UJXsqa9CaCTmOgPOqyLVUxhWdQ3NJqUm5ilZw3%2BFXiFGdgoupTtCzSZsE8b%2F3ds%2B4mgj%2BHyOoKOFYOa4CnDBP7hO8j%2FTn5Ge%2FUT2%2BwACivMcTffYjtG6ZblMsuPteNtD5V2rA"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Server-Timing
cache;desc=miss, varnish;desc=miss, dc;desc=euw3
X-Content-Type-Options
nosniff
X-Seen-By
sHU62EDOGnH2FBkJkG/Wx8EeXWsWdHrhlvbxtlynkViDJy0wWxs/TI/sjvPYKzcz,qquldgcFrj2n046g4RNSVD9afXLLL4YLJMcUpB+/QLk=,2d58ifebGbosy5xc+FRalk15iIiCV8JB58FUztjN0aKmnIxG6OCPV9J0M3Xqyw3Ojoe2GMQJ/MdiMK4Y/vI700A3rLd+/FuFMBMImeairPw=,2UNV7KOq4oGjA5+PKsX47GTyisN7iVCrYEwBeRKnkmpYgeUJqUXtid+86vZww+nL,7npGRUZHWOtWoP0Si3wDp/72pZ88lRdKSO4Qopy8RuU=,xTu8fpDe3EKPsMR1jrheEHIZ7AzDVCKzYGvAdHCwn4Q=,7qRhWu5NOm1hVs7o3HvocK/sRn4XNMduY10bmsq+tM2X3xKcNUTLenFDIXPsigXYSYblWJ1+I4NCiXX+q5JMPA==
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
location
https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
strict-transport-security
max-age=3600
x-wix-request-id
1661863257.26183676951110067
bolt-performance
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/bolt-performance?src=72&evid=21&appName=thunderbolt&is_rollout=0&is_sav_rollout=0&is_dac_rollout=0&dc=84&is_cached=true&msid=03d335bf-064f-438c-8863-fee14f7e7b64&session_id=180c76f9-db55-492f-b501-2a7edd1565e7&ish=true&isb=true&isbr=plugins-extra&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250&caching=hit,hit&pv=visible&pn=1&v=1.10845.0&url=https%3A%2F%2Fwww.helminfosec.com%2Fpost%2Feasy-playbooks-to-make-ransomware-criminals-cry&st=2&ts=3&tsn=421
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:40:57 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
dynamicmodel
www.helminfosec.com/_api/v2/
27 KB
10 KB
Fetch
General
Full URL
https://www.helminfosec.com/_api/v2/dynamicmodel
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:d3a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a978592c9af8e975e0b0835248249caf16a8492d064daa51bd49670603b87f04
Security Headers
Name Value
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 12:40:57 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
51611
server-timing
cache;desc=hit, varnish;desc=hit, dc;desc=euw3
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-wix-request-id
1661863257.59454415249232752
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3b97XjldGZILttFR8CHg6JeL8fcR55mlnWBWcF16lEIAW%2BaFHE3I3zmCtBKFEJYw7HEzMac6jjbawKzg0uvbY5yLxC8bpxb1klAdWUjURJACNUg%2BdnR12QbHtK9uZdVFfZbPIu1Z4ul%2FWDYtiWMTNWhL"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
no-cache, no-store
cf-ray
742d990fee939b4c-FRA
x-seen-by
sHU62EDOGnH2FBkJkG/Wx8EeXWsWdHrhlvbxtlynkVi/p8x2vQazP+ZzbdlgXQmT,qquldgcFrj2n046g4RNSVD9afXLLL4YLJMcUpB+/QLk=,2d58ifebGbosy5xc+FRalgvmkw0hMevmiK4dSW/D7ZlPmkoQ91JBglRLqUaHG/kcjoe2GMQJ/MdiMK4Y/vI7079gqgIaHTKBBXoMK1J8hHQ=,2UNV7KOq4oGjA5+PKsX47F5jMLVr16cVhIB31+65vJdYgeUJqUXtid+86vZww+nL
bt
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/bt?src=29&evid=3&viewer_name=thunderbolt&caching=hit,hit&dc=84&et=1&event_name=Init&is_cached=true&is_platform_loaded=0&is_rollout=0&ism=1&isp=0&isjp=true&ita=1&msid=03d335bf-064f-438c-8863-fee14f7e7b64&pn=1&sessionId=180c76f9-db55-492f-b501-2a7edd1565e7&siterev=238-__siteCacheRevision__&st=2&ts=9&tts=427&url=https%3A%2F%2Fwww.helminfosec.com%2Fpost%2Feasy-playbooks-to-make-ransomware-criminals-cry&v=1.10845.0&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250&_brandId=wix
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:40:57 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
thunderbolt-commons.28da9f19.bundle.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
86 KB
26 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/thunderbolt-commons.28da9f19.bundle.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
ec84bf9b313609a2fe108f2ebbe53c8c3387d226bdba1fa11b020a4fa2b9ec35

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 07:39:15 GMT
content-encoding
br
age
363702
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
25385
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661499554.6873561913734229320
last-modified
Fri, 26 Aug 2022 07:30:13 GMT
server
Pepyaka/1.19.10
etag
W/"96981c9cb7805207cc999652def8bbac"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
820416997
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
OTfyLlVoBDrEHPKW9AXWpEnV5hYheFW_uQ2Xp41kMWGmgPyJVDFXYA==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchsyoANA5L58iE/4UOTdE0x,aVxMblM8KFG3we5NLvyVcyc3RE2AEtYWQGVQ/2ywuOgeGdLDLXwpLd0CTVHPbfOd,2iuX5LYwvZa9CoGaG8ZUZu5XlfJc81bg/9yqD5g4dYTkTYnbrpxTuT84TvL9JpCC
main.418fdbe3.bundle.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
170 KB
43 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/main.418fdbe3.bundle.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
45ce4ec4042301a5917e724c064a23b8d8f75059c9894bacfe24958c4dc9343e

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 28 Aug 2022 14:45:05 GMT
content-encoding
br
age
165352
x-cache-status
MISS
x-cache
Hit from cloudfront
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661697905.3725920070860215983
last-modified
Sun, 28 Aug 2022 14:41:41 GMT
server
Pepyaka/1.19.10
etag
W/"a7f8041ac7983828dce65451ff818d00"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
954947692
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
Wwgkx6cqIV6YDjolYGd-d4BkV9aw2AGZV0v25VCosfwq-cQcW0JZBg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjR6IMkIgDN3dKWLSNjYj0d,aVxMblM8KFG3we5NLvyVczEbmANe8Bb4VBvfNWC6jxEeGdLDLXwpLd0CTVHPbfOd,2iuX5LYwvZa9CoGaG8ZUZsMbFSTOpUHonIrLzl1g5Xz2/bD/Vcz2Ufp16H98KP6X
lodash.min.js
static.parastorage.com/unpkg/lodash@4.17.21/
71 KB
26 KB
Script
General
Full URL
https://static.parastorage.com/unpkg/lodash@4.17.21/lodash.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
a9705dfc47c0763380d851ab1801be6f76019f6b67e40e9b873f8b4a0603f7a9

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 02 Jun 2022 02:58:30 GMT
content-encoding
gzip
age
7764927
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
25896
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1654138710.3821036784745114781
last-modified
Sun, 21 Feb 2021 02:37:42 GMT
server
Pepyaka/1.19.10
etag
W/"9becc40fb1d85d21d0ca38e2f7069511"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
850806090 825071691
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
l2rECRB-7qhcrJGxt5UyldNArr670hLro9XY7Ye4r4pNuLb6MYxqjQ==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciuywJq1k3i9boDUht6MLw5,aVxMblM8KFG3we5NLvyVc1jYNdX5iXQWX+OiINkuR/e8ZDY613cHYLbuhNMgAom1
react.production.min.js
static.parastorage.com/unpkg/react@16.14.0/umd/
12 KB
6 KB
Script
General
Full URL
https://static.parastorage.com/unpkg/react@16.14.0/umd/react.production.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
5cef9367d2bcaba25b74d20e0e139d2cf900e9123e5fde26101aee7f40f6b5cf

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 05:08:45 GMT
content-encoding
gzip
age
1141725
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
4896
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1660799325.7545353066808115983
last-modified
Thu, 15 Oct 2020 02:11:22 GMT
server
Pepyaka/1.19.10
etag
W/"63d498e143f421cc44dfb64f22fef270"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
512409259 469642824
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
jcL5XNPhr3YiG7pEAaPlJ7MxDNhVjpksy_qlnZ1luA5uQDj4SEYciQ==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjR6IMkIgDN3dKWLSNjYj0d,aVxMblM8KFG3we5NLvyVczEbmANe8Bb4VBvfNWC6jxEeGdLDLXwpLd0CTVHPbfOd
thunderbolt
siteassets.parastorage.com/pages/pages/
0
2 KB
Other
General
Full URL
https://siteassets.parastorage.com/pages/pages/thunderbolt?appDefinitionIdToSiteRevision=%7B%2214bcded7-0066-7c35-14d7-466cb3f09103%22%3A%22222%22%7D&beckyExperiments=specs.thunderbolt.responsiveAbsoluteChildrenPosition%3Atrue%2Cspecs.thunderbolt.containersList%3Atrue%2Cspecs.thunderbolt.DatePickerPortal%3Atrue%2Cspecs.thunderbolt.SearchBoxSuggestionsFacelift%3Atrue%2Cspecs.thunderbolt.loadHighQualityImagesAboveFold%3Atrue%2Cspecs.thunderbolt.loadFirstNFonts%3A3%2Cspecs.thunderbolt.new_responsive_layout%3Atrue%2Cspecs.thunderbolt.maskImageCSS%3Atrue%2Cspecs.thunderbolt.chat_landing_page%3Atrue&contentType=application%2Fjson&dfCk=6&dfVersion=1.1581.0&excludedSafariOrIOS=false&experiments=bv_remove_add_chat_viewer_fixer%2Cdm_migrateToTextTheme&externalBaseUrl=https%3A%2F%2Fwww.helminfosec.com&fileId=f3d99277.bundle.min&hasTPAWorkerOnSite=false&isHttps=true&isInSeo=false&isPremiumDomain=true&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&metaSiteId=03d335bf-064f-438c-8863-fee14f7e7b64&module=thunderbolt-platform&originalLanguage=en&pageId=a87960_696e4effce8618b70e9a47901c1cfc23_238.json&quickActionsMenuEnabled=false&registryLibrariesTopology=%5B%7B%22artifactId%22%3A%22editor-elements%22%2C%22namespace%22%3A%22wixui%22%2C%22url%22%3A%22https%3A%2F%2Fstatic.parastorage.com%2Fservices%2Feditor-elements%2F1.9477.0%22%7D%2C%7B%22artifactId%22%3A%22editor-elements%22%2C%22namespace%22%3A%22dsgnsys%22%2C%22url%22%3A%22https%3A%2F%2Fstatic.parastorage.com%2Fservices%2Feditor-elements%2F1.9477.0%22%7D%5D&remoteWidgetStructureBuilderVersion=1.233.0&siteId=835fd9f3-4642-481c-b8fe-e59aa09d721e&siteRevision=238&viewMode=desktop
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:dc00:c:68f7:80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Pepyaka/1.19.10 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 12:40:57 GMT
via
1.1 varnish (Varnish/6.0), 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
x-cache
Miss from cloudfront
content-encoding
gzip
content-length
758
timing-allow-origin
*
x-wix-request-id
1661863257.84760116183085815983
server
Pepyaka/1.19.10
etag
W/"77c-UTxviVQ3NKKLD5DH1xL4aMXNt+8"
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
551788533 36645282
access-control-allow-origin
*
access-control-expose-headers
age,via,x-cache-status,X-cache-status
cache-control
public, max-age=7776000, immutable
accept-ranges
bytes
content-type
application/json; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
-U_6fwJ9B8CGduNBLZ2i63sKKts0f9z3X1yktLqa4qpB8Z19X-Nhwg==
x-seen-by
2iuX5LYwvZa9CoGaG8ZUZjb5j8fWnvnycWNmjdvR375iK9ipUuWu57EktsrV6pBx,/SoSYmefJLK2hiZpy2XaYlN1tYMUtM33SkDcJDaLDqlbQMcdx08Kd2I0rfB3g7tfvGQ2Otd3B2C27oTTIAKJtQ==,ZUT6NeJ/NsDmQ9DMGnwT1O7YVPq5DUbij1uS7En5XzgeGdLDLXwpLd0CTVHPbfOd
thunderbolt
siteassets.parastorage.com/pages/pages/
0
1 KB
Other
General
Full URL
https://siteassets.parastorage.com/pages/pages/thunderbolt?appDefinitionIdToSiteRevision=%7B%2214bcded7-0066-7c35-14d7-466cb3f09103%22%3A%22222%22%7D&beckyExperiments=specs.thunderbolt.responsiveAbsoluteChildrenPosition%3Atrue%2Cspecs.thunderbolt.containersList%3Atrue%2Cspecs.thunderbolt.DatePickerPortal%3Atrue%2Cspecs.thunderbolt.SearchBoxSuggestionsFacelift%3Atrue%2Cspecs.thunderbolt.loadHighQualityImagesAboveFold%3Atrue%2Cspecs.thunderbolt.loadFirstNFonts%3A3%2Cspecs.thunderbolt.new_responsive_layout%3Atrue%2Cspecs.thunderbolt.maskImageCSS%3Atrue%2Cspecs.thunderbolt.chat_landing_page%3Atrue&contentType=application%2Fjson&dfCk=6&dfVersion=1.1581.0&excludedSafariOrIOS=false&experiments=bv_remove_add_chat_viewer_fixer%2Cdm_migrateToTextTheme&externalBaseUrl=https%3A%2F%2Fwww.helminfosec.com&fileId=f3d99277.bundle.min&hasTPAWorkerOnSite=false&isHttps=true&isInSeo=false&isPremiumDomain=true&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&metaSiteId=03d335bf-064f-438c-8863-fee14f7e7b64&module=thunderbolt-platform&originalLanguage=en&pageId=a87960_8cd237c0b4524f5b0487ea1a882f8546_236.json&quickActionsMenuEnabled=false&registryLibrariesTopology=%5B%7B%22artifactId%22%3A%22editor-elements%22%2C%22namespace%22%3A%22wixui%22%2C%22url%22%3A%22https%3A%2F%2Fstatic.parastorage.com%2Fservices%2Feditor-elements%2F1.9477.0%22%7D%2C%7B%22artifactId%22%3A%22editor-elements%22%2C%22namespace%22%3A%22dsgnsys%22%2C%22url%22%3A%22https%3A%2F%2Fstatic.parastorage.com%2Fservices%2Feditor-elements%2F1.9477.0%22%7D%5D&remoteWidgetStructureBuilderVersion=1.233.0&siteId=835fd9f3-4642-481c-b8fe-e59aa09d721e&siteRevision=238&viewMode=desktop
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:dc00:c:68f7:80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Pepyaka/1.19.10 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 12:40:57 GMT
via
1.1 varnish (Varnish/6.0), 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
x-cache
Miss from cloudfront
content-encoding
gzip
content-length
618
timing-allow-origin
*
x-wix-request-id
1661863257.82960116135787715983
server
Pepyaka/1.19.10
etag
W/"4ca-LuIi8bE6Di83AIX6eM4Vn3OihHw"
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
1004550053 858111788
access-control-allow-origin
*
access-control-expose-headers
age,via,x-cache-status,X-cache-status
cache-control
public, max-age=7776000, immutable
accept-ranges
bytes
content-type
application/json; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
cgl68evCF_d2CSCTEv-V9PUEscGlkTvt1RPeuctU9CpCbVhHmMpZzA==
x-seen-by
2iuX5LYwvZa9CoGaG8ZUZjb5j8fWnvnycWNmjdvR375iK9ipUuWu57EktsrV6pBx,/SoSYmefJLK2hiZpy2XaYlN1tYMUtM33SkDcJDaLDqkHzsnIxW9Qkmv/WrncZQhjvGQ2Otd3B2C27oTTIAKJtQ==,ZUT6NeJ/NsDmQ9DMGnwT1Dllk1kSZcI1Q4qFNVZYmOzJftmKrOReD3ukbbas4YDo
thunderbolt
siteassets.parastorage.com/pages/pages/
75 KB
12 KB
Other
General
Full URL
https://siteassets.parastorage.com/pages/pages/thunderbolt?appDefinitionIdToSiteRevision=%7B%2214bcded7-0066-7c35-14d7-466cb3f09103%22%3A%22222%22%7D&beckyExperiments=specs.thunderbolt.responsiveAbsoluteChildrenPosition%3Atrue%2Cspecs.thunderbolt.containersList%3Atrue%2Cspecs.thunderbolt.DatePickerPortal%3Atrue%2Cspecs.thunderbolt.SearchBoxSuggestionsFacelift%3Atrue%2Cspecs.thunderbolt.loadHighQualityImagesAboveFold%3Atrue%2Cspecs.thunderbolt.loadFirstNFonts%3A3%2Cspecs.thunderbolt.new_responsive_layout%3Atrue%2Cspecs.thunderbolt.maskImageCSS%3Atrue%2Cspecs.thunderbolt.chat_landing_page%3Atrue&contentType=application%2Fjson&deviceType=Desktop&dfCk=6&dfVersion=1.1581.0&excludedSafariOrIOS=false&experiments=bv_remove_add_chat_viewer_fixer%2Cdm_migrateToTextTheme&externalBaseUrl=https%3A%2F%2Fwww.helminfosec.com&fileId=0c02f99c.bundle.min&hasTPAWorkerOnSite=false&isHttps=true&isInSeo=false&isMultilingualEnabled=false&isPremiumDomain=true&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&languageResolutionMethod=QueryParam&metaSiteId=03d335bf-064f-438c-8863-fee14f7e7b64&module=thunderbolt-features&originalLanguage=en&pageId=a87960_696e4effce8618b70e9a47901c1cfc23_238.json&quickActionsMenuEnabled=false&registryLibrariesTopology=%5B%7B%22artifactId%22%3A%22editor-elements%22%2C%22namespace%22%3A%22wixui%22%2C%22url%22%3A%22https%3A%2F%2Fstatic.parastorage.com%2Fservices%2Feditor-elements%2F1.9477.0%22%7D%2C%7B%22artifactId%22%3A%22editor-elements%22%2C%22namespace%22%3A%22dsgnsys%22%2C%22url%22%3A%22https%3A%2F%2Fstatic.parastorage.com%2Fservices%2Feditor-elements%2F1.9477.0%22%7D%5D&remoteWidgetStructureBuilderVersion=1.233.0&siteId=835fd9f3-4642-481c-b8fe-e59aa09d721e&siteRevision=238&staticHTMLComponentUrl=https%3A%2F%2Fwww-helminfosec-com.filesusr.com%2F&useSandboxInHTMLComp=false&viewMode=desktop
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:dc00:c:68f7:80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Pepyaka/1.19.10 /
Resource Hash
d0041e7365a961690e0e8a0faf14da3f0e080a24412fc30e0a2cac46ddf8c0a2

