therecord.media Open in urlscan Pro
2606:4700::6812:621 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
Submission: On November 07 via api (November 7th 2021, 1:26:38 am UTC) from US — Scanned from DE

Summary HTTP 63 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 18 IPs in 5 countries across 16 domains to perform 63 HTTP transactions. The main IP is 2606:4700::6812:621, located in United States and belongs to CLOUDFLARENET, US. The main domain is therecord.media.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 18th 2021. Valid for: a year.

This is the only time therecord.media was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	2606:4700::68... 2606:4700::6812:621	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:d6cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.12.124 104.18.12.124	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:223... 2600:9000:223f:dc00:c:7d55:b3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
7	104.111.233.140 104.111.233.140	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6810:5f41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:46b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:15bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.223.61.136 52.223.61.136	16509 (AMAZON-02) (AMAZON-02)
1	185.33.220.244 185.33.220.244	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
63	18

31 2606:4700::6812:621 (United States)

ASN13335 (CLOUDFLARENET, US)

therecord.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d6cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.12.124 (None, )

ASN13335 (CLOUDFLARENET, US)

www.recordedfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:dc00:c:7d55:b3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.111.233.140 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-140.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5f41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:46b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.61.136 (United States)

ASN16509 (AMAZON-02, US)
PTR: a8b6f710f441cdbc2.awsglobalaccelerator.com

recordedfuture.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.220.244 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	therecord.media therecord.media	559 KB
7	6sc.co j.6sc.co c.6sc.co b.6sc.co	13 KB
4	matomo.cloud cdn.matomo.cloud recordedfuture.matomo.cloud	64 KB
3	cloudflare.com cdnjs.cloudflare.com	16 KB
2	youtube.com www.youtube.com	48 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	recordedfuture.com www.recordedfuture.com	94 KB
2	googletagmanager.com www.googletagmanager.com	69 KB
2	jsdelivr.net cdn.jsdelivr.net	26 KB
1	hubspot.com track.hubspot.com	1003 B
1	gravatar.com secure.gravatar.com	3 KB
1	adnxs.com secure.adnxs.com	691 B
1	hs-banner.com js.hs-banner.com	16 KB
1	hs-analytics.net js.hs-analytics.net	20 KB
1	cloudflareinsights.com static.cloudflareinsights.com	5 KB
1	hs-scripts.com js.hs-scripts.com	905 B
63	16

	Domain	Requested by
31	therecord.media	therecord.media
5	b.6sc.co
3	cdnjs.cloudflare.com	therecord.media
2	recordedfuture.matomo.cloud	cdn.matomo.cloud
2	www.youtube.com	therecord.media www.youtube.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cdn.matomo.cloud	therecord.media
2	www.recordedfuture.com	therecord.media
2	www.googletagmanager.com	therecord.media
2	cdn.jsdelivr.net	therecord.media
1	track.hubspot.com
1	secure.gravatar.com
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	static.cloudflareinsights.com	www.googletagmanager.com
1	j.6sc.co	therecord.media
1	js.hs-scripts.com	therecord.media
63	19

This site contains links to these domains. Also see Links.

Domain
www.recordedfuture.com
twitter.com
www.linkedin.com
www.facebook.com
www.reddit.com
news.ycombinator.com
www.cert.ssi.gouv.fr
attack.mitre.org
rclone.org
www.instagram.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-18` - `2022-07-17`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.recordedfuture.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-23` - `2022-02-22`	a year	crt.sh
cdn.matomo.cloud Amazon	`2021-01-28` - `2022-02-25`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2021-03-09` - `2022-03-16`	a year	crt.sh
*.matomo.cloud Amazon	`2021-08-20` - `2022-09-18`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-26` - `2022-06-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
Frame ID: C47D42E671109F5CFCAEF744F0B84192
Requests: 63 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CERT-France: Lockean ransomware group behind attacks on French companies - The Record by Recorded Future

Page Statistics

63
Requests

98 %
HTTPS

76 %
IPv6

16
Domains

19
Subdomains

18
IPs

5
Countries

957 kB
Transfer

2354 kB
Size

21
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.recordedfuture.com/privacy-policy/
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/&text=CERT-France:%20Lockean%20ransomware%20group%20behind%20attacks%20on%20French%20companies

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/&title=CERT-France:%20Lockean%20ransomware%20group%20behind%20attacks%20on%20French%20companies

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/&title=CERT-France:%20Lockean%20ransomware%20group%20behind%20attacks%20on%20French%20companies

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/&t=CERT-France:%20Lockean%20ransomware%20group%20behind%20attacks%20on%20French%20companies

Search URL Search Domain Scan URL

URL: https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-009/
Title: comprehensive report

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0552/
Title: AdFind

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0190/
Title: BITSAdmin

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0521/
Title: BloodHound

Search URL Search Domain Scan URL

URL: https://rclone.org/
Title: RClone

Search URL Search Domain Scan URL

URL: https://www.recordedfuture.com/malware-vulnerability-trends-report/?__hstc=156209188.5880654f380b22f3271facf7b586a56d.1636248393368.1636248393368.1636248393368.1&__hssc=156209188.1.1636248393369&__hsfp=2427650321
Title: H1 2021: Malware and Vulnerability Trends Report

Search URL Search Domain Scan URL

URL: https://www.recordedfuture.com/blackmatter-ransomware-protection/?__hstc=156209188.5880654f380b22f3271facf7b586a56d.1636248393368.1636248393368.1636248393368.1&__hssc=156209188.1.1636248393369&__hsfp=2427650321
Title: Protect Against BlackMatter Ransomware Before It’s Offered

Search URL Search Domain Scan URL

URL: https://twitter.com/TheRecord_Media

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/the-record-by-recorded-future

Search URL Search Domain Scan URL

URL: https://www.instagram.com/therecord_media/

Search URL Search Domain Scan URL

URL: https://www.recordedfuture.com/privacy-policy/?__hstc=156209188.5880654f380b22f3271facf7b586a56d.1636248393368.1636248393368.1636248393368.1&__hssc=156209188.1.1636248393369&__hsfp=2427650321
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

63 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/ 61 KB
13 KB 966ms
939ms Document
text/html 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33552950223a893ab31e75e809382ff2fa2764942c74b8a18db2f0fe3ffffbbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=600
link: <https://therecord.media/?p=8763>; rel=shortlink
strict-transport-security: max-age=31536000; includeSubDomains
x-pantheon-styx-hostname: styx-fe2-a-5bffbbcccc-9ssm9
x-pingback: https://therecord.media/xmlrpc.php
x-styx-req-id: bd113e53-3f69-11ec-811f-062b5d80bfed
x-served-by: cache-mdw17380-MDW, cache-bwi5023-BWI
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1636248392.760577,VS0,VE425
vary: Accept-Encoding, Cookie, Cookie
age: 0
via: 1.1 varnish, 1.1 varnish
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6aa2c61e5f395b9e-FRA
content-encoding: br

GET
H2 200 style.min.css
therecord.media/wp-includes/css/dist/block-library/ 57 KB
9 KB 19ms
18ms Stylesheet
text/css 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 12205278
x-pantheon-styx-hostname: styx-fe2-a-58bcd5f458-np279
x-cache: HIT, HIT
content-encoding: br
x-served-by: cache-mdw17350-MDW, cache-bwi5083-BWI
last-modified: Fri, 18 Jun 2021 14:42:50 GMT
server: cloudflare
x-timer: S1624043115.854483,VS0,VE1
etag: W/"60ccb0ea-e33b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
x-styx-req-id: 573360ec-d067-11eb-b79d-3aa163f41238
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6244cf25b9e-FRA
x-cache-hits: 1, 1

GET
H2 200 rf-rss-widget.css
therecord.media/wp-content/plugins/rf-rss-feed/public/css/ 473 B
479 B 20ms
19ms Stylesheet
text/css 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/plugins/rf-rss-feed/public/css/rf-rss-widget.css

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77e8232dee29ca904e5726f29b02f784c6155de5e388e61570a74aedf61b69de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 1332112
cf-polished: origSize=944
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: HIT, HIT
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17347-MDW, cache-bwi5020-BWI
last-modified: Fri, 22 Oct 2021 15:23:12 GMT
server: cloudflare
x-timer: S1634916281.927384,VS0,VE1
etag: W/"6172d760-3b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
x-styx-req-id: 21850fdb-334c-11ec-8013-ce1f3dd47c6f
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6245cf35b9e-FRA
x-cache-hits: 1, 1

GET
H2 200 jquery.mCustomScrollbar.min.css
cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/ 42 KB
4 KB 36ms
12ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.min.css

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

247184981eb6f698a94e431a83d68c6b0df623cce57b6e29dc5a6c11e23aa195

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5217080
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3359
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:12:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed4-a757"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QcJx9Csh%2BKL062Li81cvjhfh%2FIQqgigfxnfXuBFneDdmm5ezo8SQ509g2eYTNmRLedtWXDdJb36ZjHibgaJiVTtZNT3jYigDc4wmh%2BuxCMRtX2FA3UTXqk7%2BmUcSfUzkWXaGa4a2AZOsaO2clIKXQBuc"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6aa2c6247b3568f2-FRA
expires: Fri, 28 Oct 2022 01:26:32 GMT

GET
H2 200 jquery.fancybox.min.css
cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/ 12 KB
4 KB 40ms
15ms Stylesheet
text/css 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1053579
x-jsd-version: 3.5.7
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19144-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6aa2c6247fa642fd-FRA

GET
H2 200 style-v4.css
therecord.media/wp-content/themes/therecordmedia/assets/css/ 345 KB
48 KB 21ms
20ms Stylesheet
text/css 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b31a805b14cdf1311a94debe97e7d5695f38eca4dddc65d98cb58e9c281cf36d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 150568
cf-polished: origSize=459099
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-mzv6h
x-cache: MISS, HIT
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17369-MDW, cache-bwi5063-BWI
last-modified: Thu, 28 Oct 2021 15:47:43 GMT
server: cloudflare
x-timer: S1636097825.682192,VS0,VE148
etag: W/"617ac61f-7015b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
x-styx-req-id: 0235c6d1-3816-11ec-8a90-9e98479f2435
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6245cf55b9e-FRA
x-cache-hits: 0, 1

GET
H2 200 custom-v8.css
therecord.media/wp-content/themes/therecordmedia/assets/css/ 6 KB
2 KB 17ms
17ms Stylesheet
text/css 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/therecordmedia/assets/css/custom-v8.css