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 12:40:57 GMT
via
1.1 varnish (Varnish/6.0), 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
x-cache
Miss from cloudfront
content-encoding
gzip
content-length
11245
timing-allow-origin
*
x-wix-request-id
1661863257.79759585272109729911
server
Pepyaka/1.19.10
etag
W/"12aa9-tvgRNY+jotuG39PCYuvPAhHtCnA"
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
461401649 356467461
access-control-allow-origin
*
access-control-expose-headers
age,via,x-cache-status,X-cache-status
cache-control
public, max-age=7776000, immutable
accept-ranges
bytes
content-type
application/json; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
5TwVk8OhQbt0QtwxmARrl4huUS2iwOD58AmEC3h0WNCe8KTThPETEw==
x-seen-by
2iuX5LYwvZa9CoGaG8ZUZjb5j8fWnvnycWNmjdvR374F0S6IZWPBSR/IxrWsyAAl,/SoSYmefJLK2hiZpy2XaYlN1tYMUtM33SkDcJDaLDqlbQMcdx08Kd2I0rfB3g7tfvGQ2Otd3B2C27oTTIAKJtQ==,ZUT6NeJ/NsDmQ9DMGnwT1JmT4+GylvqtDu1aUE0Yq9keGdLDLXwpLd0CTVHPbfOd
thunderbolt
siteassets.parastorage.com/pages/pages/
12 KB
4 KB
Other
General
Full URL
https://siteassets.parastorage.com/pages/pages/thunderbolt?appDefinitionIdToSiteRevision=%7B%2214bcded7-0066-7c35-14d7-466cb3f09103%22%3A%22222%22%7D&beckyExperiments=specs.thunderbolt.responsiveAbsoluteChildrenPosition%3Atrue%2Cspecs.thunderbolt.containersList%3Atrue%2Cspecs.thunderbolt.DatePickerPortal%3Atrue%2Cspecs.thunderbolt.SearchBoxSuggestionsFacelift%3Atrue%2Cspecs.thunderbolt.loadHighQualityImagesAboveFold%3Atrue%2Cspecs.thunderbolt.loadFirstNFonts%3A3%2Cspecs.thunderbolt.new_responsive_layout%3Atrue%2Cspecs.thunderbolt.maskImageCSS%3Atrue%2Cspecs.thunderbolt.chat_landing_page%3Atrue&contentType=application%2Fjson&deviceType=Desktop&dfCk=6&dfVersion=1.1581.0&excludedSafariOrIOS=false&experiments=bv_remove_add_chat_viewer_fixer%2Cdm_migrateToTextTheme&externalBaseUrl=https%3A%2F%2Fwww.helminfosec.com&fileId=0c02f99c.bundle.min&hasTPAWorkerOnSite=false&isHttps=true&isInSeo=false&isMultilingualEnabled=false&isPremiumDomain=true&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&languageResolutionMethod=QueryParam&metaSiteId=03d335bf-064f-438c-8863-fee14f7e7b64&module=thunderbolt-features&originalLanguage=en&pageId=a87960_8cd237c0b4524f5b0487ea1a882f8546_236.json&quickActionsMenuEnabled=false&registryLibrariesTopology=%5B%7B%22artifactId%22%3A%22editor-elements%22%2C%22namespace%22%3A%22wixui%22%2C%22url%22%3A%22https%3A%2F%2Fstatic.parastorage.com%2Fservices%2Feditor-elements%2F1.9477.0%22%7D%2C%7B%22artifactId%22%3A%22editor-elements%22%2C%22namespace%22%3A%22dsgnsys%22%2C%22url%22%3A%22https%3A%2F%2Fstatic.parastorage.com%2Fservices%2Feditor-elements%2F1.9477.0%22%7D%5D&remoteWidgetStructureBuilderVersion=1.233.0&siteId=835fd9f3-4642-481c-b8fe-e59aa09d721e&siteRevision=238&staticHTMLComponentUrl=https%3A%2F%2Fwww-helminfosec-com.filesusr.com%2F&useSandboxInHTMLComp=false&viewMode=desktop
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:dc00:c:68f7:80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Pepyaka/1.19.10 /
Resource Hash
4744e5f843f3ab8ed38dac4caa68d2d41c029241f4c23f0f2bdc991c8eb23b38

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 12:40:57 GMT
via
1.1 varnish (Varnish/6.0), 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
x-cache
Miss from cloudfront
content-encoding
gzip
content-length
2747
timing-allow-origin
*
x-wix-request-id
1661863257.80159585491073729911
server
Pepyaka/1.19.10
etag
W/"2f20-vdrXECZ2Nb2BH2ENO4O3eki+wfg"
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
367916279 306995258
access-control-allow-origin
*
access-control-expose-headers
age,via,x-cache-status,X-cache-status
cache-control
public, max-age=7776000, immutable
accept-ranges
bytes
content-type
application/json; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
qjdAKu_nQgGJgXSPPVx6DER0jPHU68Sf6EE62TZYt18jnF3xrAhFGw==
x-seen-by
2iuX5LYwvZa9CoGaG8ZUZjb5j8fWnvnycWNmjdvR374F0S6IZWPBSR/IxrWsyAAl,/SoSYmefJLK2hiZpy2XaYlN1tYMUtM33SkDcJDaLDqlbQMcdx08Kd2I0rfB3g7tfvGQ2Otd3B2C27oTTIAKJtQ==,ZUT6NeJ/NsDmQ9DMGnwT1PT2/UlOSxvKx0Ev67TEd/0eGdLDLXwpLd0CTVHPbfOd
siteTags.bundle.min.js
static.parastorage.com/services/tag-manager-client/1.427.0/
11 KB
5 KB
Script
General
Full URL
https://static.parastorage.com/services/tag-manager-client/1.427.0/siteTags.bundle.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
a055462e069ab37c3c269bf8b80c7c1aafa72b7d2f0b7699833f87558b06a0cc

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 01:42:35 GMT
content-encoding
gzip
age
1900012
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
4070
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1660009355.85747720066784932
last-modified
Tue, 25 May 2021 09:37:42 GMT
server
Pepyaka/1.19.10
etag
W/"74b64900831a2e814a8ff0cdedcf80cb"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
669934301 649282282
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
KxmG23fmz6XxZzmBrFtQ8FMPvVK6c6YrzW3PqAabghtauF01dAONtw==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciuywJq1k3i9boDUht6MLw5,aVxMblM8KFG3we5NLvyVc1jYNdX5iXQWX+OiINkuR/e8ZDY613cHYLbuhNMgAom1
wix-perf-measure.bundle.min.js
static.parastorage.com/services/wix-perf-measure/1.1041.0/
40 KB
13 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-perf-measure/1.1041.0/wix-perf-measure.bundle.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
1897f4b9627699de5ee4537822e310300d6e7bfa1ee62822c217b45fe9f01d99

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 21 Aug 2022 09:26:34 GMT
content-encoding
br
age
789263
x-cache-status
MISS
x-cache
Hit from cloudfront
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661073993.980533256624012933
last-modified
Sun, 21 Aug 2022 09:24:34 GMT
server
Pepyaka/1.19.10
etag
W/"6df4602273189740e9eac890a2a57609"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
80584043
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
h1x_UTL_xtDzESVWRAzojBUVLqPaBxPxXyXqrjYP7VBP2CgpkVPWTQ==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciuywJq1k3i9boDUht6MLw5,aVxMblM8KFG3we5NLvyVcyc3RE2AEtYWQGVQ/2ywuOgeGdLDLXwpLd0CTVHPbfOd,2iuX5LYwvZa9CoGaG8ZUZu5XlfJc81bg/9yqD5g4dYTkTYnbrpxTuT84TvL9JpCC
react-dom.production.min.js
static.parastorage.com/unpkg/react-dom@16.14.0/umd/
116 KB
36 KB
Script
General
Full URL
https://static.parastorage.com/unpkg/react-dom@16.14.0/umd/react-dom.production.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
4949f4e1cff9e8a960b44c9a8be70bc4bb10216eb4d0123ca61753e0908a0f87

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 12:25:04 GMT
content-encoding
br
age
171471
x-cache-status
MISS
x-cache
Hit from cloudfront
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1653621922.394702044377831609
last-modified
Thu, 15 Oct 2020 02:11:22 GMT
server
Pepyaka/1.19.10
etag
W/"c5abc87541fe6bb0f43f22af475a8b20"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
118078141
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
FeiawKTjC4QUKoxmNXs-vAlcUlX0Oumuw3PNcPKbfNfjsZv7TkEUKQ==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjR6IMkIgDN3dKWLSNjYj0d,aVxMblM8KFG3we5NLvyVc2240yoD0MlMpM73djr11roeGdLDLXwpLd0CTVHPbfOd,2iuX5LYwvZa9CoGaG8ZUZomYmPgSwc4aU7J40H7VRoonyNuED/+UieZaPOkDEHk+
4021a3b9-f782-438b-aeb4-c008109a8b64.woff
static.parastorage.com/services/third-party/fonts/user-site-fonts/fonts/
46 KB
46 KB
Font
General
Full URL
https://static.parastorage.com/services/third-party/fonts/user-site-fonts/fonts/4021a3b9-f782-438b-aeb4-c008109a8b64.woff
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
e8efc6127a972196003f55730b8f12be19e724b11e751f483f73b2ce9e7de009

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 13:24:27 GMT
content-encoding
gzip
age
1133063
x-cache-status
HIT
x-cache
Hit from cloudfront
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
content-length
46227
x-varnish
350157861 254980093
x-wix-request-id
1660829067.2506637660752216724
last-modified
Tue, 17 Apr 2018 11:10:41 GMT
server
Pepyaka/1.19.10
etag
W/"1f8210a15cb22be6ba959801a2158c1d-1"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
content-type
application/x-font-woff
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-version-id
0MIhvblKcNOZBKnKo6HCgoh97JkTUZDD
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
x-amz-cf-id
Uwod7QTQ9NcuON4P_Hy0CQbn00JdGLaHoWAgvlnHpepodrNIKMeFpw==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcgrlbPwrfJgfFY+bZe/zFVAWIHlCalF7YnfvOr2cMPpyw==,aVxMblM8KFG3we5NLvyVc8EDFnkKlVvXae3jojBllJYghGES6Jsix+7j8qfOfk1L
file-upload-viewer.chunk.min.css
static.parastorage.com/services/communities-blog-ooi/1.483.0/client/
3 KB
2 KB
Stylesheet
General
Full URL
https://static.parastorage.com/services/communities-blog-ooi/1.483.0/client/file-upload-viewer.chunk.min.css
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
89bf336a9af8c8dd2b8222ddffd5a88c62bed72bb09d2266f36f7c4de09e9fa4

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 13:04:21 GMT
content-encoding
br
age
85051
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
915
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661778261.2327914054502924257
last-modified
Mon, 29 Aug 2022 10:57:35 GMT
server
Pepyaka/1.19.10
etag
W/"7f1d9cbfea09365f75a44e354e0d7bf2"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
923485306
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
text/css; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
itoESzIxYIvunbN8wxuSRWK5DzfRZx4lwi4ncKpkXNBb8qgAKe0zIw==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciDgmy1x1bk0T2mMblm59aj,aVxMblM8KFG3we5NLvyVc1XEV11U4uj6EySGMcOeW2gfbJaKSXYQ/lskq2jK6SGP,2iuX5LYwvZa9CoGaG8ZUZgqsM72LknxyIGq7MjJjVJPIuy2VESQnpcJsWK2rmEcT
file-upload-viewer.chunk.min.js
static.parastorage.com/services/communities-blog-ooi/1.483.0/client/
28 KB
8 KB
Script
General
Full URL
https://static.parastorage.com/services/communities-blog-ooi/1.483.0/client/file-upload-viewer.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
f1deeb28c9ad3763fd589c06dbf6336c7a5dc98baeb2126a61253d452f21d584

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 13:04:21 GMT
content-encoding
br
age
92415
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
7553
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661778261.5116430957730222520
last-modified
Mon, 29 Aug 2022 10:57:35 GMT
server
Pepyaka/1.19.10
etag
W/"9fcf0bce826efc6766e4b51b3a2f77e2"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
444902048 418241112
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
cD7KybqgdHX25EhWVo1fK7W0MvMeockpwHJ_NVJn4rEF-B2bQc9yvw==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjBLy8P45DoDO4LnRm+zqsP,aVxMblM8KFG3we5NLvyVc0swuQg4e4Ft3RZminzdoKEQXT2AyjWfyxKagyd4/pDD
Helm%20Information%20Security.png
static.wixstatic.com/media/a87960_be4510ccca2046de8e7e2dfaf7bf707a~mv2.png/v1/fill/w_311,h_140,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/
12 KB
13 KB
Image
General
Full URL
https://static.wixstatic.com/media/a87960_be4510ccca2046de8e7e2dfaf7bf707a~mv2.png/v1/fill/w_311,h_140,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/Helm%20Information%20Security.png
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
1de27fa37024b0c9dce1aabdabd799aa383a573797fd961f7b52f344a177b141

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 19:39:17 GMT
via
1.1 google
server
openresty/1.21.4.1
age
61300
wix-tracer
2E2mGXRy7T3mBMdXZPy9eS46vDs
etag
""
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2592000, immutable
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12718
x-seen-by
image-manipulator-556498cf55-6rnxw
97uahxiqZRoncBaCEI3aW1tXRa8TVwTICgirnJhmVJw.woff2
fonts.gstatic.com/s/roboto/v18/
22 KB
22 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/97uahxiqZRoncBaCEI3aW1tXRa8TVwTICgirnJhmVJw.woff2
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1f03b3082883c94de09ea4c0b38092a45f2f7ca60c14889818a3e19057da34b8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 14:10:53 GMT
x-content-type-options
nosniff
age
599405
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22116
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:01 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 23 Aug 2023 14:10:53 GMT
bt
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/bt?src=29&evid=3&viewer_name=thunderbolt&caching=hit,hit&dc=84&et=12&event_name=Partially%20visible&is_cached=true&is_platform_loaded=0&is_rollout=0&ism=1&isp=0&isjp=true&iss=1&ita=1&msid=03d335bf-064f-438c-8863-fee14f7e7b64&pid=ugenx&pn=1&sessionId=180c76f9-db55-492f-b501-2a7edd1565e7&siterev=238-__siteCacheRevision__&st=2&ts=283&tts=701&url=https%3A%2F%2Fwww.helminfosec.com%2Fpost%2Feasy-playbooks-to-make-ransomware-criminals-cry&v=1.10845.0&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250&_brandId=wix
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:40:57 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
bolt-performance
frog.wix.com/
0
257 B
Ping
General
Full URL
https://frog.wix.com/bolt-performance?src=72&evid=28&appName=thunderbolt&is_rollout=0&is_sav_rollout=0&is_dac_rollout=0&dc=84&is_cached=true&msid=03d335bf-064f-438c-8863-fee14f7e7b64&session_id=180c76f9-db55-492f-b501-2a7edd1565e7&ish=true&isb=true&isbr=plugins-extra&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250&caching=hit,hit&pv=visible&pn=1&v=1.10845.0&url=https%3A%2F%2Fwww.helminfosec.com%2Fpost%2Feasy-playbooks-to-make-ransomware-criminals-cry&st=2&ts=3&tsn=421&name=partially_visible&duration=1661863257819&pageId=ugenx
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:40:57 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
clientWorker.fc4c7f1c.bundle.min.js
www.helminfosec.com/_partials/wix-thunderbolt/dist/
521 KB
156 KB
Other
General
Full URL
https://www.helminfosec.com/_partials/wix-thunderbolt/dist/clientWorker.fc4c7f1c.bundle.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:d3a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0560873e4af8a5e4d6f8b32ebd4828958f6aa64020f77f542f77da3378818388
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 12:40:57 GMT
via
1.1 varnish (Varnish/6.0)
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
82936
x-cache-status
HIT
content-type
application/javascript
access-control-allow-methods
GET, OPTIONS, POST
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
x-wix-request-id
1661780321.89156945883371126884
last-modified
Mon, 29 Aug 2022 04:24:24 GMT
server
cloudflare
etag
W/"f511a478bf4fab90db9e6bf11a721c15"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SYzjFRFvZ5T3tM4Ta1Z9VW7aWfTJO5FRlyppZRHF8nsOdNK2l8X5oaEjYUue8xhdTVuWQG79N3bcy%2Bndx7uLqum0zKH8gadhHTYznjaQ5TK%2Bmnv49IDMbziZB%2BzREodVj4X1q1yL07kBZCZKTr7viNJH"}],"group":"cf-nel","max_age":604800}
x-varnish
552731063 442677264
access-control-allow-origin
*
cache-control
public, max-age=7776000, immutable
cf-ray
742d9911ce959c01-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-seen-by
wmgbEcS9zOENaefw7bU4YRPnIabCQWJW461ERvTuE+U=,yI4PPEXc3bvXNWfpzSkUarxkNjrXdwdgtu6E0yACibU=,sHU62EDOGnH2FBkJkG/Wx8EeXWsWdHrhlvbxtlynkVj7GQ3ZVaP9rwvRxtLE22cp,m0j2EEknGIVUW/liY8BLLjBdxec7r7DHGEpZo2ij+24cm7On4dir39PTYYK13tG9,zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciDgmy1x1bk0T2mMblm59aj,aVxMblM8KFG3we5NLvyVc5U6nDV0Sthqh2jmVbYx0F4QXT2AyjWfyxKagyd4/pDD
thunderbolt-components-registry.762064d9.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
28 KB
9 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/thunderbolt-components-registry.762064d9.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
79b9a4428e4ffb7319831b1f4896be573878e1d02f4c1d98d0a01f64e64b8f4f