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a01127152b090004aa159e0d56664e2268a1de5334ba6d9d6515388a0f53a3b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 11263292
cf-polished: origSize=7291
x-pantheon-styx-hostname: styx-fe2-b-64744c95b6-59x78
x-cache: MISS, HIT
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17351-MDW, cache-bwi5032-BWI
last-modified: Tue, 29 Jun 2021 16:31:39 GMT
server: cloudflare
x-timer: S1624985100.589549,VS0,VE0
etag: W/"60db4aeb-1c7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
x-styx-req-id: b97de432-d8f7-11eb-9f9d-26b2e6fca046
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
pantheon-trace-id: e31e4012037149c18539f2eb32ebdebd
cf-ray: 6aa2c6245cf65b9e-FRA
x-cache-hits: 0, 2

GET
H2 200 ytprefs.min.css
therecord.media/wp-content/plugins/youtube-embed-plus/styles/ 6 KB
2 KB 19ms
19ms Stylesheet
text/css 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54b16a534f27d39f8edb7dd908ecf182b4be466f86f28ac0f01f415f2ba9d1cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 6476890
x-pantheon-styx-hostname: styx-fe2-b-9c6567bff-dpnrq
x-cache: HIT, HIT
content-encoding: br
x-served-by: cache-mdw17355-MDW, cache-bwi5029-BWI
last-modified: Thu, 19 Aug 2021 07:48:05 GMT
server: cloudflare
x-timer: S1629771503.943666,VS0,VE1
etag: W/"611e0cb5-178c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
x-styx-req-id: cb393b38-0105-11ec-a177-82c72c65dce1
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
pantheon-trace-id: e2c120c892b64b5dbcc2d82e5a2a0ba7
cf-ray: 6aa2c6245cf75b9e-FRA
x-cache-hits: 1, 1

GET
H2 200 cookieconsent.min.css
therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/css/ 20 KB
4 KB 19ms
19ms Stylesheet
text/css 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/css/cookieconsent.min.css

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c21f3f80c9adfdf9070c994d881f2069818a2d409b62834c805a7f17f08c91ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 3238613
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-bczg7
x-cache: MISS, HIT
content-encoding: br
x-served-by: cache-mdw17369-MDW, cache-bwi5025-BWI
last-modified: Wed, 22 Sep 2021 16:58:27 GMT
server: cloudflare
x-timer: S1633009779.001439,VS0,VE1
etag: W/"614b60b3-519d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
x-styx-req-id: 3d36d8a9-1cba-11ec-9a30-9625054942ed
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6245cf85b9e-FRA
x-cache-hits: 0, 1

GET
H2 200 PrimaryLogo-RGB-Carrot.svg
therecord.media/wp-content/uploads/2021/06/ 5 KB
2 KB 16ms
16ms Image
image/svg+xml 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://therecord.media/wp-content/uploads/2021/06/PrimaryLogo-RGB-Carrot.svg

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6429c09d26d4abed1c51691f17eb89c9c1fedf440964890e2a0fe9801e93e653

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 12220929
x-pantheon-styx-hostname: styx-fe2-a-58bcd5f458-jjb4g
x-cache: MISS, HIT
content-encoding: br
x-served-by: cache-mdw17377-MDW, cache-wdc5533-WDC
last-modified: Fri, 18 Jun 2021 14:43:58 GMT
server: cloudflare
x-timer: S1624027463.123564,VS0,VE1
etag: W/"60ccb12e-1421"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
access-control-allow-origin: *
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6245cfb5b9e-FRA
x-styx-req-id: 9f508062-d043-11eb-9cf1-ee94bcaaf0ad
x-cache-hits: 0, 1

GET
H2 200 hacker-keyboard-computer-cybercrime.jpg
therecord.media/wp-content/uploads/2021/11/ 139 KB
140 KB 608ms
608ms Image
image/jpeg 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://therecord.media/wp-content/uploads/2021/11/hacker-keyboard-computer-cybercrime.jpg

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cf773718da7d5c04f384586325b0dd3ad827daea5741f119071463b9d051ecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: MISS
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-2wb7t
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 142812
x-served-by: cache-mdw17383-MDW, cache-bwi5066-BWI
last-modified: Wed, 03 Nov 2021 16:48:06 GMT
server: cloudflare
x-timer: S1636248393.735327,VS0,VE2
etag: "6182bd46-22ddc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: 563948bf-3cc6-11ec-a09e-227203492b43
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 6aa2c6245cfd5b9e-FRA
x-cache-hits: 1, 1

GET
H2 200 rocket-loader.min.js Show response
therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 10ms
10ms Script
application/javascript 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Nov 2021 13:28:28 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"6185317c-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=172800, public
strict-transport-security: max-age=31536000; includeSubDomains
cf-ray: 6aa2c6245d015b9e-FRA
expires: Tue, 09 Nov 2021 01:26:32 GMT

GET
H2 200 complianz.min.js Show response
therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/ 40 KB
9 KB 21ms
17ms Script
application/x-javascript 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/complianz.min.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

326d6c39524da9a4b3d35286c798b93738a4665b29ce498d5b5df959a3a19012

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 3238613
x-pantheon-styx-hostname: styx-fe2-a-6b6d6f77d6-2h8pw
x-cache: MISS, HIT
content-encoding: br
x-served-by: cache-mdw17344-MDW, cache-wdc5581-WDC
last-modified: Fri, 24 Sep 2021 02:54:39 GMT
server: cloudflare
x-timer: S1633009780.604201,VS0,VE1
etag: W/"614d3def-9e2d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
x-styx-req-id: d3d16fdf-1d22-11ec-b5ec-8e8cf3dee576
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6247d1f5b9e-FRA
x-cache-hits: 0, 1