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 00:10:17 GMT
content-encoding
br
age
169457
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
8393
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661731817.9025944222129115983
last-modified
Sun, 28 Aug 2022 13:34:13 GMT
server
Pepyaka/1.19.10
etag
W/"5d7b3b89f599a9f7242425bfbf83a838"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
565424027 526351555
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
I7S7I-RJ2_Cjitzz7cJnU47BIpc-bXgzqg8JnQ0CWV5S98T3yshVPw==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjR6IMkIgDN3dKWLSNjYj0d,aVxMblM8KFG3we5NLvyVc2240yoD0MlMpM73djr11roeGdLDLXwpLd0CTVHPbfOd
group_3.257afcf7.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
34 KB
11 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/group_3.257afcf7.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
d8a86c94b2d49f57e4431c1d6e0837793b738cf93acabff19b4603d30b70b477

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 00:10:17 GMT
content-encoding
br
age
169456
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
10741
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661731817.84657969487183932
last-modified
Sun, 28 Aug 2022 13:31:27 GMT
server
Pepyaka/1.19.10
etag
W/"dbd012152db55e42ee495554f408bae3"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
69196135 8518937
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
bp_p2-HgacPuGzA8QavMBDfv_ORAY_9FwLatM6rJhaFwXfP4PMR6RQ==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciuywJq1k3i9boDUht6MLw5,aVxMblM8KFG3we5NLvyVcyc3RE2AEtYWQGVQ/2ywuOgeGdLDLXwpLd0CTVHPbfOd
group_4.2308ad31.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
52 KB
19 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/group_4.2308ad31.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
9173d5d64ca4fc2136618054d07d03e1dd90b04a9dfedb8a60fa9e64589885a6

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 28 Aug 2022 09:34:59 GMT
content-encoding
br
age
183958
x-cache-status
MISS
x-cache
Hit from cloudfront
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661679299.2145853917451129911
last-modified
Sun, 28 Aug 2022 09:30:56 GMT
server
Pepyaka/1.19.10
etag
W/"8f71cd386f0639988372f175241b7c7e"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
510455091
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
i60k26btG9310a4KcdgVoBggveFSsRqlsLITwgptMyLG4p3sc7BSQg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciIhzGxulME7YKteYTeCw6C,aVxMblM8KFG3we5NLvyVc2240yoD0MlMpM73djr11roeGdLDLXwpLd0CTVHPbfOd,2iuX5LYwvZa9CoGaG8ZUZomYmPgSwc4aU7J40H7VRoonyNuED/+UieZaPOkDEHk+
group_7.6a56c0f2.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
67 KB
22 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/group_7.6a56c0f2.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
e0f52472ba0c405acedaffbe5b001a507c62dc5a89dbe1d27b0f8dbb7a1b3c8d

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 00:10:19 GMT
content-encoding
br
age
131438
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
21483
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661731818.9375944222129315983
last-modified
Mon, 29 Aug 2022 00:04:51 GMT
server
Pepyaka/1.19.10
etag
W/"b7d7eec8dfe471f1a43fd40f4e03a63b"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
289918479
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
YCmDhGb_UQXGWikVBoSRYqgietHhmFbZcwgBPHUup2jOOTiNuTlpsQ==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjR6IMkIgDN3dKWLSNjYj0d,aVxMblM8KFG3we5NLvyVczcu59EpmtW9m1QeKn/Zhei8ZDY613cHYLbuhNMgAom1,2iuX5LYwvZa9CoGaG8ZUZomYmPgSwc4aU7J40H7VRopj8Q5G/Ose159xWYwpIkYm
group_5.024b7c8f.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
33 KB
12 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/group_5.024b7c8f.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
93d063c1bfb5b57c2cebb23a7e4f6a697d1454dee3c2d7c2300725becb2e31b4

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 28 Aug 2022 09:34:59 GMT
content-encoding
br
age
183958
x-cache-status
MISS
x-cache
Hit from cloudfront
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661679299.23657594974371932
last-modified
Sun, 28 Aug 2022 09:30:56 GMT
server
Pepyaka/1.19.10
etag
W/"e22c005b3377975763aff7e0760d18ef"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
1073195105
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
srigzzw3YKG5N4qSu3tzAQ5CfQ9GCThj8W0YB4iSCDgzel1WDwGT5A==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciuywJq1k3i9boDUht6MLw5,aVxMblM8KFG3we5NLvyVc7BqDNFHAXxDhnSr3nbzCBC8ZDY613cHYLbuhNMgAom1,2iuX5LYwvZa9CoGaG8ZUZu5XlfJc81bg/9yqD5g4dYQFjVKS1KW45pDD7kwcelUf
captcha.de899784.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
660 B
1 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/captcha.de899784.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.0 /
Resource Hash
a6f9857398e30d4a2c77ce4251782cc6c00c367cae828a4fdd208341a3072edc

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 03 Aug 2022 10:43:08 GMT
content-encoding
br
age
2340014
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
413
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1659523388.9129547536387464580
last-modified
Wed, 03 Aug 2022 10:37:49 GMT
server
Pepyaka/1.19.0
etag
W/"5fff3333e19e44f338748912875d5fd0"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
23005123
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
kU34SelQyTu8YUba9_6B5TSnVJODfCXYNV8B6TN-5gXAR8kJKnl7Hg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjV0TBmJ+uLPQ4OZPC1VSMH,aVxMblM8KFG3we5NLvyVc0swuQg4e4Ft3RZminzdoKEQXT2AyjWfyxKagyd4/pDD,2iuX5LYwvZa9CoGaG8ZUZgqsM72LknxyIGq7MjJjVJMeqpJFW1tCeKPC+/G/CDoa
group_6.525e9370.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
71 KB
22 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/group_6.525e9370.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
e16bf10d3e357fcd444d083d1784ed9ba1cf53821e14c2c6604939ae0373cbf7

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 28 Aug 2022 07:40:33 GMT
content-encoding
br
age
190824
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
21640
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661672433.0743657187061229321
last-modified
Sun, 28 Aug 2022 07:35:55 GMT
server
Pepyaka/1.19.10
etag
W/"f047a9b6162e1b36df6cbd05d068ce67"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
837816837
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
g27LPk197uPOyNpB_ndT3KHvac-7KZ8w-qR5cjis2uZ1UFqujlue8A==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchsyoANA5L58iE/4UOTdE0x,aVxMblM8KFG3we5NLvyVc1jYNdX5iXQWX+OiINkuR/e8ZDY613cHYLbuhNMgAom1,2iuX5LYwvZa9CoGaG8ZUZgqsM72LknxyIGq7MjJjVJMe3/j5AamzIi0oSHQsz9b+
tpaCommons.bbc0a216.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
3 KB
2 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/tpaCommons.bbc0a216.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
8e0ef53da3ec9eb4a5559460cbe7bf4c07cb06ea38db55a62d6ee94fe510cc7f

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 00:10:18 GMT
content-encoding
br
age
131439
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
1343
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661731818.39357969487184932
last-modified
Mon, 29 Aug 2022 00:04:52 GMT
server
Pepyaka/1.19.10
etag
W/"1859fa33f05f3b19f454d1a25dcb0a72"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
289103753
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
17P6VSN48jwOHQ1mpjyiZoC3bF1c9HzGjzoinQxJU12tW6auO3ZaqQ==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciuywJq1k3i9boDUht6MLw5,aVxMblM8KFG3we5NLvyVczcu59EpmtW9m1QeKn/Zhei8ZDY613cHYLbuhNMgAom1,2iuX5LYwvZa9CoGaG8ZUZomYmPgSwc4aU7J40H7VRopj8Q5G/Ose159xWYwpIkYm
site-members
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/site-members?_msid=03d335bf-064f-438c-8863-fee14f7e7b64&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250&_av=thunderbolt-1.10845.0&isb=true&isbr=plugins-extra&_brandId=wix&_siteBranchId=undefined&_ms=910&_lv=2.0.985%7CC&_mt_instance=pznBQH5Gkhi71ZdRxQlanD6xvwJANDzgSrvWcwGiveI.eyJpbnN0YW5jZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0IiwiYXBwRGVmSWQiOiIyMmJlZjM0NS0zYzViLTRjMTgtYjc4Mi03NGQ0MDg1MTEyZmYiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsInNpdGVPd25lcklkIjoiYTg3OTYwYzItZGVkNS00MmQ4LWE0MjItMGIxMjhjZDRiOGRmIn0&_visitorId=21f2ff3d-fa77-4b67-8c2d-8caf40d78b4f&_siteMemberId=undefined&bsi=941de264-67d1-4894-b1d9-4fdb80091796%7C1&src=5&evid=698&biToken=03d335bf-064f-438c-8863-fee14f7e7b64&context=undefined&ts=491&viewmode=undefined&visitor_id=21f2ff3d-fa77-4b67-8c2d-8caf40d78b4f&site_member_id=undefined&site_settings_lng=en&browser_lng=en&lng_mismatch=false&layout=undefined&_isca=1&_iscf=1&_ispd=0&_ise=0&_=16618632580330
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/main.418fdbe3.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:40:58 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
group_15.5a450a66.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
11 KB
5 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/group_15.5a450a66.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
bd218de167fedee2f2d10a6ecdea1e4e2e4a1ed639d79dbdcf97cf1908ca8b87

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 00:10:18 GMT
content-encoding
br
age
131440
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
3895
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661731818.4333700536892129320
last-modified
Mon, 29 Aug 2022 00:04:51 GMT
server
Pepyaka/1.19.10
etag
W/"b8ec4ff8fbe6d808e36300efb68df602"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
289685621
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
J2m-TfCIIHW-1spOJTFM95_0b69R0h9sOF3hD5nxZOyHl8BSB1czVg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchsyoANA5L58iE/4UOTdE0x,aVxMblM8KFG3we5NLvyVczcu59EpmtW9m1QeKn/Zhei8ZDY613cHYLbuhNMgAom1,2iuX5LYwvZa9CoGaG8ZUZomYmPgSwc4aU7J40H7VRopj8Q5G/Ose159xWYwpIkYm
group_2.6417cb6f.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
10 KB
5 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/group_2.6417cb6f.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
e12dafa56cd8d91526d4361ce8c604af7e66eab80c4966f0f7764d142a6be524

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 28 Aug 2022 09:35:03 GMT
content-encoding
br
age
186390
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
3950
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661679303.15958538968691629911
last-modified
Sun, 28 Aug 2022 08:49:53 GMT
server
Pepyaka/1.19.10
etag
W/"3e5f571e25f760ead90fe66d186fa7ad"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
263576047
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
4Wekbq8j5s4ph4KCwbhCSL2phlCYUqDyUD0erygx0k1mrZ9KFbL3HA==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciIhzGxulME7YKteYTeCw6C,aVxMblM8KFG3we5NLvyVczcu59EpmtW9m1QeKn/Zhei8ZDY613cHYLbuhNMgAom1,2iuX5LYwvZa9CoGaG8ZUZomYmPgSwc4aU7J40H7VRopj8Q5G/Ose159xWYwpIkYm
reporter-api.e6b6a75f.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
26 KB
8 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/reporter-api.e6b6a75f.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
e83c4b7b7da7473164173a770ee1e0b09e1bae30166a73da8d42cdf1e0c92e60

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 09:29:39 GMT
content-encoding
br
age
97879
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
7089
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661765379.0947884577148424258
last-modified
Mon, 29 Aug 2022 09:27:59 GMT
server
Pepyaka/1.19.10
etag
W/"422dbc1c2f49b30069b6d7d5a73885b6"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
592259253
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
ys2JamZz7QT2sTFiBvGx0LJJiKNQiwrEQ6nTK35o6F8iXACTiDdMqA==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciDgmy1x1bk0T2mMblm59aj,aVxMblM8KFG3we5NLvyVc7eNHvhCRAbD7EPjVZvQO20fbJaKSXYQ/lskq2jK6SGP,2iuX5LYwvZa9CoGaG8ZUZu5XlfJc81bg/9yqD5g4dYRTal0JO8D5MRZkJSFf/s14
03d335bf-064f-438c-8863-fee14f7e7b64
www.helminfosec.com/_api/tag-manager/api/v1/tags/sites/
3 KB
3 KB
XHR
General
Full URL
https://www.helminfosec.com/_api/tag-manager/api/v1/tags/sites/03d335bf-064f-438c-8863-fee14f7e7b64?wixSite=false&htmlsiteId=835fd9f3-4642-481c-b8fe-e59aa09d721e&language=en
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/tag-manager-client/1.427.0/siteTags.bundle.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:d3a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a10fdd810da69be417e0dec95e5ff3f3a8864438a6607536ff189681fd7a7afa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Referer
https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
accept-language
da-DK,da;q=0.9
authorization
pznBQH5Gkhi71ZdRxQlanD6xvwJANDzgSrvWcwGiveI.eyJpbnN0YW5jZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0IiwiYXBwRGVmSWQiOiIyMmJlZjM0NS0zYzViLTRjMTgtYjc4Mi03NGQ0MDg1MTEyZmYiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsInNpdGVPd25lcklkIjoiYTg3OTYwYzItZGVkNS00MmQ4LWE0MjItMGIxMjhjZDRiOGRmIn0
content-type
application/json

Response headers

date
Tue, 30 Aug 2022 12:40:58 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma
no-cache
x-wix-request-id
1661863258.1037208523411207
server
cloudflare
etag
W/"bbe-6939UnwcgtIe1PA+6RnjfbT+OpE"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=srxh73fVlCL5HXdTAAQ%2BB9jLfTpydYzAxgFJDoOlPiU3uoOSBFfgt8GT7vzlHDAol4kCqJ7aHv8O4wuZqcr6GHl%2BWp2%2Fp%2BCQ5vKwT5bQqr7uKg6f5Dj3iy8bjZ4kjfo4rYrxXqHYEY%2FzN71TWedYOZwT"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
cache-control
no-store, no-cache
cf-ray
742d991308c29c01-FRA
x-seen-by
sHU62EDOGnH2FBkJkG/Wx8EeXWsWdHrhlvbxtlynkVi9aOWSBHyDFXM/Zj+enzZw,qquldgcFrj2n046g4RNSVJu5ErIsUmUN39d9jOoRfIY=,qYxvFa0bBL43z6b6TutC4b/fh6Xg5TcrDdClZcva/j+9OVum6qdTdCIA6KWtpXWQjEjMK7NhKmmUK9CnnM7njw==,7npGRUZHWOtWoP0Si3wDp6ju4APELa8yTvbJVRygVHo=,MDFDoTqjWxpWhAuWfTm+POk1e41z9wb1ySq9TQ62tZVexIl6tnlSi8K8aXhcMkRLKfTZOA3wgmWjCMQbcII0QA==,xTu8fpDe3EKPsMR1jrheECTFvqgQMyCCM5ETSOwj0qA=,xTu8fpDe3EKPsMR1jrheEAZDyy6z2NYXea4r5Ggbr1c=,mvxQ9qSAmY38asKjFCcmG4gxvdyqNJoU7xZWsRaKjoQSzrkWYDysBoBSnfgj7THEI+YDssnzJtlrzrrPePUyWQ==,xTu8fpDe3EKPsMR1jrheEO0U/WbAveKBK6bXARGFPvs=,tznMqpp3e1oucszW+OT1FDDn9paFfXxHBRU6gxv2pGKXqwnJSPzeK5lKJW7KZ6HyEL3Hy+sEEm3RZW9yvjTUfg==,xTu8fpDe3EKPsMR1jrheEBdS2eobEm2aAd223gJJEMk=,g+dVzGc2iJCx2nR64BGlAes/U4JByoM4fCQ1HynihwFCdgnOtogmc9S3EtBeOSN+QnAmu1WpZFjXdyUYZpjJIqs+v++qQfZgNEOkXOcFMqk=
group_0.19566a9d.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
923 B
1 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/group_0.19566a9d.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
319a93d72316b4301cccace1d6ed58d81e30a4452a457d1f6894e3bdd6c88ce0

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 00:10:19 GMT
content-encoding
br
age
131439
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
417
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661731819.1233700536892229320
last-modified
Mon, 29 Aug 2022 00:04:51 GMT
server
Pepyaka/1.19.10
etag
W/"48b2397d11e6f4d24fa05599d16a0e84"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
69667410
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
pgCd9wAoB1vnXvxCzT7N6O1GLsuKfW4afPEgHWbQsTHNb0jE52fyKg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchsyoANA5L58iE/4UOTdE0x,aVxMblM8KFG3we5NLvyVcyc3RE2AEtYWQGVQ/2ywuOgeGdLDLXwpLd0CTVHPbfOd,2iuX5LYwvZa9CoGaG8ZUZu5XlfJc81bg/9yqD5g4dYTkTYnbrpxTuT84TvL9JpCC
group_16.97d7c6cd.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
43 KB
15 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/group_16.97d7c6cd.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
17a06ea94fb5b07aa8dd8c81a884bcdaeaf972c0bafc2bf4ea8183a39d0e8607

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 00:10:19 GMT
content-encoding
br
age
131439
x-cache-status
MISS
x-cache
Hit from cloudfront
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661731819.18357969487185932
last-modified
Mon, 29 Aug 2022 00:04:52 GMT
server
Pepyaka/1.19.10
etag
W/"07b7816df263fef8e7644fe1447231a6"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
564018085
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
jr4C0Ib3rOwgnjf2dZDoVcsz4Y0ky_HuhRX8BgljgPSygSSZPDf9DA==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciuywJq1k3i9boDUht6MLw5,aVxMblM8KFG3we5NLvyVc2240yoD0MlMpM73djr11roeGdLDLXwpLd0CTVHPbfOd,2iuX5LYwvZa9CoGaG8ZUZomYmPgSwc4aU7J40H7VRoonyNuED/+UieZaPOkDEHk+
pageTransitions.330b53aa.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
4 KB
2 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/pageTransitions.330b53aa.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
f02ea6ca3892ef686e169054d07bb2e72a1c6fe2818af77267eef7c85da3efed

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 00:10:19 GMT
content-encoding
br
age
131439
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
1519
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661731819.3035944222129415983
last-modified
Mon, 29 Aug 2022 00:04:52 GMT
server
Pepyaka/1.19.10
etag
W/"9fbd13502f509400fc8b5e5385737e2b"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
565641915
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
1EQSBldpH2wEq3uZvtF0HoGtV6S80m-yN3VbeVejg8gRDO8YSvehbQ==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjR6IMkIgDN3dKWLSNjYj0d,aVxMblM8KFG3we5NLvyVc2240yoD0MlMpM73djr11roeGdLDLXwpLd0CTVHPbfOd,2iuX5LYwvZa9CoGaG8ZUZomYmPgSwc4aU7J40H7VRoonyNuED/+UieZaPOkDEHk+
TPABaseComponent.8e2885de.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
5 KB
3 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/TPABaseComponent.8e2885de.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
863feacc1e31a97b43acb5ec35100bb486da745242eba1df24f779afdc194bbe

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 21 Aug 2022 10:05:15 GMT
content-encoding
br
age
786943
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
1964
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661076315.76953339008191932
last-modified
Sun, 21 Aug 2022 10:01:55 GMT
server
Pepyaka/1.19.10
etag
W/"d88aad4c009bb1ab786a2c225676e3dd"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
83628356
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
t5tFeJACE0LV8kBBbaD7ZwoqTsPgn9izkErv5mz8pRAeqPpxiBe2fg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciuywJq1k3i9boDUht6MLw5,aVxMblM8KFG3we5NLvyVcyc3RE2AEtYWQGVQ/2ywuOgeGdLDLXwpLd0CTVHPbfOd,2iuX5LYwvZa9CoGaG8ZUZu5XlfJc81bg/9yqD5g4dYTkTYnbrpxTuT84TvL9JpCC
rb_wixui.thunderbolt~bootstrap-classic.7b2e8cf7.chunk.min.js
static.parastorage.com/services/editor-elements/dist/
37 KB
12 KB
Script
General
Full URL
https://static.parastorage.com/services/editor-elements/dist/rb_wixui.thunderbolt~bootstrap-classic.7b2e8cf7.chunk.min.js
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/thunderbolt-components-registry.762064d9.chunk.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
7ae371d6d3829aeb779514de9d42dc5b004f4cc92c258885a1b10572a67db124

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 10:31:29 GMT
content-encoding
br
age
97473
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
11503
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661769089.39478926984032024258
last-modified
Mon, 29 Aug 2022 09:35:44 GMT
server
Pepyaka/1.19.10
etag
W/"7b5e3c593df199740355ebf64aada1e5"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
605588956 590932588
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
PAR2NgNHAQR9-66CYfwO7ZW8dSwEtXQvyy-FcULII_yLhB3fB9iUPQ==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciDgmy1x1bk0T2mMblm59aj,aVxMblM8KFG3we5NLvyVc7eNHvhCRAbD7EPjVZvQO20fbJaKSXYQ/lskq2jK6SGP
santa-langs-en.cde5975b.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
34 KB
10 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/santa-langs-en.cde5975b.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
68a3e7f27709f87d5c8f75a4af3fcb063d431d5669521e7fc537a9681b1078fc

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 00:10:19 GMT
content-encoding
br
age
131439
x-cache-status
MISS
x-cache
Hit from cloudfront
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661731819.76957969521481932
last-modified
Mon, 29 Aug 2022 00:04:52 GMT
server
Pepyaka/1.19.10
etag
W/"032092b6c987cbdc78207a44c6a76f6b"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
564966894
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
nGPpc-x1hELWYBB_fRDvoOPMr-Gej5sK4d00ke672aFQJcCCB5MpEQ==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciuywJq1k3i9boDUht6MLw5,aVxMblM8KFG3we5NLvyVc2240yoD0MlMpM73djr11roeGdLDLXwpLd0CTVHPbfOd,2iuX5LYwvZa9CoGaG8ZUZomYmPgSwc4aU7J40H7VRoonyNuED/+UieZaPOkDEHk+
rb_wixui.thunderbolt~bootstrap.488af026.chunk.min.js
static.parastorage.com/services/editor-elements/dist/
48 KB
14 KB
Script
General
Full URL
https://static.parastorage.com/services/editor-elements/dist/rb_wixui.thunderbolt~bootstrap.488af026.chunk.min.js
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/thunderbolt-components-registry.762064d9.chunk.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
ae20893c1a0772e61e58c6dc1c1b8c53fcc0036f42d3cccfae475e7117fd99d1

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 10:31:29 GMT
content-encoding
br
age
97473
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
13708
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661769089.3967892779396624257
last-modified
Mon, 29 Aug 2022 09:35:44 GMT
server
Pepyaka/1.19.10
etag
W/"9a799b2fdde399a5850b92f76852eadf"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
357302246 354363345
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
fPOz_jx6I9bbddJn9JeHRgGJt5gJzmlkN0u7DbElfF1whnAdE-2pmw==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciDgmy1x1bk0T2mMblm59aj,aVxMblM8KFG3we5NLvyVcyeTzFUhjLKPB6lD0luXXHcfbJaKSXYQ/lskq2jK6SGP
rb_wixui.thunderbolt~bootstrap-responsive.48eb165c.chunk.min.js
static.parastorage.com/services/editor-elements/dist/
19 KB
7 KB
Script
General
Full URL
https://static.parastorage.com/services/editor-elements/dist/rb_wixui.thunderbolt~bootstrap-responsive.48eb165c.chunk.min.js
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/thunderbolt-components-registry.762064d9.chunk.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.0 /
Resource Hash
4f003b239f4c7212ed823020ec8a067c33a7544209c543bf6b94386b0261dfa6

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 10:31:29 GMT
content-encoding
br
age
97470
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
6736
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661769089.56712421311360621249
last-modified
Mon, 29 Aug 2022 09:35:44 GMT
server
Pepyaka/1.19.0
etag
W/"f7e036aeb47448f0e2055e238f896747"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
412434323 401543392
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
awhS7CZk3ZK8qlMfOiUJFcDu5aXZdz3AwEa5TmOAdtzhKPDSeHXeYA==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchkavE0ZtMXws1mfakihq4B,aVxMblM8KFG3we5NLvyVc0swuQg4e4Ft3RZminzdoKEQXT2AyjWfyxKagyd4/pDD
rb_wixui.thunderbolt[SkipToContentButton].d2ef710e.bundle.min.js
static.parastorage.com/services/editor-elements/dist/
6 KB
3 KB
Script
General
Full URL
https://static.parastorage.com/services/editor-elements/dist/rb_wixui.thunderbolt[SkipToContentButton].d2ef710e.bundle.min.js
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/thunderbolt-components-registry.762064d9.chunk.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
e834e2283fd1bd410d1d23df69ba502a456c21ee677485b434c60a1e8dae716d

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 10:31:29 GMT
content-encoding
br
age
97473
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
2372
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661769089.57381409657703030442
last-modified
Mon, 29 Aug 2022 09:35:44 GMT
server
Pepyaka/1.19.10
etag
W/"c2fbd153ed97458c6cb89e0480e4a626"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
969868039 961585320
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
XrG_RzbKnOCgI41q4kryidZdG67DwDjQyqOKYDH8z7f2rCnh_1QIlg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjEM4kaaS6QH/itsJwI9pla,aVxMblM8KFG3we5NLvyVc1AtKGBpHBVRBa1WzqM3DuAfbJaKSXYQ/lskq2jK6SGP
requirejs.min.js
static.parastorage.com/unpkg/requirejs-bolt@2.3.6/
17 KB
7 KB
Script
General
Full URL
https://static.parastorage.com/unpkg/requirejs-bolt@2.3.6/requirejs.min.js
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/thunderbolt-commons.28da9f19.bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
d5f10f852b112a514a19f2b778eef5d2d1307878757f0a24539c051831cefaf8

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 12:25:19 GMT
content-encoding
gzip
content-type
application/javascript
age
771159
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
6434
access-control-allow-origin
*
x-wix-request-id
1653622122.883694390929218496
last-modified
Thu, 24 Jan 2019 14:24:53 GMT
server
Pepyaka/1.19.10
etag
W/"18823f6a6d208ee1e361bb266ab794d5"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
747028886 711817088
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
x3v9aHZ194C9yT71IZiYH-vD_1ZZ5zhjXeow4wjjOBTwuiyM0mUwKg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciIhzGxulME7YKteYTeCw6C,aVxMblM8KFG3we5NLvyVczEbmANe8Bb4VBvfNWC6jxEeGdLDLXwpLd0CTVHPbfOd
group_1.a4b948af.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
191 KB
43 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/group_1.a4b948af.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.0 /
Resource Hash
45fb40e12580716f312bf21b709f9e4f45e9897f3b58adb375766c5de5184a00

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 09:29:40 GMT
content-encoding
br
age
97877
x-cache-status
MISS
x-cache
Hit from cloudfront
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661765380.92912413017505821249
last-modified
Mon, 29 Aug 2022 09:27:59 GMT
server
Pepyaka/1.19.0
etag
W/"08c159761d61625cb9210b97f1ecfd56"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
398586215
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
rWqTADqX4HLjJa4CWXF6CQlHGiumDWu0BCwVv9bpVHfTczYhl0unlg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchkavE0ZtMXws1mfakihq4B,aVxMblM8KFG3we5NLvyVc0swuQg4e4Ft3RZminzdoKEQXT2AyjWfyxKagyd4/pDD,2iuX5LYwvZa9CoGaG8ZUZgqsM72LknxyIGq7MjJjVJMeqpJFW1tCeKPC+/G/CDoa
PostViewerWidgetNoCss.bundle.min.js
static.parastorage.com/services/communities-blog-ooi/1.483.0/
1 MB
354 KB
Script
General
Full URL
https://static.parastorage.com/services/communities-blog-ooi/1.483.0/PostViewerWidgetNoCss.bundle.min.js
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/unpkg/requirejs-bolt@2.3.6/requirejs.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.0 /
Resource Hash
168fae1dedf02144ce3d19352fd51fca32fae5cbf7974e7e9d16e5c1c299bb3d

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 13:03:30 GMT
content-encoding
br
age
92016
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
361742
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661778210.8981236498013824580
last-modified
Mon, 29 Aug 2022 10:57:35 GMT
server
Pepyaka/1.19.0
etag
W/"1ea525de36f70beeb17258181ca62f26"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
986741327 974044451
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
-3TqXMXI9FQpiZ2UMF-xFiAAgdJlggalja4wRVYm_8KkQYi1BIVVyw==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjV0TBmJ+uLPQ4OZPC1VSMH,aVxMblM8KFG3we5NLvyVc1AtKGBpHBVRBa1WzqM3DuAfbJaKSXYQ/lskq2jK6SGP
c3469b16-ef9c-4241-9cae-6a407778f7e9
https://www.helminfosec.com/
841 B
0
Script
General
Full URL
blob:https://www.helminfosec.com/c3469b16-ef9c-4241-9cae-6a407778f7e9
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/tag-manager-client/1.427.0/siteTags.bundle.min.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0ea1130374e85e9a075eac5e4f7da8616cd61fefbb443f200592606923d8bea3

Request headers

accept-language
da-DK,da;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Length
841
Content-Type
text/javascript;charset=utf-8
e6c9405c-bead-412c-81fe-85d2d3b15a9f
https://www.helminfosec.com/
539 B
0
Script
General
Full URL
blob:https://www.helminfosec.com/e6c9405c-bead-412c-81fe-85d2d3b15a9f
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/tag-manager-client/1.427.0/siteTags.bundle.min.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
97cc95aacf705c6f27e4e5da2d9f6179b7e07e3d1c4e5f42b5148f689c0afd57

Request headers

accept-language
da-DK,da;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Length
539
Content-Type
text/javascript;charset=utf-8
fbevents.js
connect.facebook.net/en_US/
100 KB
27 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.helminfosec.com
URL: blob:https://www.helminfosec.com/e6c9405c-bead-412c-81fe-85d2d3b15a9f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9d98a94c67e6e29d48d55ba2f6b415d0646af7f7313b539697eb53b34ab78c4c
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26668
x-xss-protection
0
pragma
public
x-fb-debug
TWUZdt+k1wfVL4OF6kj8GFQO5bQbTXrUvzlsX86V7G8/WeE7pEKA8G9ZE+b0jL230EiGtvLfgmQSxy/HZr44EQ==
x-fb-trip-id
720026100
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Aug 2022 12:40:58 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

accept-language
da-DK,da;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/webp
truncated
/
34 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
86be52bdb7547413cafb3ed175a806a798c65de98b40849e0b974c47d187de65

Request headers

accept-language
da-DK,da;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/webp
truncated
/
82 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7e41ca21e421f129d3881e345f990027b66c0ab3c5580e549575f9393d117cbd

Request headers

accept-language
da-DK,da;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/webp
truncated
/
90 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1

Request headers

accept-language
da-DK,da;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/webp
bolt-performance
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/bolt-performance
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/main.418fdbe3.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.helminfosec.com/
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:40:58 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
identity.js
connect.facebook.net/signals/plugins/
64 KB
20 KB
Script
General
Full URL
https://connect.facebook.net/signals/plugins/identity.js?v=2.9.78
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d4edbbe1037c50c8ffa90860286c8166860ad9da450ed5e16a28e2fc9bce3c23
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
20715
x-xss-protection
0
pragma
public
x-fb-debug
gSq6eOtZgbKUYJjA70hKOp7xcenXf41LzXz8E6Mqlsue6nUYbgupq7wTf2hFqEm7zgUaIeqsOMeXz2AGz1ieXw==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Aug 2022 12:40:58 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
461115868768641
connect.facebook.net/signals/config/
292 KB
84 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/461115868768641?v=2.9.78&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
91bf7598f1ec28b07895ff9397ec04bbd3e88a3c80f86ce3416236219f31c41c
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
bFCRLbFd6T0IaYGKkmZqXPqnJtdEGZy3eNUbfPLCslaf9EPntYIIUZEOeFk4WjojZcchjurvg7EJJLyYpc4lYg==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Aug 2022 12:40:58 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
297 B
Image
General
Full URL
https://www.facebook.com/tr/?id=461115868768641&ev=PageView&dl=https%3A%2F%2Fwww.helminfosec.com%2Fpost%2Feasy-playbooks-to-make-ransomware-criminals-cry&rl=&if=false&ts=1661863258911&sw=1600&sh=1200&ud[external_id]=c0d6987c68bc47df52f165150cc3fe63453f6284ae65bf3161d98e1425aae5ad&v=2.9.78&r=stable&a=plwix&ec=0&o=30&fbp=fb.1.1661863258910.1284996326&it=1661863258540&coo=false&rqm=GET
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 12:40:59 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Tue, 30 Aug 2022 12:40:59 GMT
debug.ca4ef9a4.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
41 KB
13 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/debug.ca4ef9a4.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
8a17b6508522849ea40202c21a6ffad71c938e1b25a508f320121597a5346d57

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 01:34:40 GMT
content-encoding
gzip
age
53238
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
11980
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661823280.3535974128447115984
last-modified
Mon, 29 Aug 2022 20:53:31 GMT
server
Pepyaka/1.19.10
etag
W/"f0cd348a514da64a9b10c29d181938b4"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
9159691 3196934
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
YYmiZVQ_XaNRv1velbqPUZkMYF_xfY2L3ijSPdIktlImv3FSzZBxBw==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjR6IMkIgDN3dKWLSNjYj0d,aVxMblM8KFG3we5NLvyVczcu59EpmtW9m1QeKn/Zhei8ZDY613cHYLbuhNMgAom1
seo-api.18b963e6.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
34 KB
11 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/seo-api.18b963e6.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.0 /
Resource Hash
e2796a3e80ee2191aad18c605295c6bb4fdb54572ac16d59ba4de47986a1e172

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 13:03:54 GMT
content-encoding
gzip
age
85037
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
10568
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661778234.410124425289381921249
last-modified
Mon, 29 Aug 2022 12:25:25 GMT
server
Pepyaka/1.19.0
etag
W/"f5f4c5d7515c20387ccb988e8cfb4cf8"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
636221193 638551935
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
sqnocDvLcrZsIC9fVF1Q5MspqUaf0Wjp81ox0sFS6-V6aNjFG4Iwhg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchkavE0ZtMXws1mfakihq4B,aVxMblM8KFG3we5NLvyVc7eNHvhCRAbD7EPjVZvQO20fbJaKSXYQ/lskq2jK6SGP
pinit.js
assets.pinterest.com/js/
361 B
448 B
Script
General
Full URL
https://assets.pinterest.com/js/pinit.js
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/communities-blog-ooi/1.483.0/PostViewerWidgetNoCss.bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f700:19e::1931 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

akamai-x-true-ttl
300
content-encoding
br
x-cdn
akamai
etag
"62d32c28f14783b94192cd8d35bc010d"
vary
Accept-Encoding, Origin
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-max-age
86400
cache-control
max-age=286
accept-ranges
bytes
content-length
203
access-control-expose-headers
X-CDN
6832.chunk.min.js
static.parastorage.com/services/communities-blog-ooi/459f4ae0818113e5e4c41c7eb52dd40a8d17326b010c0b25dc60b01f/client/
37 KB
10 KB
Script
General
Full URL
https://static.parastorage.com/services/communities-blog-ooi/459f4ae0818113e5e4c41c7eb52dd40a8d17326b010c0b25dc60b01f/client/6832.chunk.min.js
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/communities-blog-ooi/1.483.0/PostViewerWidgetNoCss.bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
66b4b5b83e7a0bd6e8d55e193176c54992224230a550c28358b5e062c52cc062

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 13:03:32 GMT
content-encoding
br
age
92427
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
9294
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661778212.1786430804103522520
last-modified
Fri, 26 Aug 2022 07:38:44 GMT
server
Pepyaka/1.19.10
etag
W/"47fc1034c9362cae7618684604c9af8b"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
243504879 226991455
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
0V2qf23t8vUo-CDzhOVCsL95IzRFnXcD6D8wuA_BLir_u49_rTVCTQ==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjBLy8P45DoDO4LnRm+zqsP,aVxMblM8KFG3we5NLvyVcyzve4L4qo9dv8TvlcgmZhMQXT2AyjWfyxKagyd4/pDD
index
engage.wixapps.net/chat-widget-server/renderChatWidget/ Frame 8A10
21 KB
10 KB
Document
General
Full URL
https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/unpkg/react-dom@16.14.0/umd/react-dom.production.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.230.60.101 , United States, ASN58182 (WIX_COM, IL),
Reverse DNS
unalocated.60.wixsite.com
Software
Pepyaka/1.19.10 /
Resource Hash
da455f67c2ee2a34225cccd1c5b85e5c04736b4c2e622c2aee9b9e4e1b28bb93
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.helminfosec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
da-DK,da;q=0.9