GET
H2 200 postscribe.min.js Show response
therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/ 17 KB
6 KB 26ms
23ms Script
application/x-javascript 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/postscribe.min.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 2328281
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-8s28k
x-cache: MISS, HIT
content-encoding: br
x-served-by: cache-mdw17344-MDW, cache-wdc5553-WDC
last-modified: Sun, 26 Sep 2021 06:54:48 GMT
server: cloudflare
x-timer: S1633920111.464426,VS0,VE1
etag: W/"61501938-45f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
x-styx-req-id: f070e800-1f28-11ec-85ab-0e5e40533d09
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6247d245b9e-FRA
x-cache-hits: 0, 1

GET
H2 200 cookieconsent.min.js Show response
therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/ 25 KB
8 KB 19ms
16ms Script
application/x-javascript 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/cookieconsent.min.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81dbdd695385ce9e3065e0cf1d8f058169de79244b1d1be4059b527e31d23c77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 777971
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: MISS, HIT
content-encoding: br
x-served-by: cache-mdw17356-MDW, cache-wdc5559-WDC
last-modified: Thu, 28 Oct 2021 15:47:42 GMT
server: cloudflare
x-timer: S1635470421.994134,VS0,VE1
etag: W/"617ac61e-6441"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
x-styx-req-id: 37dcbcf5-3813-11ec-8d6c-a6abd588099d
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6247d255b9e-FRA
x-cache-hits: 0, 1

GET
H2 200 fitvids.min.js Show response
therecord.media/wp-content/plugins/youtube-embed-plus/scripts/ 3 KB
1 KB 17ms
14ms Script
application/x-javascript 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aba0ac3c89011196a2c6b54d868991e18ffaf494c8e3afc97451be087b93770c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 9226776
x-pantheon-styx-hostname: styx-fe2-b-64744c95b6-qzl9f
x-cache: MISS, HIT
content-encoding: br
x-served-by: cache-mdw17352-MDW, cache-bwi5072-BWI
last-modified: Wed, 07 Jul 2021 15:27:39 GMT
server: cloudflare
x-timer: S1627021616.295313,VS0,VE1
etag: W/"60e5c7eb-aaf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
x-styx-req-id: 2b878fd4-dfd6-11eb-ab67-3a80d45744de
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
pantheon-trace-id: 928014bde77a4d1f82f5596e8b906c10
cf-ray: 6aa2c6247d275b9e-FRA
x-cache-hits: 0, 1

GET
H2 200 main.js Show response
therecord.media/wp-content/themes/therecordmedia/assets/js/ 24 KB
7 KB 17ms
15ms Script
application/x-javascript 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/therecordmedia/assets/js/main.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13a5d6deee5c86d1c86f8ab010b3dfcab1b0b500590024d8c7a44c279c96d443

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 12204930
cf-polished: origSize=45161
x-pantheon-styx-hostname: styx-fe2-a-58bcd5f458-np279
x-cache: MISS, HIT
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17374-MDW, cache-bwi5067-BWI
last-modified: Fri, 18 Jun 2021 18:56:23 GMT
server: cloudflare
x-timer: S1624043463.515417,VS0,VE1
etag: W/"60ccec57-b069"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
x-styx-req-id: 570fb616-d067-11eb-b79d-3aa163f41238
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6247d285b9e-FRA
x-cache-hits: 0, 1

GET
H2 200 jquery.fancybox.min.js Show response
cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/ 67 KB
22 KB 20ms
18ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1053579
x-jsd-version: 3.5.7
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19164-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"10a9d-YYFBLnOWZpbQjh5bEkOlctDyK6Y"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6aa2c6247fa842fd-FRA

GET
H2 200 jquery.mCustomScrollbar.min.js Show response
cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/ 39 KB
11 KB 15ms
13ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.min.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00a1230e22b6af3f9df1348f2cd54dc9dbe026f3a41b9bde3009dcefd1648ae1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4747082
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 10595
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:12:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed4-9cd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQo47W2kFH4cZ5%2F5Sjlxt8QxGK72%2BifAeleXGnzwnPb0IxDT6ipbnq9cHJbs3xQVShiVDq40Fr1Xc%2F9dtBnGhvx9D9XJDc4To2vbsQVH8SR%2FuomGO%2Ft52hXB5NzZbhVTYENjw0cKZt4Szivs5YHO%2BuWE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6aa2c6247b3668f2-FRA
expires: Fri, 28 Oct 2022 01:26:32 GMT

GET
H2 200 custom-v2.js Show response
therecord.media/wp-content/themes/therecordmedia/assets/js/ 828 B
621 B 19ms
17ms Script
application/x-javascript 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/therecordmedia/assets/js/custom-v2.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f7b3c1c9a817380967e2d68f41c86b4649b68dba06b37a49dab55bb5c5a6eab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 12041456
cf-polished: origSize=1551
x-pantheon-styx-hostname: styx-fe2-a-58bcd5f458-k527r
x-cache: MISS, HIT
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17335-MDW, cache-bwi5070-BWI
last-modified: Sun, 20 Jun 2021 16:33:59 GMT
server: cloudflare
x-timer: S1624206936.187959,VS0,VE1
etag: W/"60cf6df7-60f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
x-styx-req-id: 5b211bab-d1e5-11eb-ae7b-5e65bf8051b7
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6247d295b9e-FRA
x-cache-hits: 0, 1

GET
H2 200 bundle.js Show response
therecord.media/wp-content/themes/therecordmedia/assets/js/ 276 KB
72 KB 27ms
25ms Script
application/x-javascript 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/therecordmedia/assets/js/bundle.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8df981a2e0d74a44530cfe140f2ce72ad4cb7be724706b7a3cfcb160bd06590f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 4747412
cf-polished: origSize=525445
x-pantheon-styx-hostname: styx-fe2-b-9c6567bff-5qtlq
x-cache: MISS, HIT
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17322-MDW, cache-bwi5075-BWI
last-modified: Sat, 21 Aug 2021 20:07:26 GMT
server: cloudflare
x-timer: S1631500980.357841,VS0,VE2
etag: W/"61215cfe-80485"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
x-styx-req-id: be4db0e1-0318-11ec-8d11-0a99b6d1f344
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
pantheon-trace-id: 362234123dd944ff9642193a1cc6cdb5
cf-ray: 6aa2c6247d2a5b9e-FRA
x-cache-hits: 0, 1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 47ms
17ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-9153858-16

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ef0af8374f5f461615841a0310b1519bded90707a4702a79660de4280e28b9d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36452
x-xss-protection: 0
last-modified: Sun, 07 Nov 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 07 Nov 2021 01:26:32 GMT

GET
H2 200 252628.js Show response
js.hs-scripts.com/ 984 B
905 B 472ms
441ms Script
application/javascript 2606:4700::6811:d6cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/252628.js
Requested by: Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d6cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5cf71d2598e09f6d774ddf02d6ffb687023648c66ed7b03ed75116fefc0a4f0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-hubspot-correlation-id: 13cd5413-682e-47c3-9728-6b8488e3215f
last-modified: Sun, 07 Nov 2021 01:24:06 GMT
server: cloudflare
x-trace: 2B53B339851EB8856ED3B24F273DBD19BB2828615B000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://therecord.media
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 6aa2c624ab0d1f4d-FRA
expires: Sun, 07 Nov 2021 01:27:32 GMT

GET
H2 200 ytprefs.min.js Show response
therecord.media/wp-content/plugins/youtube-embed-plus/scripts/ 10 KB
3 KB 17ms
16ms Script
application/x-javascript 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f617a099ba9e73c30624d09ec9c8cb90ae3e784e8f89d94be4574dfe1496266

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 11707098
x-pantheon-styx-hostname: styx-fe2-b-64744c95b6-59x78
x-cache: MISS, HIT
content-encoding: br
x-served-by: cache-mdw17357-MDW, cache-bwi5042-BWI
last-modified: Thu, 24 Jun 2021 13:21:22 GMT
server: cloudflare
x-timer: S1624541294.072034,VS0,VE1
etag: W/"60d486d2-26a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
x-styx-req-id: e77377f0-d4ef-11eb-9f9d-26b2e6fca046
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6247d2b5b9e-FRA
x-cache-hits: 0, 1

GET
H2 200 modernizr_2.8.3.js Show response
therecord.media/wp-content/themes/therecordmedia/assets/js/ 15 KB
6 KB 19ms
17ms Script
application/x-javascript 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/therecordmedia/assets/js/modernizr_2.8.3.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82bfc506040c981ec142b63ec85a43e603310d9b5fac6598c5664a144f3c4e3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 12204930
cf-polished: origSize=15506
x-pantheon-styx-hostname: styx-fe2-a-58bcd5f458-k527r
x-cache: HIT, HIT
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17369-MDW, cache-wdc5539-WDC
last-modified: Fri, 18 Jun 2021 18:56:24 GMT
server: cloudflare
x-timer: S1624043463.559652,VS0,VE1
etag: W/"60ccec58-3c92"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
x-styx-req-id: 570e3de9-d067-11eb-ae7b-5e65bf8051b7
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6247d2d5b9e-FRA
x-cache-hits: 1, 1

GET
H2 200 jquery-migrate.min.js Show response
therecord.media/wp-includes/js/jquery/ 11 KB
4 KB 29ms
28ms Script
application/x-javascript 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 12204930
x-pantheon-styx-hostname: styx-fe2-b-64744c95b6-5mc9d
x-cache: MISS, HIT
content-encoding: br
x-served-by: cache-mdw17367-MDW, cache-bwi5046-BWI
last-modified: Fri, 18 Jun 2021 18:56:29 GMT
server: cloudflare
x-timer: S1624043462.471725,VS0,VE1
etag: W/"60ccec5d-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
x-styx-req-id: 570ce0e8-d067-11eb-878c-ae0a4d7663b5
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6247d2e5b9e-FRA
x-cache-hits: 0, 1

GET
H2 200 jquery.min.js Show response
therecord.media/wp-includes/js/jquery/ 87 KB
31 KB 22ms
21ms Script
application/x-javascript 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-includes/js/jquery/jquery.min.js

Requested by

Host: therecord.media
URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 777971
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: MISS, HIT
content-encoding: br
x-served-by: cache-mdw17320-MDW, cache-bwi5068-BWI
last-modified: Thu, 28 Oct 2021 15:47:40 GMT
server: cloudflare
x-timer: S1635470421.934517,VS0,VE1
etag: W/"617ac61c-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
x-styx-req-id: 2ddeffd5-3814-11ec-b1cd-36fd5dbf0b73
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c6247d2f5b9e-FRA
x-cache-hits: 0, 1