Response headers

cache-control
no-store, no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 30 Aug 2022 12:41:00 GMT
etag
W/"5491-9VRgnag6d4/qN4TTnPlXp+MPXSk"
pragma
no-cache
server
Pepyaka/1.19.10
vary
Accept-Encoding
x-content-type-options
nosniff
x-recruiting
Want to build world class business chat product that's used by millions of users? Join our AMAZING team! Visit us at https://www.wix.com/jobs/search?val=crm
x-seen-by
m0j2EEknGIVUW/liY8BLLlPVSO1QPQ7KlY+JzrfjmCIMbwluI1yUDJty9McxOlfY,rXUceJIlvIg2Ftogbhjv0NCUk13U1uc2q/OkZYzdHtFhKezQ9kR7lxm4UoO5uGxlhBcmxbMvc+FZp56e10byNg==,osV03DUdKaEVOGwoQFgPYhvIUw2+IfZ1EFdC+uei9D8=,Odrt8F1EDvjOxRVUPESA59MalVSH6ZfRG1S26Lmtzz6WeZLZMOcnjYg39lOeDvnrBErBacRDHWK+eBBKy2SNNQ==,sQ19iEk473qMiaixh4sATsrnTHzDAHiAbdZTtlH/GQo=,sQ19iEk473qMiaixh4sATl9M3gnOTE5hjrlDRz93yAc=,Tj5BxVkCjhX6S7vFNevVZQuGwVfZcY0FunOqfsiLjlTu+YjqixwWgsCZhlWDYOwmhP2kQzAqyHXQEZRJMf7p+w==,mvxQ9qSAmY38asKjFCcmGwG1UHr7gNm4NCZa/dtNLqGb0T3tBJYxw08itsoge8bsya3KZnrCwllKpWuKGzsK5w==,sQ19iEk473qMiaixh4sATiW2qrbPHIY4j3FQKSupp1A=,sQ19iEk473qMiaixh4sATkC2YEZvFOVqrS4zAmo1ckg=,LlHHrtdZwfqSTe7u8ayFI5AY9Pne5w8lU9WREf/s/yvOKDW3fwupx2YY7kH2hZTpeZR32dm6EjkzTGVcDQOjqg==,sQ19iEk473qMiaixh4sATsIxJR45f/XvDPmCN3AfjTA=,Tj5BxVkCjhX6S7vFNevVZQuGwVfZcY0FunOqfsiLjlTeQlyO0riFWmXRNqye3PVzIPDISi7h3Uf+vTLxu62NZQ==,sQ19iEk473qMiaixh4sATryndqhpLmFZX/yfndUrr1c=,54sIEWKMiveDgi8EJdej73BveG4RbDO8syvMYyVzo8yXBLj6dmDRqfg6t5eNrQuhLJmG4TxihDUR3B0fMRtHEQ==,sQ19iEk473qMiaixh4sATpuCd/bBH9SJrBd5R+cDlmI=,NrLb3i/xpYXJ2OAS5Ls5Whk5Jynkz+67POAYmxVjjccjVHoeB4PwDdlBLw5uhk+K6G8vyzuUMk1O/KFEYnormQ==,sQ19iEk473qMiaixh4sATg/cZH+1KCfv3tb2Uwp5nOQ=,xcng7sTk3ADdZYw5QlZiWtWzsbnWcDwd7yZ3Rjgd2mRXDsopUCRumGKHR0A+q6D0rcknZJMgHgKRkZXrNuKeIQ==,sQ19iEk473qMiaixh4sATo+a7Zua2WS4M7GV4Yx3tTI=,xyDs8lRxScsatwnhQNE9m2/xX+OPJ6KlTtDVQdBp43Oo/77IPBUvgurx0/osZ3H9EBoAZLE2gaTrHFPfEGpIqA==,sQ19iEk473qMiaixh4sATp8A9F4TRL1bwPQfYpXedEs=,usbcJ0TaYuuW7QwdEBP2al131HQ4rbbPpi5JuQgHl8h9FkMEnd2lmjdBywX4tuYoPYQUqGOPa5kOrIF2w+rg1A==,J1YhAWlcwZX0sh0bHV0MaGerxxuqOGjzEvNGZg/iVFQ=
x-wix-request-id
1661863259.5615799884417117238
event
www.helminfosec.com/_serverless/analytics-reporter/facebook/
0
0
Fetch
General
Full URL
https://www.helminfosec.com/_serverless/analytics-reporter/facebook/event
Requested by
Host: www.helminfosec.com
URL: blob:https://www.helminfosec.com/c3469b16-ef9c-4241-9cae-6a407778f7e9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:d3a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
X-XSRF-TOKEN
1661863257|5oga6xeoIFj6
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Tue, 30 Aug 2022 12:40:59 GMT
x-content-type-options
nosniff
x-wix-request-id
1661863259.2177208525621207
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXL9kK1JLkqm%2FHwt9j%2BkYKzWlrPHItu5nZmSncLRzcb1bdpjx8PrGvdvvDxOpkAWolwupPJQS8w%2FgG1FDMnId%2F8qyK1petp6QpYhLR9ppu1jV%2FHsFEkVzrBoX4KA4pbmSKGuskAsrvLuqKrqZeV%2BL6qK"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
cf-cache-status
DYNAMIC
cache-control
no-store, no-cache
cf-ray
742d991a0d609c01-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
x-seen-by
sHU62EDOGnH2FBkJkG/Wx8EeXWsWdHrhlvbxtlynkVi9aOWSBHyDFXM/Zj+enzZw,qquldgcFrj2n046g4RNSVJu5ErIsUmUN39d9jOoRfIY=,qYxvFa0bBL43z6b6TutC4fSbKlR1zjx/6PfEmrl1nmOdCvk7aRzdXJKD0G50kUFdjc37NwwQ1vj8t8h2iS0ixQ==,7npGRUZHWOtWoP0Si3wDp5RGmsanLSanOJwok8YV02Q=,sQ19iEk473qMiaixh4sATpqEf5xvKbED/rQ2JYDKwGg=,DKaYb9V1YZljvGEuC2lAWbMqZr09HQ2ULLoj/2eCSpSYWw78PW6bGdcXnzmIbRbyZQ7jWCTRXREQKbmYTzH2zr+h39WiEYNb1e9deRrORXc=
ugc-viewer
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/ugc-viewer?_msid=03d335bf-064f-438c-8863-fee14f7e7b64&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250&_av=thunderbolt-1.10845.0&isb=true&isbr=plugins-extra&_brandId=wix&_siteBranchId=undefined&_ms=2042&_lv=2.0.985%7CC&_mt_instance=pznBQH5Gkhi71ZdRxQlanD6xvwJANDzgSrvWcwGiveI.eyJpbnN0YW5jZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0IiwiYXBwRGVmSWQiOiIyMmJlZjM0NS0zYzViLTRjMTgtYjc4Mi03NGQ0MDg1MTEyZmYiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsInNpdGVPd25lcklkIjoiYTg3OTYwYzItZGVkNS00MmQ4LWE0MjItMGIxMjhjZDRiOGRmIn0&_visitorId=21f2ff3d-fa77-4b67-8c2d-8caf40d78b4f&_siteMemberId=undefined&bsi=941de264-67d1-4894-b1d9-4fdb80091796%7C1&appId=14517e1a-3ff0-af98-408e-2bd6953c36a2&widget_id=14517f3f-ffc5-eced-f592-980aaa0bbb5c&instance_id=comp-l0uxga0g&src=42&evid=642&tts=2042&pid=ugenx&pn=1&_isca=1&_iscf=1&_ispd=0&_ise=0&_=16618632591801
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/main.418fdbe3.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:40:59 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
pa
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/pa?_msid=03d335bf-064f-438c-8863-fee14f7e7b64&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250&_av=thunderbolt-1.10845.0&isb=true&isbr=plugins-extra&_brandId=wix&_siteBranchId=undefined&_ms=2058&_lv=2.0.985%7CC&_mt_instance=pznBQH5Gkhi71ZdRxQlanD6xvwJANDzgSrvWcwGiveI.eyJpbnN0YW5jZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0IiwiYXBwRGVmSWQiOiIyMmJlZjM0NS0zYzViLTRjMTgtYjc4Mi03NGQ0MDg1MTEyZmYiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsInNpdGVPd25lcklkIjoiYTg3OTYwYzItZGVkNS00MmQ4LWE0MjItMGIxMjhjZDRiOGRmIn0&_visitorId=21f2ff3d-fa77-4b67-8c2d-8caf40d78b4f&_siteMemberId=undefined&bsi=941de264-67d1-4894-b1d9-4fdb80091796%7C1&src=76&evid=1109&pid=ugenx&pn=1&viewer=TB&pt=TPA&pa=&pti=post&uuid=a87960c2-ded5-42d8-a422-0b128cd4b8df&url=https%3A%2F%2Fwww.helminfosec.com%2Fpost%2Feasy-playbooks-to-make-ransomware-criminals-cry&ref=&bot=true&bl=en-US&pl=en-US%2Cen&_isca=1&_iscf=1&_ispd=0&_ise=0&_=16618632591812
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/main.418fdbe3.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:40:59 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
event
www.helminfosec.com/_serverless/analytics-reporter/facebook/
0
0
Fetch
General
Full URL
https://www.helminfosec.com/_serverless/analytics-reporter/facebook/event
Requested by
Host: www.helminfosec.com
URL: blob:https://www.helminfosec.com/c3469b16-ef9c-4241-9cae-6a407778f7e9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:d3a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
X-XSRF-TOKEN
1661863257|5oga6xeoIFj6
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Tue, 30 Aug 2022 12:40:59 GMT
x-content-type-options
nosniff
x-wix-request-id
1661863259.22683676996210067
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wFn%2BEuhifbXqHaLLZzovXs2V1A9KYZzNjGMezeTDuGOORbspUyQGn7M1MkzeJgPF4I5KaK6R1BMbE4Z2izJU68TPMKJbVnvPwFPROOIffORhvoacULiZJB15UUZS8AgMwOTc0Jtbmx%2FoVjqXYFbaTAS"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
cf-cache-status
DYNAMIC
cache-control
no-store, no-cache
cf-ray
742d991a1d7e9c01-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
x-seen-by
sHU62EDOGnH2FBkJkG/Wx8EeXWsWdHrhlvbxtlynkViDJy0wWxs/TI/sjvPYKzcz,qquldgcFrj2n046g4RNSVD9afXLLL4YLJMcUpB+/QLk=,qYxvFa0bBL43z6b6TutC4QkzayXZNbiVo5PENo6CXZR3v3eMBcH2rLdOWL9l7WqXoox33A4l51N6TL6QJkFpGw==,7npGRUZHWOtWoP0Si3wDp/72pZ88lRdKSO4Qopy8RuU=,sQ19iEk473qMiaixh4sATvyOid69p4OQgpW1FjZv57g=,DKaYb9V1YZljvGEuC2lAWbMqZr09HQ2ULLoj/2eCSpSYWw78PW6bGdcXnzmIbRbyp04U6g4THL4Fdh2auS7Rw914RLQLeCpvx8nvWZkSxmw=
bt
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/bt?src=29&evid=3&viewer_name=thunderbolt&caching=hit,hit&dc=84&et=33&event_name=page%20interactive&is_cached=true&is_platform_loaded=0&is_rollout=0&ism=1&isp=0&isjp=true&iss=1&ita=1&msid=03d335bf-064f-438c-8863-fee14f7e7b64&pid=ugenx&pn=1&sar=1600x1200&sessionId=180c76f9-db55-492f-b501-2a7edd1565e7&siterev=238-__siteCacheRevision__&sr=1600x1200&st=2&ts=1653&tts=2071&url=https%3A%2F%2Fwww.helminfosec.com%2Fpost%2Feasy-playbooks-to-make-ransomware-criminals-cry&v=1.10845.0&vid=21f2ff3d-fa77-4b67-8c2d-8caf40d78b4f&bsi=941de264-67d1-4894-b1d9-4fdb80091796|1&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250&wor=1600x1200&wr=1600x1200&_brandId=wix
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:40:59 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
static-page-v2-index.f3bd7b73.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
2 KB
2 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/static-page-v2-index.f3bd7b73.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
de115023a6634323bcfdc2c38dac8713b9acac3a62a0c6d42297d593167f9ad7

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 13:03:57 GMT
content-encoding
gzip
age
85041
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
1049
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661778237.9408163334447930445
last-modified
Mon, 29 Aug 2022 12:25:25 GMT
server
Pepyaka/1.19.10
etag
W/"e4ab7fd0d641c24bd9da5e8151db2b98"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
637288713 637449500
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
Uv9dk9yZUKcAcf0kgjBnegxRKNM8k-T93UtaIrWqIpgjn04lbtVFYA==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjEM4kaaS6QH/itsJwI9pla,aVxMblM8KFG3we5NLvyVc7eNHvhCRAbD7EPjVZvQO20fbJaKSXYQ/lskq2jK6SGP
rich-editor
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/rich-editor?container=Blog&container_id=14bcded7-0066-7c35-14d7-466cb3f09103&container_platform=Livesite&container_usage=Post&post_id=879bda45-6d4a-4d00-8f07-8bc87189acd7&rce_session_id=bed45307-cdd5-47c2-a41a-ada16377ddad&msid=03d335bf-064f-438c-8863-fee14f7e7b64&wixRicosVersion=2.1338.0&_brandId=wix&_siteBranchId=undefined&_ms=2144&_lv=2.0.985%7CC&src=116&evid=15&preview=false&postURL=https%3A%2F%2Fwww.helminfosec.com%2Fpost%2Feasy-playbooks-to-make-ransomware-criminals-cry&version=8.72.29&content_id=9358d68f-0afb-4aae-a312-2ee8fc722c11&pluginsCount=%7B%22LINK%22%3A1%2C%22wix-draft-plugin-file-upload%22%3A2%7D&_isca=1&_iscf=1&_ispd=0&_ise=0&_=16618632592650
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/communities-blog-ooi/459f4ae0818113e5e4c41c7eb52dd40a8d17326b010c0b25dc60b01f/client/6832.chunk.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:40:59 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
Facebook.png
static.wixstatic.com/media/0fdef751204647a3bbd7eaa2827ed4f9.png/v1/fill/w_20,h_20,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/
398 B
421 B
Image
General
Full URL
https://static.wixstatic.com/media/0fdef751204647a3bbd7eaa2827ed4f9.png/v1/fill/w_20,h_20,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/Facebook.png
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
7282a119cf5a315a84c5dcfd7c2bf290e9be64b2e3eeb15295c4ff20138e9e7c

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 24 Aug 2022 06:00:19 GMT
via
1.1 google
server
openresty/1.21.4.1
age
542440
wix-tracer
2Dn33Ap0s7t4Po9nx5qkhJJ0uYh
etag
""
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2592000, immutable
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
398
x-seen-by
image-manipulator-556498cf55-f7j2n
Twitter.png
static.wixstatic.com/media/c7d035ba85f6486680c2facedecdcf4d.png/v1/fill/w_20,h_20,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/
474 B
497 B
Image
General
Full URL
https://static.wixstatic.com/media/c7d035ba85f6486680c2facedecdcf4d.png/v1/fill/w_20,h_20,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/Twitter.png
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
afe7148e81e6a4c4f127929f1cb7d72b6c41e39220c887f5886a84a15714e7c8

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 24 Aug 2022 10:52:50 GMT
via
1.1 google
server
openresty/1.21.4.1
age
524889
wix-tracer
2DnccnpdWommUV7wbF3f9M4bZ6t
etag
""
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2592000, immutable
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
474
x-seen-by
image-manipulator-556498cf55-lzvwz
LinkedIn.png
static.wixstatic.com/media/6ea5b4a88f0b4f91945b40499aa0af00.png/v1/fill/w_20,h_20,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/
456 B
479 B
Image
General
Full URL
https://static.wixstatic.com/media/6ea5b4a88f0b4f91945b40499aa0af00.png/v1/fill/w_20,h_20,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/LinkedIn.png
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
8a47fdc07d5fec4645f35ec4907491677991e5adc8efdd9dcbe27ffe0cbf3a5b

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 08 Aug 2022 09:47:11 GMT
via
1.1 google
server
openresty/1.21.4.1
age
1911228
wix-tracer
2D4IfI9td4n2f6c9ICjyQsZCe3M
etag
""
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2592000, immutable
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
456
x-seen-by
image-manipulator-556498cf55-xt874
pinit_main.js
assets.pinterest.com/js/
66 KB
19 KB
Script
General
Full URL
https://assets.pinterest.com/js/pinit_main.js?0.5868177591738937
Requested by
Host: assets.pinterest.com
URL: https://assets.pinterest.com/js/pinit.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f700:19e::1931 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
20f0315c97ff7007f2e7a94d659e094a7efc01b8306da53987538c1101489e0e

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

akamai-x-true-ttl
300
content-encoding
br
x-cdn
akamai
etag
"3725764cf05d1a0938de73d398772331"
vary
Accept-Encoding, Origin
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-max-age
86400
cache-control
max-age=156
accept-ranges
bytes
content-length
18679
access-control-expose-headers
X-CDN
blog-post-index.f5d93299.chunk.min.js
static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/
8 KB
4 KB
Script
General
Full URL
https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/blog-post-index.f5d93299.chunk.min.js
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
b47baa9e0c4753d87d442f21a302e4fcda6a1c8f5d5c64f3ac8993b7bc49706d

Request headers

Referer
https://www.helminfosec.com/
Origin
https://www.helminfosec.com
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 13:03:58 GMT
content-encoding
gzip
age
85035
x-cache-status
MISS
x-cache
Hit from cloudfront
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661778238.5697914015015724257
last-modified
Mon, 29 Aug 2022 12:25:24 GMT
server
Pepyaka/1.19.10
etag
W/"5f2b3a216feb2afa1ba52fa73c130eac"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
242632381
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
05viYrn4gc0ekrhoTk4NqnwrWofTRHPI0sTaGij1xuDrzcZdqJNPJA==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciDgmy1x1bk0T2mMblm59aj,aVxMblM8KFG3we5NLvyVcyzve4L4qo9dv8TvlcgmZhMQXT2AyjWfyxKagyd4/pDD,2iuX5LYwvZa9CoGaG8ZUZomYmPgSwc4aU7J40H7VRoqj9dBflAyFvPAD2t41Gwlp
/
www.facebook.com/tr/ Frame DB05
0
18 B
Document
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.helminfosec.com
Referer
https://www.helminfosec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
da-DK,da;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.helminfosec.com
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Tue, 30 Aug 2022 12:40:59 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
bolt-performance
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/bolt-performance
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/main.418fdbe3.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.helminfosec.com/
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:40:59 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
polyfill.min.js
static.parastorage.com/polyfill/v3/ Frame 8A10
101 B
832 B
Script
General
Full URL
https://static.parastorage.com/polyfill/v3/polyfill.min.js?features=Intl.~locale.en,default,es6,es7,es2017,es2018,es2019,IntersectionObserver&flags=gated&unknown=polyfill&rum=0
Requested by
Host: engage.wixapps.net
URL: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Request headers