GET
H2 200 icomoon.ttf
therecord.media/wp-content/themes/therecordmedia/assets/fonts/custom/ 4 KB
4 KB 18ms
17ms Font
application/x-font-ttf 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/therecordmedia/assets/fonts/custom/icomoon.ttf?fiuh6y

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a6db13132ef5e4dc98723529dedf677f84b4993b7db70339cb1de93a910ffce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css
Origin: https://therecord.media
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 12220929
x-pantheon-styx-hostname: styx-fe2-a-58bcd5f458-jjb4g
x-cache: HIT, MISS
x-served-by: cache-mdw17349-MDW, cache-wdc5541-WDC
last-modified: Fri, 18 Jun 2021 14:42:44 GMT
server: cloudflare
x-timer: S1624027463.309480,VS0,VE20
etag: W/"60ccb0e4-107c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-font-ttf
access-control-allow-origin: *
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
cf-ray: 6aa2c624ad5d5b9e-FRA
x-styx-req-id: a74dac77-d043-11eb-9cf1-ee94bcaaf0ad
x-cache-hits: 1, 0

GET
H2 200 gudea-400-latin.woff2
therecord.media/wp-content/themes/therecordmedia/assets/fonts/gudea/ 8 KB
8 KB 24ms
23ms Font
font/woff2 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/therecordmedia/assets/fonts/gudea/gudea-400-latin.woff2

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f23ec5c633f64e45cdb8119ea2bd55f81bd2bf4a46131cc6e7aa415024db18f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css
Origin: https://therecord.media
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 9226263
x-pantheon-styx-hostname: styx-fe2-b-64744c95b6-59x78
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 7856
x-served-by: cache-mdw17328-MDW, cache-bwi5061-BWI
last-modified: Wed, 30 Jun 2021 12:38:26 GMT
server: cloudflare
x-timer: S1627022129.495128,VS0,VE1
etag: "60dc65c2-1eb0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
pantheon-trace-id: 0d16f0b8d33b417ea8e1885ae1232aad
accept-ranges: bytes
cf-ray: 6aa2c624ad5f5b9e-FRA
x-styx-req-id: 1947e86c-da48-11eb-9f9d-26b2e6fca046
x-cache-hits: 1, 1

GET
H2 200 oswald-400-latin.woff2
therecord.media/wp-content/themes/therecordmedia/assets/fonts/oswald/ 24 KB
24 KB 24ms
24ms Font
font/woff2 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/therecordmedia/assets/fonts/oswald/oswald-400-latin.woff2

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1010cf08825a41c768a117755a496da61a306c41b83c383ea66f1bb3334bb14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css
Origin: https://therecord.media
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 934856
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-6m9mg
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 24064
x-served-by: cache-mdw17352-MDW, cache-wdc5522-WDC
last-modified: Tue, 12 Oct 2021 07:54:51 GMT
server: cloudflare
x-timer: S1635313536.940167,VS0,VE80
etag: "61653f4b-5e00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 6aa2c624ad605b9e-FRA
x-styx-req-id: 8fa416a2-2cf3-11ec-a383-3277ea497536
x-cache-hits: 0, 1

GET
H2 200 oswald-700-latin.woff2
therecord.media/wp-content/themes/therecordmedia/assets/fonts/oswald/ 24 KB
24 KB 18ms
18ms Font
font/woff2 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/therecordmedia/assets/fonts/oswald/oswald-700-latin.woff2

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1010cf08825a41c768a117755a496da61a306c41b83c383ea66f1bb3334bb14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css
Origin: https://therecord.media
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 11263291
x-pantheon-styx-hostname: styx-fe2-b-64744c95b6-5mc9d
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 24064
x-served-by: cache-mdw17368-MDW, cache-bwi5021-BWI
last-modified: Tue, 29 Jun 2021 16:31:39 GMT
server: cloudflare
x-timer: S1624985102.703693,VS0,VE0
etag: "60db4aeb-5e00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
pantheon-trace-id: 424c6024d42a462786d6cf82ebe6d1dd
accept-ranges: bytes
cf-ray: 6aa2c624ad625b9e-FRA
x-styx-req-id: b9b2e2f0-d8f7-11eb-878c-ae0a4d7663b5
x-cache-hits: 0, 3

GET
H2 200 gudea-700-latin.woff2
therecord.media/wp-content/themes/therecordmedia/assets/fonts/gudea/ 8 KB
8 KB 17ms
16ms Font
font/woff2 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/therecordmedia/assets/fonts/gudea/gudea-700-latin.woff2

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3d3367b895674ec706b02be65ae0ee7416f158836f88ddc1d3e469e3bdd6cd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css
Origin: https://therecord.media
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 922624
x-pantheon-styx-hostname: styx-fe2-a-6b6d6f77d6-hws4p
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 7932
x-served-by: cache-mdw17349-MDW, cache-wdc5563-WDC
last-modified: Wed, 29 Sep 2021 19:54:57 GMT
server: cloudflare
x-timer: S1635325768.238649,VS0,VE1
etag: "6154c491-1efc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 6aa2c624ad635b9e-FRA
x-styx-req-id: b4bdd35b-21c8-11ec-987a-76bbec8dee9e
x-cache-hits: 0, 1

GET
H2 200 Lockean-chain.png
therecord.media/wp-content/uploads/2021/11/ 36 KB
36 KB 519ms
517ms Image
image/png 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://therecord.media/wp-content/uploads/2021/11/Lockean-chain.png

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e331b9f3cc250a83492ca83902ca6bbd62cd955716a865a819d36b8e5dbe84d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: MISS
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9l82c
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 36708
x-served-by: cache-mdw17365-MDW, cache-bwi5047-BWI
last-modified: Wed, 03 Nov 2021 16:48:14 GMT
server: cloudflare
x-timer: S1636248393.830886,VS0,VE2
etag: "6182bd4e-8f64"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 7a2b52bd-3cc6-11ec-92da-66ca9ee36be7
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 6aa2c624ed9a5b9e-FRA
x-cache-hits: 1, 1

GET
H2 200 Lockean-post-exploitation.png
therecord.media/wp-content/uploads/2021/11/ 5 KB
6 KB 31ms
29ms Image
image/webp 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://therecord.media/wp-content/uploads/2021/11/Lockean-post-exploitation.png

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3541fdf9d8da029f9c6f4e0a34940395e46f95a112b830d7f9f7acc9e5b8a392

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 6312
cf-polished: origFmt=png, origSize=7612
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-disposition: inline; filename="Lockean-post-exploitation.webp"
cf-bgj: imgq:100,h2pri
content-length: 5440
x-served-by: cache-mdw17341-MDW, cache-wdc5576-WDC
last-modified: Wed, 03 Nov 2021 16:48:26 GMT
server: cloudflare
x-timer: S1636242081.872691,VS0,VE1
etag: "6182bd5a-1dbc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/webp
x-styx-req-id: 7a2d6925-3cc6-11ec-a383-3277ea497536
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 6aa2c624ed9c5b9e-FRA
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-6m9mg

GET
H2 200 Lockean-RaaS.png
therecord.media/wp-content/uploads/2021/11/ 24 KB
24 KB 26ms
24ms Image
image/webp 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://therecord.media/wp-content/uploads/2021/11/Lockean-RaaS.png

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d56c47b16f28b437878a4da97d3d57b03fe7fae1ef27087b709f3d9f40882ebf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 9180
cf-polished: origFmt=png, origSize=29761
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-disposition: inline; filename="Lockean-RaaS.webp"
cf-bgj: imgq:100,h2pri
content-length: 24200
x-served-by: cache-mdw17352-MDW, cache-wdc5564-WDC
last-modified: Wed, 03 Nov 2021 16:48:31 GMT
server: cloudflare
x-timer: S1636239212.313482,VS0,VE1
etag: "6182bd5f-7441"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/webp
x-styx-req-id: 7a2cd8b5-3cc6-11ec-8335-16a4686d8166
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 6aa2c624ed9d5b9e-FRA
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-b4lkc

GET
H2 200 Lockean-victims.png
therecord.media/wp-content/uploads/2021/11/ 52 KB
52 KB 19ms
18ms Image
image/webp 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://therecord.media/wp-content/uploads/2021/11/Lockean-victims.png

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77d1c3c8ec1a286ae4eecc079f48f5c91a6d6a1ad8145ca29abec55904934168

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 9180
cf-polished: origFmt=png, origSize=65091
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-disposition: inline; filename="Lockean-victims.webp"
cf-bgj: imgq:100,h2pri
content-length: 53008
x-served-by: cache-mdw17352-MDW, cache-bwi5062-BWI
last-modified: Wed, 03 Nov 2021 16:48:41 GMT
server: cloudflare
x-timer: S1636239212.356801,VS0,VE2
etag: "6182bd69-fe43"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/webp
x-styx-req-id: 7a2e5f8c-3cc6-11ec-949c-2a1d1f5da7d2
expires: Tue, 08 Nov 2022 01:26:32 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 6aa2c624ed9e5b9e-FRA
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz

GET
H2 200 malware-vulnerability-trends-report-1024x235.jpg
www.recordedfuture.com/wp-content/uploads/ 49 KB
50 KB 58ms
29ms Image
image/jpeg 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/malware-vulnerability-trends-report-1024x235.jpg

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea4a235e83977d477d1f72e32749358b1594a3e7122cd0b5496038d5ccd791cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116624
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: MISS, HIT
cf-bgj: h2pri
content-length: 50439
x-served-by: cache-mdw17355-MDW, cache-bwi5035-BWI
last-modified: Tue, 31 Aug 2021 14:06:26 GMT
server: cloudflare
x-timer: S1636131769.587528,VS0,VE2
etag: "612e3762-c507"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
x-styx-req-id: 39fa69c9-3d37-11ec-949c-2a1d1f5da7d2
expires: Sat, 05 Nov 2022 06:19:54 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6aa2c6251e2ec26d-FRA
x-cache-hits: 0, 1

GET
H2 200 blackmatter-ransomware-protection-1024x235.jpg
www.recordedfuture.com/wp-content/uploads/ 44 KB
45 KB 49ms
21ms Image
image/jpeg 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/blackmatter-ransomware-protection-1024x235.jpg