Referer
https://engage.wixapps.net/
Origin
https://engage.wixapps.net
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 28 Aug 2022 07:58:48 GMT
content-encoding
gzip
age
189732
x-cache
Hit from cloudfront
useragent_normaliser
chrome/104.0.0
content-length
113
access-control-allow-origin
*
x-wix-request-id
1661673528.6133657953699429320
last-modified
Wed, 24 Aug 2022 04:56:31 GMT
server
Pepyaka/1.19.10
vary
User-Agent
access-control-allow-methods
GET,HEAD,OPTIONS, GET, OPTIONS, POST
content-type
text/javascript; charset=utf-8
via
1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
4SmOvV4SvwleKTD-Wtgz38RMNppbm6UnnEhfXpSAAkFZAXrXjIonlw==
x-seen-by
2iuX5LYwvZa9CoGaG8ZUZjb5j8fWnvnycWNmjdvR377phZyVl/yss0fRH5zgO+9v
sentry-lazy-load.js
static.parastorage.com/services/chat-widget/1.2357.0/assets/ Frame 8A10
2 KB
2 KB
Script
General
Full URL
https://static.parastorage.com/services/chat-widget/1.2357.0/assets/sentry-lazy-load.js
Requested by
Host: engage.wixapps.net
URL: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.0 /
Resource Hash
8e3eed9703ab5ce126cfa0e19d7ab2785df27bc2a8f64740348868bd09ad34d8

Request headers

Referer
https://engage.wixapps.net/
Origin
https://engage.wixapps.net
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 13:09:12 GMT
content-encoding
br
age
84709
x-cache-status
MISS
x-cache
Hit from cloudfront
content-length
894
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661778552.2441236575079054580
last-modified
Mon, 29 Aug 2022 13:04:36 GMT
server
Pepyaka/1.19.0
etag
W/"b93ff6ef835ea84b7998db3a1dd4c4dd"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
920132823
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
4KBiRqqxj7itL4f9YqM39aKSBr4DCjJnTP82LbJcxDHzaVHhlSGDDg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjV0TBmJ+uLPQ4OZPC1VSMH,aVxMblM8KFG3we5NLvyVcwnP9a1Ia0LRvqhhntyPznoQXT2AyjWfyxKagyd4/pDD,2iuX5LYwvZa9CoGaG8ZUZgqsM72LknxyIGq7MjJjVJPCifhrzEvF3Uo1RRJ0RM54
fedops-logger.bundle.min.js
static.parastorage.com/unpkg-semver/fedops-logger@5/ Frame 8A10
79 KB
20 KB
Script
General
Full URL
https://static.parastorage.com/unpkg-semver/fedops-logger@5/fedops-logger.bundle.min.js
Requested by
Host: engage.wixapps.net
URL: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
c964a5050ebe35bf06b2587f41e0a06bdb57beca8199deaf47ffd1bf33c5fbab

Request headers

Referer
https://engage.wixapps.net/
Origin
https://engage.wixapps.net
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 12:20:57 GMT
content-encoding
gzip
content-type
application/javascript
age
1204
x-cache-status
HIT
x-cache
Hit from cloudfront
access-control-max-age
3000
content-length
19864
access-control-allow-origin
*
x-wix-request-id
1661851248.44937542707991629320
last-modified
Tue, 30 Aug 2022 05:26:18 GMT
server
Pepyaka/1.19.10
etag
W/"7e21cc162b7a25176658b77a7519bf9b"
vary
Accept-Encoding
access-control-allow-methods
GET, GET, OPTIONS, POST
x-varnish
96849891 93317840
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cache-control
public, max-age=1800
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
0QSNktJOEv7aFmvUXKydGv7nJGL9GmOsye2LptGeKRyvA1n2TsOY_g==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchsyoANA5L58iE/4UOTdE0x,aVxMblM8KFG3we5NLvyVc7BqDNFHAXxDhnSr3nbzCBC8ZDY613cHYLbuhNMgAom1
languages.css
static.parastorage.com/services/santa-resources/resources/viewer/user-site-fonts/v8/ Frame 8A10
148 KB
22 KB
Stylesheet
General
Full URL
https://static.parastorage.com/services/santa-resources/resources/viewer/user-site-fonts/v8/languages.css
Requested by
Host: engage.wixapps.net
URL: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
34d07529ea600ab692d6bb7a96d1d418acbd524a29114b8068dda873b51b37ca

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://engage.wixapps.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 20 Aug 2022 20:01:39 GMT
content-encoding
gzip
age
837561
x-cache-status
MISS
x-cache
Hit from cloudfront
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
timing-allow-origin
*
x-varnish
1005475972
x-wix-request-id
1661025698.97053153585193932
last-modified
Fri, 22 Jul 2022 10:32:04 GMT
server
Pepyaka/1.19.10
etag
W/"7353491e636a61c85ca4211e3a7f0cf6-1"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-amz-version-id
d_WDtZVFcR2bRgVtDniBhB431G00A9Uv
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
text/css
access-control-allow-origin
*
x-amz-cf-id
fDJ0grvRDYkbg8VLGZ7hkzuRNiB5Q8Eki0-ltADMk82h3hzr0htuxg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciuywJq1k3i9boDUht6MLw5,aVxMblM8KFG3we5NLvyVczcu59EpmtW9m1QeKn/Zhei8ZDY613cHYLbuhNMgAom1,2iuX5LYwvZa9CoGaG8ZUZomYmPgSwc4aU7J40H7VRopj8Q5G/Ose159xWYwpIkYm
fontFace.css
static.parastorage.com/services/third-party/fonts/Helvetica/ Frame 8A10
14 KB
4 KB
Stylesheet
General
Full URL
https://static.parastorage.com/services/third-party/fonts/Helvetica/fontFace.css
Requested by
Host: engage.wixapps.net
URL: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
9cd04d1a84368fa539b48cc09d3721091127b9eb2858ff5e4863d6c127ccedae

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://engage.wixapps.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-version-id
WeoPV8OPw8UQocVJiZwVeWZ26II363jN
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
age
1200054
x-cache-status
HIT
x-cache
Hit from cloudfront
date
Tue, 30 Aug 2022 12:25:16 GMT
content-encoding
br
timing-allow-origin
*
x-wix-request-id
1653998082.6729402037032418496
last-modified
Tue, 17 Apr 2018 11:38:08 GMT
server
Pepyaka/1.19.10
etag
W/"338855569759ca44a0734ec4435bcbd0"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
732925823 651171913
access-control-allow-origin
*
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
PGw5XNlcIr411gMiQ5MkI9xvxI17t5G4yKvYQ95GylPfeKuQ2Rxphw==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciIhzGxulME7YKteYTeCw6C,aVxMblM8KFG3we5NLvyVc1jYNdX5iXQWX+OiINkuR/e8ZDY613cHYLbuhNMgAom1
chat-widget.min.css
static.parastorage.com/services/chat-widget/1.2357.0/ Frame 8A10
4 KB
2 KB
Stylesheet
General
Full URL
https://static.parastorage.com/services/chat-widget/1.2357.0/chat-widget.min.css
Requested by
Host: engage.wixapps.net
URL: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
180d5cd83ed473eafc66150e50efd5560c99a7f41b8c86d375489ff5652be5ed

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://engage.wixapps.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 13:09:12 GMT
content-encoding
br
age
84708
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
1304
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661778552.2458164106140530443
last-modified
Mon, 29 Aug 2022 13:04:36 GMT
server
Pepyaka/1.19.10
etag
W/"4fade559ef6fd3d67aac3fe6a06327af"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
446028879 446063966
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
text/css; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
i9pzMzj2_dWAxED5rMZwly3HKH4A6qjrnGyOJs7E2ulbx0NLD1uBhg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjEM4kaaS6QH/itsJwI9pla,aVxMblM8KFG3we5NLvyVc0swuQg4e4Ft3RZminzdoKEQXT2AyjWfyxKagyd4/pDD
wix-private.min.js
static.parastorage.com/services/js-sdk/1.640.0/js/ Frame 8A10
117 KB
29 KB
Script
General
Full URL
https://static.parastorage.com/services/js-sdk/1.640.0/js/wix-private.min.js
Requested by
Host: engage.wixapps.net
URL: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
b81d72275a74a94b4a823dc485fbf64fa3dcfc6ba99b6fda4729ac07abe82408

Request headers

Referer
https://engage.wixapps.net/
Origin
https://engage.wixapps.net
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 22:24:59 GMT
content-encoding
gzip
age
1708781
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
28622
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1660256699.34949205147401932
last-modified
Sun, 08 Nov 2020 07:08:58 GMT
server
Pepyaka/1.19.10
etag
W/"f0ee83ed8cfedb52f420dcf9b35c5f55"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
180877506 73902410
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
zF956T5Aa1HdfOARmmtpeDavQidxZm9Tfht_QfWsMOFXLpng5Icufw==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciuywJq1k3i9boDUht6MLw5,aVxMblM8KFG3we5NLvyVc2240yoD0MlMpM73djr11roeGdLDLXwpLd0CTVHPbfOd
react.production.min.js
static.parastorage.com/unpkg/react@16.8.3/umd/ Frame 8A10
12 KB
6 KB
Script
General
Full URL
https://static.parastorage.com/unpkg/react@16.8.3/umd/react.production.min.js
Requested by
Host: engage.wixapps.net
URL: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
6f527dde8b4edc9d347102fcb41e17d26cf00aff727693ea9140f7fc2a298842

Request headers

Referer
https://engage.wixapps.net/
Origin
https://engage.wixapps.net
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 22:24:59 GMT
content-encoding
gzip
age
1714014
x-cache-status
HIT
x-cache
Hit from cloudfront
access-control-max-age
3000
content-length
4883
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1660256699.32549205147421932
last-modified
Fri, 22 Feb 2019 16:50:36 GMT
server
Pepyaka/1.19.10
etag
W/"698114f22db5a3585658c1c2489be390"
vary
Accept-Encoding
access-control-allow-methods
GET, GET, OPTIONS, POST
x-varnish
282368155 221550257
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
RVFg49DUQ0sFrnEq7KizglelWo6eWG-sEZY2BeO1viiNRiuPC3JBPA==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrciuywJq1k3i9boDUht6MLw5,aVxMblM8KFG3we5NLvyVczEbmANe8Bb4VBvfNWC6jxEeGdLDLXwpLd0CTVHPbfOd
react-dom.production.min.js
static.parastorage.com/unpkg/react-dom@16.8.3/umd/ Frame 8A10
105 KB
35 KB
Script
General
Full URL
https://static.parastorage.com/unpkg/react-dom@16.8.3/umd/react-dom.production.min.js
Requested by
Host: engage.wixapps.net
URL: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
07fee28413513b371da11925d4d94acc6be36694299784ad51ba8af2c519c5b1

Request headers

Referer
https://engage.wixapps.net/
Origin
https://engage.wixapps.net
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 22:24:59 GMT
content-encoding
gzip
age
1707906
x-cache-status
HIT
x-cache
Hit from cloudfront
access-control-max-age
3000
content-length
34745
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1660256699.2712808755697329320
last-modified
Fri, 22 Feb 2019 16:50:36 GMT
server
Pepyaka/1.19.10
etag
W/"84ec5322ba3b6dff3fca9a71832e3f1d"
vary
Accept-Encoding
access-control-allow-methods
GET, GET, OPTIONS, POST
x-varnish
282346294 224520488
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
0vE9JNR2O7b1xx_W6LkksaDatEdYyUh0YGujnSuJCtWDvgCe3XexkA==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchsyoANA5L58iE/4UOTdE0x,aVxMblM8KFG3we5NLvyVczEbmANe8Bb4VBvfNWC6jxEeGdLDLXwpLd0CTVHPbfOd
i18next.min.js
static.parastorage.com/unpkg/i18next@10.6.0/dist/umd/ Frame 8A10
35 KB
11 KB
Script
General
Full URL
https://static.parastorage.com/unpkg/i18next@10.6.0/dist/umd/i18next.min.js
Requested by
Host: engage.wixapps.net
URL: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
72223c5f23a10723f6ae2edf55b04cc2440ae2957e35119bc0a21b96ddb09715

Request headers

Referer
https://engage.wixapps.net/
Origin
https://engage.wixapps.net
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 14 Aug 2022 23:51:55 GMT
content-encoding
gzip
age
1356060
x-cache-status
HIT
x-cache
Hit from cloudfront
access-control-max-age
3000
content-length
10083
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1660521115.1912938468806129320
last-modified
Wed, 13 Jun 2018 09:40:37 GMT
server
Pepyaka/1.19.10
etag
W/"3152a9e48e25a997a7b261be5209854d"
vary
Accept-Encoding
access-control-allow-methods
GET, GET, OPTIONS, POST
x-varnish
967928390 961687556
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
C9ookMn8JhTPb1ofuAtGc9cql09OQdqKyWF5rVjAa60Rvry-QNR6gQ==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchsyoANA5L58iE/4UOTdE0x,aVxMblM8KFG3we5NLvyVc1jYNdX5iXQWX+OiINkuR/e8ZDY613cHYLbuhNMgAom1
moment.min.js
static.parastorage.com/unpkg/moment@2.22.2/min/ Frame 8A10
50 KB
17 KB
Script
General
Full URL
https://static.parastorage.com/unpkg/moment@2.22.2/min/moment.min.js
Requested by
Host: engage.wixapps.net
URL: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
0aeb4ecf1091b9c52c9fa0ba4dc118b1abafbd88a51278935e574f6baff0bb49

Request headers

Referer
https://engage.wixapps.net/
Origin
https://engage.wixapps.net
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 24 Aug 2022 00:25:16 GMT
content-encoding
gzip
age
640049
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
16776
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661300716.4913390886372129321
last-modified
Tue, 05 Jun 2018 15:17:17 GMT
server
Pepyaka/1.19.10
etag
W/"8999b8b5d07e9c6077ac5ac6bc942968"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
733436622 682701084
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
FdKbgk2iPD2nA15oD6D85TAGpSIr6bgzmvVmVdyyc0irNx8Z5xag2Q==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchsyoANA5L58iE/4UOTdE0x,aVxMblM8KFG3we5NLvyVczEbmANe8Bb4VBvfNWC6jxEeGdLDLXwpLd0CTVHPbfOd
chat-widget.bundle.min.js
static.parastorage.com/services/chat-widget/1.2357.0/ Frame 8A10
376 KB
96 KB
Script
General
Full URL
https://static.parastorage.com/services/chat-widget/1.2357.0/chat-widget.bundle.min.js
Requested by
Host: engage.wixapps.net
URL: https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
a477718a0c18dab93d52ba635655e0de3fdc362a53ed71d3371ac5a28084b725

Request headers

Referer
https://engage.wixapps.net/
Origin
https://engage.wixapps.net
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 13:09:12 GMT
content-encoding
br
age
84709
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
97037
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661778552.3416431636709622521
last-modified
Mon, 29 Aug 2022 13:04:36 GMT
server
Pepyaka/1.19.10
etag
W/"5e587352f0820f497ad611377876212d"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
538835871 543565853
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
VDaJi_hb_cuxsRmQ0VHtaWaopuXN-xY5JpJZ9gXFHq5ukQG7x-rfHA==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjBLy8P45DoDO4LnRm+zqsP,aVxMblM8KFG3we5NLvyVc5U6nDV0Sthqh2jmVbYx0F4QXT2AyjWfyxKagyd4/pDD
fed
frog.wix.com/ Frame 8A10
0
255 B
Ping
General
Full URL
https://frog.wix.com/fed?appName=chat-widget&src=72&evid=14&session_id=8bc66297-88b6-420d-bc1b-0e0a415ea4ad&_=0.7869360117750663&is_rollout=false
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/unpkg-semver/fedops-logger@5/fedops-logger.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://engage.wixapps.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://engage.wixapps.net
date
Tue, 30 Aug 2022 12:41:00 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
97uahxiqZRoncBaCEI3aW1tXRa8TVwTICgirnJhmVJw.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8A10
22 KB
22 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/97uahxiqZRoncBaCEI3aW1tXRa8TVwTICgirnJhmVJw.woff2
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/santa-resources/resources/viewer/user-site-fonts/v8/languages.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1f03b3082883c94de09ea4c0b38092a45f2f7ca60c14889818a3e19057da34b8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://static.parastorage.com/
Origin
https://engage.wixapps.net
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 14:10:53 GMT
x-content-type-options
nosniff
age
599407
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22116
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:01 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 23 Aug 2023 14:10:53 GMT
real-time-tokens
engage.wixapps.net/_api/chat-web/v1/ Frame 8A10
1 KB
1 KB
XHR
General
Full URL
https://engage.wixapps.net/_api/chat-web/v1/real-time-tokens
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/chat-widget/1.2357.0/chat-widget.bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.230.60.101 , United States, ASN58182 (WIX_COM, IL),
Reverse DNS
unalocated.60.wixsite.com
Software
Pepyaka/1.19.10 /
Resource Hash
3940b1157834dde6b18289d7079b8b2ad71f8d82d0a40aa09e62f14a3553af43
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
commonConfig
%7B%22brand%22%3A%22wix%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D
x-wix-brand
wix
X-Wix-Client-Artifact-Id
chat-widget

Response headers

date
Tue, 30 Aug 2022 12:41:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-wix-request-id
1661863260.4245799884417217238
server
Pepyaka/1.19.10
vary
Accept-Encoding
content-type
application/json;charset=utf-8
cache-control
no-cache
x-seen-by
m0j2EEknGIVUW/liY8BLLlPVSO1QPQ7KlY+JzrfjmCIMbwluI1yUDJty9McxOlfY,rXUceJIlvIg2Ftogbhjv0AjjZowB4LoWwGSguaf1Y/+6uscpOVgjObcsvTI8BKPIBFNjNRTmQgt5BwMmIVG00A==,osV03DUdKaEVOGwoQFgPYs5K9v4Hn99oMV/HrANLUrg=,sQ19iEk473qMiaixh4sATkJcgzffv5B+UfopeF/0qts=,IL9CthJxRfsCtCTtbWZv81DJmjzsg+m4ElZVd8t88u3Tdo+UqGfe9wln8C/19R2j
fed
frog.wix.com/ Frame 8A10
0
255 B
Ping
General
Full URL
https://frog.wix.com/fed
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/unpkg-semver/fedops-logger@5/fedops-logger.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://engage.wixapps.net/
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://engage.wixapps.net
date
Tue, 30 Aug 2022 12:41:00 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
engage
frog.wix.com/ Frame 8A10
0
255 B
Ping
General
Full URL
https://frog.wix.com/engage?_msid=03d335bf-064f-438c-8863-fee14f7e7b64&_appId=14517e1a-3ff0-af98-408e-2bd6953c36a2&_instanceId=00432bad-9f83-4a5e-aa5c-3ab1202bd325&_siteOwnerId=a87960c2-ded5-42d8-a422-0b128cd4b8df&_siteMemberId=&_visitorId=21f2ff3d-fa77-4b67-8c2d-8caf40d78b4f&_viewMode=site&_bsi=941de264-67d1-4894-b1d9-4fdb80091796%7C1&src=5&app_instance_id=00432bad-9f83-4a5e-aa5c-3ab1202bd325&bi_token=03901e12-99cc-09d2-223f-c4506f55a841&visitor_id=21f2ff3d-fa77-4b67-8c2d-8caf40d78b4f&is_social=false&is_business=true&mode=site&_brandId=wix&_siteBranchId=undefined&_ms=1186&_lv=2.0.985%7CC&evid=701&platform=desktop&load_time=144&is_full_render=false&layoutName=floating&version=V2&widget_sub_type=Wix&_isca=1&_iscf=1&_ispd=0&_ise=0&_=16618632603640
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/chat-widget/1.2357.0/chat-widget.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://engage.wixapps.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://engage.wixapps.net
date
Tue, 30 Aug 2022 12:41:00 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
ugc-viewer
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/ugc-viewer?_msid=03d335bf-064f-438c-8863-fee14f7e7b64&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250&_av=thunderbolt-1.10845.0&isb=true&isbr=plugins-extra&_brandId=wix&_siteBranchId=undefined&_ms=3257&_lv=2.0.985%7CC&_mt_instance=pznBQH5Gkhi71ZdRxQlanD6xvwJANDzgSrvWcwGiveI.eyJpbnN0YW5jZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0IiwiYXBwRGVmSWQiOiIyMmJlZjM0NS0zYzViLTRjMTgtYjc4Mi03NGQ0MDg1MTEyZmYiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsInNpdGVPd25lcklkIjoiYTg3OTYwYzItZGVkNS00MmQ4LWE0MjItMGIxMjhjZDRiOGRmIn0&_visitorId=21f2ff3d-fa77-4b67-8c2d-8caf40d78b4f&_siteMemberId=undefined&bsi=941de264-67d1-4894-b1d9-4fdb80091796%7C1&appId=14517e1a-3ff0-af98-408e-2bd6953c36a2&widget_id=14517f3f-ffc5-eced-f592-980aaa0bbb5c&instance_id=comp-l0uxga0g&src=42&evid=643&tts=3257&pid=ugenx&pn=1&_isca=1&_iscf=1&_ispd=0&_ise=0&_=16618632603783
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/main.418fdbe3.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:41:00 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
css
fonts.googleapis.com/ Frame 8A10
8 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:n,b,i,bi|&subset=hebrew,arabic,latin
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/js-sdk/1.640.0/js/wix-private.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400e:801::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a4480cf4143094a283f0f8410158bba81ea7a95d60a8e5f9753ff29d36d1ad11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://engage.wixapps.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 30 Aug 2022 12:41:00 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 30 Aug 2022 12:41:00 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 30 Aug 2022 12:41:00 GMT
languages-woff2.css
static.parastorage.com/services/santa-resources/resources/viewer/user-site-fonts/v16/ Frame 8A10
46 KB
7 KB
Stylesheet
General
Full URL
https://static.parastorage.com/services/santa-resources/resources/viewer/user-site-fonts/v16/languages-woff2.css
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/js-sdk/1.640.0/js/wix-private.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
c03889650bf962ae6108ba4f211ef470699aaf2d5784b8b15a4100ad9d76c4f5

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://engage.wixapps.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 07:51:18 GMT
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
age
5374182
x-cache-status
MISS
x-cache
Hit from cloudfront
content-encoding
br
timing-allow-origin
*
x-varnish
318186361
x-wix-request-id
1656489078.110362631056423017
last-modified
Mon, 27 Jun 2022 16:05:55 GMT
server
Pepyaka/1.19.10
etag
W/"07654f4717bb5fd60335e801b0ed2183-1"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-amz-version-id
hLkJ9dC4HS4orwa5f12n4i3RmKgs_kV7
access-control-allow-origin
*
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
rn8ZjCvNwQL0P-5WBZY5vCJNmXR33v2YZBT_SKxmluRYEst6uzLSmw==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchsyoANA5L58iE/4UOTdE0x,aVxMblM8KFG3we5NLvyVc1jYNdX5iXQWX+OiINkuR/e8ZDY613cHYLbuhNMgAom1,2iuX5LYwvZa9CoGaG8ZUZgqsM72LknxyIGq7MjJjVJMe3/j5AamzIi0oSHQsz9b+
focus-visible.min.js
static.parastorage.com/unpkg/focus-visible@4.1.1/dist/ Frame 8A10
3 KB
2 KB
Script
General
Full URL
https://static.parastorage.com/unpkg/focus-visible@4.1.1/dist/focus-visible.min.js
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/js-sdk/1.640.0/js/wix-private.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
4e128ec13619825f39e42c248e64816a5d1141ad61ec74c700e46c528859f489

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://engage.wixapps.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 05 Jul 2022 12:23:46 GMT
content-encoding
br
age
4922711
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
754
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1657023826.7307259053413725146
last-modified
Thu, 15 Mar 2018 07:32:17 GMT
server
Pepyaka/1.19.10
etag
W/"71959c3fba69003122e325b1d61ce944"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
899320746 792293314
via
1.1 varnish (Varnish/6.0), 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
CPb087Z41eYGC7UB54mP1fy9qoBg75nTZJc9GDgZ25EzVPNbnjQ4PA==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrchsyoANA5L58iE/4UOTdE0x,aVxMblM8KFG3we5NLvyVc2240yoD0MlMpM73djr11roeGdLDLXwpLd0CTVHPbfOd
report-event
engage.wixapps.net/serverless/chat-event-reporter/ Frame 8A10
0
558 B
XHR
General
Full URL
https://engage.wixapps.net/serverless/chat-event-reporter/report-event
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/chat-widget/1.2357.0/chat-widget.bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.230.60.101 , United States, ASN58182 (WIX_COM, IL),
Reverse DNS
unalocated.60.wixsite.com
Software
Pepyaka/1.19.10 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
da-DK,da;q=0.9
authorization
ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9
Content-Type
application/json
x-wix-linguist
en|en|true|00432bad-9f83-4a5e-aa5c-3ab1202bd325
Accept
application/json, text/plain, */*
Referer
https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
X-Wix-Chat-Instance
ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9
x-wix-brand
wix
commonConfig
%7B%22brand%22%3A%22wix%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
X-Wix-Client-Artifact-Id
chat-widget

Response headers

pragma
no-cache
date
Tue, 30 Aug 2022 12:41:00 GMT
x-content-type-options
nosniff
x-wix-request-id
1661863260.4575799884417317238
server
Pepyaka/1.19.10
content-type
application/json; charset=utf-8
cache-control
no-store, no-cache
content-length
0
x-seen-by
m0j2EEknGIVUW/liY8BLLlPVSO1QPQ7KlY+JzrfjmCIMbwluI1yUDJty9McxOlfY,rXUceJIlvIg2Ftogbhjv0IOYwHnvhRgzYNPwOVC6JGiyjN+Qi6ygY+vz3YSiufgOBBX5hU3Fe9DpTWSPJi62yQ==,osV03DUdKaEVOGwoQFgPYps7xXjmHCROnooty+REWz8=,sQ19iEk473qMiaixh4sATrrQyJfVczSbSXb048duySM=,PgrrMD+T/VLWpAP1f76DIsQXIJ87AKGr7oxS7fa9QBVsko1Hiwkqs7b2FzHhCjglNNF9q6yuRKh0UbbPkTgtELxkNjrXdwdgtu6E0yACibU=
1920.chunk.min.js
static.parastorage.com/services/chat-widget/1.2357.0/ Frame 8A10
18 KB
6 KB
Script
General
Full URL
https://static.parastorage.com/services/chat-widget/1.2357.0/1920.chunk.min.js
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/chat-widget/1.2357.0/chat-widget.bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.10 /
Resource Hash
7579f1ed86164ef8c66c86803c7ee53252b78073da10bdd3be47631cad455273

Request headers

Referer
https://engage.wixapps.net/
Origin
https://engage.wixapps.net
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 13:09:12 GMT
content-encoding
br
age
84708
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
4937
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661778552.8878164130993230442
last-modified
Mon, 29 Aug 2022 13:04:36 GMT
server
Pepyaka/1.19.10
etag
W/"99acbe10fff559321feba96984c3fb07"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
538959191 543703874
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
9ypnN11Iy7t_5YGLpX7_ifBo2yvx6kpqXIOfNDaG2xLaLEFZRgwxxA==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjEM4kaaS6QH/itsJwI9pla,aVxMblM8KFG3we5NLvyVc5U6nDV0Sthqh2jmVbYx0F4QXT2AyjWfyxKagyd4/pDD
/
log.pinterest.com/
0
335 B
Image
General
Full URL
https://log.pinterest.com/?type=pidget&guid=1NXR9FWHB8Q8&tv=2021110201&event=init&sub=www&button_count=0&follow_count=0&pin_count=0&profile_count=0&board_count=0&section_count=0&lang=en&nvl=en-US&via=https%3A%2F%2Fwww.helminfosec.com%2Fpost%2Feasy-playbooks-to-make-ransomware-criminals-cry&viaSrc=canonical
Requested by
Host: www.helminfosec.com
URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 12:41:00 GMT
via
1.1 varnish
x-cache
MISS
x-envoy-upstream-service-time
1
x-cache-hits
0
content-length
0
x-served-by
cache-cph2320057-CPH
pragma
no-cache
server
envoy
x-timer
S1661863260.491253,VS0,VE100
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-pinterest-rid
1691708359131971
accept-ranges
bytes
expires
Sat, 01 Jan 2000 00:00:00 GMT
verifyCustomToken
www.googleapis.com/identitytoolkit/v3/relyingparty/ Frame 8A10
1 KB
1 KB
XHR
General
Full URL
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken?key=AIzaSyClcOX5Tut1uJylikpNbFzkW_qpiBFjNPM
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/chat-widget/1.2357.0/chat-widget.bundle.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400e:801::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
93eeddf121d5c2dd1c13181920162d125a0c62b2b1fb8064839b58269ea1b1fe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://engage.wixapps.net/
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Tue, 30 Aug 2022 12:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://engage.wixapps.net
access-control-expose-headers
date,vary,vary,vary,content-encoding,server,content-length
cache-control
no-cache, no-store, max-age=0, must-revalidate
vary
Origin, X-Origin, Referer
content-length
1008
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
verifyCustomToken
www.googleapis.com/identitytoolkit/v3/relyingparty/ Frame
0
0
Preflight
General
Full URL
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken?key=AIzaSyClcOX5Tut1uJylikpNbFzkW_qpiBFjNPM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400e:801::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://engage.wixapps.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://engage.wixapps.net
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Tue, 30 Aug 2022 12:41:00 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
bolt-performance
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/bolt-performance
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/main.418fdbe3.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.helminfosec.com/
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:41:00 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
8490.chunk.min.js
static.parastorage.com/services/chat-widget/1.2357.0/ Frame 8A10
10 KB
4 KB
Script
General
Full URL
https://static.parastorage.com/services/chat-widget/1.2357.0/8490.chunk.min.js
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/chat-widget/1.2357.0/chat-widget.bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-14.fra56.r.cloudfront.net
Software
Pepyaka/1.19.0 /
Resource Hash
cb93f19b1ffa2437995c99538da6914fec0df51909a20390f713752c4b63c644

Request headers

Referer
https://engage.wixapps.net/
Origin
https://engage.wixapps.net
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 13:09:14 GMT
content-encoding
br
age
84708
x-cache-status
HIT
x-cache
Hit from cloudfront
content-length
3184
timing-allow-origin
*
access-control-allow-origin
*
x-wix-request-id
1661778554.2401236573568594580
last-modified
Mon, 29 Aug 2022 13:04:36 GMT
server
Pepyaka/1.19.0
etag
W/"ffa4f5426a7b84bd72eb7909cdecd5a4"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, POST
x-varnish
926883173 926823414
via
1.1 varnish (Varnish/6.0), 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=7776000, immutable
x-amz-cf-pop
FRA56-P7
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-*
x-amz-cf-id
HlVbhSQj5sNGlq5hc2hsgE9iSp54pPWGNJ78gHxf-n6mmYapuWULOg==
x-seen-by
zj0K/N8xR7eC1M9gyLLPhec8x6p2CWcEzwFyRVShrcjV0TBmJ+uLPQ4OZPC1VSMH,aVxMblM8KFG3we5NLvyVc1XEV11U4uj6EySGMcOeW2gfbJaKSXYQ/lskq2jK6SGP
set-data
engage.wixapps.net/_api/presence-service/v1/ Frame 8A10
2 B
502 B
Fetch
General
Full URL
https://engage.wixapps.net/_api/presence-service/v1/set-data
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/chat-widget/1.2357.0/8490.chunk.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.230.60.101 , United States, ASN58182 (WIX_COM, IL),
Reverse DNS
unalocated.60.wixsite.com
Software
Pepyaka/1.19.10 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

x-xsrf-token
1661863260|7AWVV182wUEu
accept-language
da-DK,da;q=0.9
authorization
ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9
content-type
application/json
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Referer
https://engage.wixapps.net/chat-widget-server/renderChatWidget/index?pageId=masterPage&compId=comp-l0uxga0g&viewerCompId=comp-l0uxga0g&siteRevision=238&viewMode=site&deviceType=desktop&locale=en&tz=America%2FChicago&regionalLanguage=en&width=230&height=86&instance=ulpL1McYEn34OqMfCMye6V9w30GLu16cBwaWepCpLsY.eyJpbnN0YW5jZUlkIjoiMDA0MzJiYWQtOWY4My00YTVlLWFhNWMtM2FiMTIwMmJkMzI1IiwiYXBwRGVmSWQiOiIxNDUxN2UxYS0zZmYwLWFmOTgtNDA4ZS0yYmQ2OTUzYzM2YTIiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsImJpVG9rZW4iOiIwMzkwMWUxMi05OWNjLTA5ZDItMjIzZi1jNDUwNmY1NWE4NDEiLCJzaXRlT3duZXJJZCI6ImE4Nzk2MGMyLWRlZDUtNDJkOC1hNDIyLTBiMTI4Y2Q0YjhkZiJ9&currency=USD&currentCurrency=USD&commonConfig=%7B%22brand%22%3A%22wix%22%2C%22bsi%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250
commonconfig
%7B%22brand%22%3A%22wix%22%2C%22BSI%22%3A%22941de264-67d1-4894-b1d9-4fdb80091796%7C1%22%7D
x-wix-brand
wix
x-wix-client-artifact-id
chat-widget

Response headers

pragma
no-cache
date
Tue, 30 Aug 2022 12:41:01 GMT
x-content-type-options
nosniff
x-wix-request-id
1661863261.1565799884417417238
server
Pepyaka/1.19.10
etag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
content-type
application/json; charset=utf-8
cache-control
no-store, no-cache
content-length
2
x-seen-by
m0j2EEknGIVUW/liY8BLLlPVSO1QPQ7KlY+JzrfjmCIMbwluI1yUDJty9McxOlfY,rXUceJIlvIg2Ftogbhjv0FeZv3yruMWlC/cQEv/DiL2e6601EPruqXMND0ZgrKBy4eAr0ogoCf2Yw0iXGoMBhQ==,osV03DUdKaEVOGwoQFgPYmoIlnztscceDyLZYi71wi4=,sQ19iEk473qMiaixh4sATmFdg2EPBlftTl3iIbJS01s=,n7nfHveCLqFOR3soqbSfo+THxi6PkWAV4sXN1glROXyfqw3Hx+gZrJIIKroHbGz/i2uZ+6O2Gibjp5mugoWfKg==
events.json
wix-engage-visitors-prod-15.firebaseio.com/core-chat/participants/21f2ff3d-fa77-4b67-8c2d-8caf40d78b4f/ Frame 8A10
4 B
320 B
XHR
General
Full URL
https://wix-engage-visitors-prod-15.firebaseio.com/core-chat/participants/21f2ff3d-fa77-4b67-8c2d-8caf40d78b4f/events.json?auth=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUyZmEwZjE2NmJmZjZiODU5N2FjMGFlMDRlNTllZmYxOTk1N2MyYmIiLCJ0eXAiOiJKV1QifQ.eyJwYXJ0aWNpcGFudElkIjoiMjFmMmZmM2QtZmE3Ny00YjY3LThjMmQtOGNhZjQwZDc4YjRmIiwiaXNzIjoiaHR0cHM6Ly9zZWN1cmV0b2tlbi5nb29nbGUuY29tL3dpeC1lbmdhZ2UtdmlzaXRvcnMtcHJvZC0xNSIsImF1ZCI6IndpeC1lbmdhZ2UtdmlzaXRvcnMtcHJvZC0xNSIsImF1dGhfdGltZSI6MTY2MTg2MzI2MSwidXNlcl9pZCI6IjU5NTE4MzQ3LTNkYTMtNDBhOS05NmMyLTBlODlmMzNlY2IwMSIsInN1YiI6IjU5NTE4MzQ3LTNkYTMtNDBhOS05NmMyLTBlODlmMzNlY2IwMSIsImlhdCI6MTY2MTg2MzI2MSwiZXhwIjoxNjYxODY2ODYxLCJmaXJlYmFzZSI6eyJpZGVudGl0aWVzIjp7fSwic2lnbl9pbl9wcm92aWRlciI6ImN1c3RvbSJ9fQ.1t9F1R2VhCb3XVuNduDY_wF8mdXKK9QcOj4GwN--6gkqzAnhzI0-WuSqf6E0DCJVgzbCUx8Aq_FXcwha7QIX8-4BMausln7v8SOOe83wznGnuENFipls29vu92AyQ1pwuI9BXIcJzomrkd0MbPV3uam_Buu1duJvXJ-QLU_47bBtNFcpS5gp0sjVNzY60merN_fN-eBWAwVe5pOWvJpeFJ75-zNK9N95tNEG7_vzas_5Z4xWKFwGhtI5SCOWGj5QQLeJ226c6T8UXiEqSa4ogAdXcqbA81fWfJRtywF7eAYCF7dNlUoS40U9XVthoO5Dpl_VqSJAd077XbKxheEP2A
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/chat-widget/1.2357.0/chat-widget.bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:4d00:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://engage.wixapps.net/
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 30 Aug 2022 12:41:01 GMT
Server
nginx
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://engage.wixapps.net
Cache-Control
no-cache
Connection
keep-alive
Content-Length
4
fed
frog.wix.com/ Frame 8A10
0
255 B
Ping
General
Full URL
https://frog.wix.com/fed
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/unpkg-semver/fedops-logger@5/fedops-logger.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://engage.wixapps.net/
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://engage.wixapps.net
date
Tue, 30 Aug 2022 12:41:01 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
bpm
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/bpm?_msid=03d335bf-064f-438c-8863-fee14f7e7b64&vsi=0cc4bf48-27f6-475a-9b2b-fd8ea194c250&_av=thunderbolt-1.10845.0&isb=true&isbr=plugins-extra&ts=5067&tsn=5485&dc=84&caching=hit%2Chit&session_id=180c76f9-db55-492f-b501-2a7edd1565e7&st=2&url=https%3A%2F%2Fwww.helminfosec.com%2Fpost%2Feasy-playbooks-to-make-ransomware-criminals-cry&ish=true&pn=1&isFirstNavigation=true&pv=true&pageId=ugenx&isServerSide=false&is_lightbox=false&is_cached=true&is_sav_rollout=0&is_dac_rollout=0&v=1.10845.0&_brandId=wix&_siteBranchId=undefined&_ms=5485&_lv=2.0.985%7CC&_mt_instance=pznBQH5Gkhi71ZdRxQlanD6xvwJANDzgSrvWcwGiveI.eyJpbnN0YW5jZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0IiwiYXBwRGVmSWQiOiIyMmJlZjM0NS0zYzViLTRjMTgtYjc4Mi03NGQ0MDg1MTEyZmYiLCJtZXRhU2l0ZUlkIjoiMDNkMzM1YmYtMDY0Zi00MzhjLTg4NjMtZmVlMTRmN2U3YjY0Iiwic2lnbkRhdGUiOiIyMDIyLTA4LTMwVDEyOjQwOjU3LjYwM1oiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjIxZjJmZjNkLWZhNzctNGI2Ny04YzJkLThjYWY0MGQ3OGI0ZiIsInNpdGVPd25lcklkIjoiYTg3OTYwYzItZGVkNS00MmQ4LWE0MjItMGIxMjhjZDRiOGRmIn0&_visitorId=undefined&_siteMemberId=undefined&src=72&evid=502&_=16618632626064&tti=2060&tbt=209&iframes=1&screens=1&entryType=loaded&lcp=722&lcpSize=43540&closestId=img_comp-l6oz10zr2&lcpTag=WIX-IMAGE&lcpResourceType=png&lcpInLightbox=false&countScripts=40&startTimeScripts=658&durationScripts=1591&mttfbScripts=61&attfbScripts=61&tbdScripts=774230&countImages=6&startTimeImages=691&durationImages=2788&mttfbImages=70&attfbImages=48&tbdImages=15246&countFonts=2&startTimeFonts=656&durationFonts=357&mttfbFonts=75&attfbFonts=75&tbdFonts=68943&duration=3484&ttlb=447&dcl=791&transferSize=128443&decodedBodySize=791084&pageCaching=maybe%20CDN&isSsr=true&isWelcome=false&visitorId=21f2ff3d-fa77-4b67-8c2d-8caf40d78b4f&btype=plugins-extra&bsi=941de264-67d1-4894-b1d9-4fdb80091796%7C1&ssrDuration=1124&ssrTimestamp=1661835398778&microPop=euw3&isRollout=false&isPlatformLoaded=false&maybeBot=true&cls=128&countCls=1&clsOld=128&clsId=SITE_PAGES&clsTag=DIV&clientType=ugc&analytics=true&_isca=1&_iscf=1&_ispd=0&_ise=1
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/main.418fdbe3.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
da-DK,da;q=0.9
Referer
https://www.helminfosec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:41:02 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST
bolt-performance
frog.wix.com/
0
256 B
Ping
General
Full URL
https://frog.wix.com/bolt-performance
Requested by
Host: static.parastorage.com
URL: https://static.parastorage.com/services/wix-thunderbolt/dist/ab-test-compilation/main.418fdbe3.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.31.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-31-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.helminfosec.com/
accept-language
da-DK,da;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.helminfosec.com
date
Tue, 30 Aug 2022 12:41:02 GMT
access-control-allow-credentials
true
server
nginx
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| initialTimestamps string| thunderboltTag string| thunderboltVersion object| webpackJsonp__wix_thunderbolt_app object| componentsRegistry object| Sentry object| fedops object| viewerModel object| fetchDynamicModel object| commonConfig object| __imageClientApi__ object| externalsRegistry object| ReactDOM object| reactDOMReference object| React object| reactReference object| reactAndReactDOMLoaded object| bi function| _addWindowMessageHandler boolean| bodyCacheable object| exclusionReason object| ssrInfo boolean| clientSideRender string| firstPageId object| fastdom function| _ object| webpackJsonp__wix_communities_blog_ooi object| wixPerformanceMeasurements object| wix-perf-measure object| consentPolicyManager object| wixEmbedsAPI object| wixTagManager object| wixDevelopersAnalytics object| currentGlobal object| webpackJsonp__wix_editor_elements_library function| rb_wixui.thunderbolt_bootstrap-classic_lazy_factory object| rb_wixui.thunderbolt_bootstrap-classic function| rb_wixui.thunderbolt_bootstrap_lazy_factory object| rb_wixui.thunderbolt_bootstrap object| rb_wixui.thunderbolt[SkipToContentButton] function| rb_wixui.thunderbolt_bootstrap-responsive_lazy_factory object| rb_wixui.thunderbolt_bootstrap-responsive function| requirejs function| require function| define object| gsapVersions function| registerListener function| fbq function| _fbq object| regeneratorRuntime object| Prism number| PIN_19234 object| PIN_1661863259397 string| value string| key object| PinUtils

9 Cookies

Domain/Path Name / Value
www.helminfosec.com/post Name: ssr-caching
Value: cache#desc=hit#varnish=hit#dc#desc=euw3
.www.helminfosec.com/ Name: XSRF-TOKEN
Value: 1661863257|5oga6xeoIFj6
.www.helminfosec.com/ Name: hs
Value: 957221822
.www.helminfosec.com/ Name: svSession
Value: 68e675761db889c7f9498ea4772f7028b7661baccc9c165812ec504e58f6404f35fba5365ecdea3f0caf6b0a54fcc78a1e60994d53964e647acf431e4f798bcd9cc23989beb054a1c9ba37fe0b1fb96732f37a56d2519a14b739cf3523194e3b77b752787ad275befd76df69303704fbb920ecd848d439a43bdc96c2a1637435ea93bde5c8b1969da11c09f277432d18
.www.helminfosec.com/ Name: bSession
Value: 941de264-67d1-4894-b1d9-4fdb80091796|1
www.helminfosec.com/ Name: fedops.logger.defaultOverrides
Value: %7B%22paramsOverridesForApp%22%3A%7B%22communities-forum%22%3A%7B%22is_rollout%22%3Atrue%7D%2C%22wixstores-dashboard-shipping.pages.index%22%3A%7B%22is_rollout%22%3Atrue%7D%2C%22music-manager-my-albums%22%3A%7B%22is_rollout%22%3Atrue%7D%2C%22social-groups-dashboard%22%3A%7B%22is_rollout%22%3Atrue%7D%2C%22premium-feature-catalog%22%3A%7B%22is_rollout%22%3Atrue%7D%2C%22crm-automations-apes-pm-flow.pages.index%22%3A%7B%22is_rollout%22%3Atrue%7D%2C%22crm-automations-apes-pm-flow-pages-index%22%3A%7B%22is_rollout%22%3Atrue%7D%2C%22crm-automations-apes-pm-flow-pages-rules%22%3A%7B%22is_rollout%22%3Atrue%7D%2C%22share-it-web-lazy-component%22%3A%7B%22is_rollout%22%3Atrue%7D%2C%22wix-code-classic-editor%22%3A%7B%22is_rollout%22%3Atrue%7D%7D%7D
.helminfosec.com/ Name: _fbp
Value: fb.1.1661863258910.1284996326
.engage.wixapps.net/ Name: bSession
Value: 941de264-67d1-4894-b1d9-4fdb80091796|1
.engage.wixapps.net/ Name: XSRF-TOKEN
Value: 1661863260|7AWVV182wUEu

2 Console Messages

Source Level URL
Text
other warning URL: https://www.helminfosec.com/post/easy-playbooks-to-make-ransomware-criminals-cry(Line 694)
Message:
Unrecognized feature: 'vr'.
worker error URL: https://static.parastorage.com/services/santa-members-viewer-app/1.965.0/viewerScript.bundle.min.js
Message:
Route not found for app 14dbef06-cc42-5583-32a7-3abd44da4908 and section about

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.pinterest.com
connect.facebook.net
engage.wixapps.net
fonts.googleapis.com
fonts.gstatic.com
frog.wix.com
log.pinterest.com
siteassets.parastorage.com
static.parastorage.com
static.wixstatic.com
wix-engage-visitors-prod-15.firebaseio.com
www.facebook.com
www.googleapis.com
www.helminfosec.com
108.138.17.14
151.101.0.84
185.230.60.101
2600:1901:0:4d00::
2600:9000:2491:dc00:c:68f7:80:93a1
2606:4700:3033::ac43:d3a2
2a00:1450:4001:828::2003
2a00:1450:400e:801::200a
2a02:26f0:f700:19e::1931
2a03:2880:f007:8:face:b00c:0:1
2a03:2880:f11c:8183:face:b00c:0:25de
34.102.176.152
54.145.31.229
0560873e4af8a5e4d6f8b32ebd4828958f6aa64020f77f542f77da3378818388
07fee28413513b371da11925d4d94acc6be36694299784ad51ba8af2c519c5b1
0aeb4ecf1091b9c52c9fa0ba4dc118b1abafbd88a51278935e574f6baff0bb49
0ce5fa3d2d339b2ffd43388e9e10a4952a0a610cd49cadd13ab67ed9b80031b6
0ea1130374e85e9a075eac5e4f7da8616cd61fefbb443f200592606923d8bea3
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
168fae1dedf02144ce3d19352fd51fca32fae5cbf7974e7e9d16e5c1c299bb3d
17a06ea94fb5b07aa8dd8c81a884bcdaeaf972c0bafc2bf4ea8183a39d0e8607
180d5cd83ed473eafc66150e50efd5560c99a7f41b8c86d375489ff5652be5ed
1897f4b9627699de5ee4537822e310300d6e7bfa1ee62822c217b45fe9f01d99
1de27fa37024b0c9dce1aabdabd799aa383a573797fd961f7b52f344a177b141
1f03b3082883c94de09ea4c0b38092a45f2f7ca60c14889818a3e19057da34b8
20f0315c97ff7007f2e7a94d659e094a7efc01b8306da53987538c1101489e0e
319a93d72316b4301cccace1d6ed58d81e30a4452a457d1f6894e3bdd6c88ce0
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
34d07529ea600ab692d6bb7a96d1d418acbd524a29114b8068dda873b51b37ca
3940b1157834dde6b18289d7079b8b2ad71f8d82d0a40aa09e62f14a3553af43
3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45ce4ec4042301a5917e724c064a23b8d8f75059c9894bacfe24958c4dc9343e
45fb40e12580716f312bf21b709f9e4f45e9897f3b58adb375766c5de5184a00
4744e5f843f3ab8ed38dac4caa68d2d41c029241f4c23f0f2bdc991c8eb23b38
4949f4e1cff9e8a960b44c9a8be70bc4bb10216eb4d0123ca61753e0908a0f87
4e128ec13619825f39e42c248e64816a5d1141ad61ec74c700e46c528859f489
4f003b239f4c7212ed823020ec8a067c33a7544209c543bf6b94386b0261dfa6
5cef9367d2bcaba25b74d20e0e139d2cf900e9123e5fde26101aee7f40f6b5cf
66b4b5b83e7a0bd6e8d55e193176c54992224230a550c28358b5e062c52cc062
68a3e7f27709f87d5c8f75a4af3fcb063d431d5669521e7fc537a9681b1078fc
6f527dde8b4edc9d347102fcb41e17d26cf00aff727693ea9140f7fc2a298842
72223c5f23a10723f6ae2edf55b04cc2440ae2957e35119bc0a21b96ddb09715
7282a119cf5a315a84c5dcfd7c2bf290e9be64b2e3eeb15295c4ff20138e9e7c
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
7579f1ed86164ef8c66c86803c7ee53252b78073da10bdd3be47631cad455273
79b9a4428e4ffb7319831b1f4896be573878e1d02f4c1d98d0a01f64e64b8f4f
7ae371d6d3829aeb779514de9d42dc5b004f4cc92c258885a1b10572a67db124
7e41ca21e421f129d3881e345f990027b66c0ab3c5580e549575f9393d117cbd
863feacc1e31a97b43acb5ec35100bb486da745242eba1df24f779afdc194bbe
86be52bdb7547413cafb3ed175a806a798c65de98b40849e0b974c47d187de65
89bf336a9af8c8dd2b8222ddffd5a88c62bed72bb09d2266f36f7c4de09e9fa4
8a17b6508522849ea40202c21a6ffad71c938e1b25a508f320121597a5346d57
8a47fdc07d5fec4645f35ec4907491677991e5adc8efdd9dcbe27ffe0cbf3a5b
8e0ef53da3ec9eb4a5559460cbe7bf4c07cb06ea38db55a62d6ee94fe510cc7f
8e3eed9703ab5ce126cfa0e19d7ab2785df27bc2a8f64740348868bd09ad34d8
9173d5d64ca4fc2136618054d07d03e1dd90b04a9dfedb8a60fa9e64589885a6
91bf7598f1ec28b07895ff9397ec04bbd3e88a3c80f86ce3416236219f31c41c
93d063c1bfb5b57c2cebb23a7e4f6a697d1454dee3c2d7c2300725becb2e31b4
93eeddf121d5c2dd1c13181920162d125a0c62b2b1fb8064839b58269ea1b1fe
97cc95aacf705c6f27e4e5da2d9f6179b7e07e3d1c4e5f42b5148f689c0afd57
9cd04d1a84368fa539b48cc09d3721091127b9eb2858ff5e4863d6c127ccedae
9d98a94c67e6e29d48d55ba2f6b415d0646af7f7313b539697eb53b34ab78c4c
a055462e069ab37c3c269bf8b80c7c1aafa72b7d2f0b7699833f87558b06a0cc
a10fdd810da69be417e0dec95e5ff3f3a8864438a6607536ff189681fd7a7afa
a4480cf4143094a283f0f8410158bba81ea7a95d60a8e5f9753ff29d36d1ad11
a477718a0c18dab93d52ba635655e0de3fdc362a53ed71d3371ac5a28084b725
a6f9857398e30d4a2c77ce4251782cc6c00c367cae828a4fdd208341a3072edc
a9705dfc47c0763380d851ab1801be6f76019f6b67e40e9b873f8b4a0603f7a9
a978592c9af8e975e0b0835248249caf16a8492d064daa51bd49670603b87f04
ae20893c1a0772e61e58c6dc1c1b8c53fcc0036f42d3cccfae475e7117fd99d1
afe7148e81e6a4c4f127929f1cb7d72b6c41e39220c887f5886a84a15714e7c8
b47baa9e0c4753d87d442f21a302e4fcda6a1c8f5d5c64f3ac8993b7bc49706d
b81d72275a74a94b4a823dc485fbf64fa3dcfc6ba99b6fda4729ac07abe82408
bd218de167fedee2f2d10a6ecdea1e4e2e4a1ed639d79dbdcf97cf1908ca8b87
c03889650bf962ae6108ba4f211ef470699aaf2d5784b8b15a4100ad9d76c4f5
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
c964a5050ebe35bf06b2587f41e0a06bdb57beca8199deaf47ffd1bf33c5fbab
cb93f19b1ffa2437995c99538da6914fec0df51909a20390f713752c4b63c644
d0041e7365a961690e0e8a0faf14da3f0e080a24412fc30e0a2cac46ddf8c0a2
d4edbbe1037c50c8ffa90860286c8166860ad9da450ed5e16a28e2fc9bce3c23
d5f10f852b112a514a19f2b778eef5d2d1307878757f0a24539c051831cefaf8
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
d8a86c94b2d49f57e4431c1d6e0837793b738cf93acabff19b4603d30b70b477
da455f67c2ee2a34225cccd1c5b85e5c04736b4c2e622c2aee9b9e4e1b28bb93
de115023a6634323bcfdc2c38dac8713b9acac3a62a0c6d42297d593167f9ad7
e0f52472ba0c405acedaffbe5b001a507c62dc5a89dbe1d27b0f8dbb7a1b3c8d
e12dafa56cd8d91526d4361ce8c604af7e66eab80c4966f0f7764d142a6be524
e16bf10d3e357fcd444d083d1784ed9ba1cf53821e14c2c6604939ae0373cbf7
e2796a3e80ee2191aad18c605295c6bb4fdb54572ac16d59ba4de47986a1e172
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e834e2283fd1bd410d1d23df69ba502a456c21ee677485b434c60a1e8dae716d
e83c4b7b7da7473164173a770ee1e0b09e1bae30166a73da8d42cdf1e0c92e60
e8efc6127a972196003f55730b8f12be19e724b11e751f483f73b2ce9e7de009
ec84bf9b313609a2fe108f2ebbe53c8c3387d226bdba1fa11b020a4fa2b9ec35
f02ea6ca3892ef686e169054d07bb2e72a1c6fe2818af77267eef7c85da3efed
f1deeb28c9ad3763fd589c06dbf6336c7a5dc98baeb2126a61253d452f21d584