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e21533f30d64e48b8fdfc843f81198621a6c43d23dd66704c18abeb1d888aa5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:32 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116624
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9l82c
x-cache: MISS, HIT
cf-bgj: h2pri
content-length: 45221
x-served-by: cache-mdw17368-MDW, cache-wdc5571-WDC
last-modified: Wed, 04 Aug 2021 14:20:02 GMT
server: cloudflare
x-timer: S1636131769.532378,VS0,VE0
etag: "610aa212-b0a5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
x-styx-req-id: bb059e28-3d45-11ec-92da-66ca9ee36be7
expires: Sat, 05 Nov 2022 08:03:44 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6aa2c6251e30c26d-FRA
x-cache-hits: 0, 2

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 87 KB
33 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PVJ5W86

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5b617436a0767ee70e0eaedfd7d423c998be25dcdd3c6a997a3c17a2317b692e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:33 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34069
x-xss-protection: 0
last-modified: Sun, 07 Nov 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 07 Nov 2021 01:26:33 GMT

GET
H2 200 matomo.js Show response
cdn.matomo.cloud/recordedfuture.matomo.cloud/ 191 KB
56 KB 33ms
8ms Script
application/javascript 2600:9000:223f:dc00:c:7d55:b3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Requested by: Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:dc00:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1519dacf01319cb5e0caa709cf1cb40794474a6ca4eb2de3d6fcb86c6157bf5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 01 Nov 2021 15:46:40 GMT
content-encoding: gzip
age: 466794
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Sun, 17 Oct 2021 20:19:00 GMT
server: AmazonS3
etag: W/"7cb87695146dc95cd8d88df28207416b"
vary: Accept-Encoding
x-amz-version-id: 6OU.jcK726xIXqmaHxPRdLJ.sc4VC7b9
via: 1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
cache-control: max-age=691200
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
x-amz-cf-id: Jo-gV5t91NXj-FYA5EHdIGZyber5R3LsNN8Zpy_lYGG-HlAwtVqzUw==

GET
H2 200 container_41sBJe2I.js Show response
cdn.matomo.cloud/recordedfuture.matomo.cloud/ 25 KB
8 KB 42ms
17ms Script
application/javascript 2600:9000:223f:dc00:c:7d55:b3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/container_41sBJe2I.js
Requested by: Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:dc00:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 65c8182d14dac6f60e0865e949489e903cd1cd54689f04c08db049ba60ac644a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 04 Nov 2021 19:17:04 GMT
content-encoding: gzip
age: 194970
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Sun, 17 Oct 2021 20:19:00 GMT
server: AmazonS3
etag: W/"6304dc15c11b8319dc9271b9f22417f3"
vary: Accept-Encoding
x-amz-version-id: DDB5xJvn165OAGokQb24SOTwfRkbjyjT
via: 1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
cache-control: max-age=691200
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
x-amz-cf-id: rze477wRI3EFK-Y8TiLky-epR5cDJ9fwQtC0qCpnRVyz6i_An4RIdA==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-9153858-16

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 26 Oct 2021 23:24:02 GMT
server: Golfe2
age: 5127
date: Sun, 07 Nov 2021 00:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sun, 07 Nov 2021 02:01:06 GMT

GET
H2 200 jquery.mousewheel.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/ 3 KB
1 KB 12ms
11ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/themes/therecordmedia/assets/js/bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 805233
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1046
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-ad3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=utlqyuD%2BuB3Zo5dPcrYYFb%2Bszqc9r6aC%2BCe07TNKjkXeZy%2FZdpi6Als4QrzbtHOgxYG4yDfIc0%2F32eHAElrReLlm446qeECNHiUXBjjrDvtnw%2FVncRU9OFuw%2BrnDJ%2FGByFRSOOcd46TNqPPQQcJlUFTs"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6aa2c629294268f2-FRA
expires: Fri, 28 Oct 2022 01:26:33 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 980 B
1 KB 49ms
27ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/themes/therecordmedia/assets/js/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2aee396045e8313003eda4d9b0acc42c7a9cbd7c29b4a32480ba2489baacbecc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=0
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"
expires: Sun, 07 Nov 2021 01:26:33 GMT

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 27 KB
9 KB 44ms
7ms Script
application/javascript 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: therecord.media
URL: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 07 Nov 2021 01:26:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 8575
Pragma: no-cache
Last-Modified: Thu, 07 Oct 2021 17:17:43 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615f2bb7-6a5f"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Cache-Control: private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Sun, 07 Nov 2021 01:26:33 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 13 KB
5 KB 60ms
34ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVJ5W86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: acd89c8dd5cc9cf47ee574302ec883993c33d419da8840ddb05763b857f1f09f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:33 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.9.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6aa2c6296821693a-FRA

GET
H2 200 252628.js Show response
js.hs-analytics.net/analytics/1636248300000/ 63 KB
20 KB 198ms
173ms Script
text/javascript 2606:4700::6811:46b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1636248300000/252628.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:46b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f958b4527bcb3c4da9d038386657b0a8e498e40bb6d5eede4f0a42d4b1503221

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:33 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: C6JK63HNCMPJ6VEP
x-amz-server-side-encryption: AES256
cf-ray: 6aa2c6296c146945-FRA
x-amz-id-2: pOSB204hbizrJgP0eqp3r9a6SV/qhJYeN8eEY/VhPdZR9jnPBKyGBFJzE6u1DZzPsf0qMAWXRaE=
last-modified: Mon, 19 Jul 2021 13:55:02 GMT
server: cloudflare
etag: W/"eb683456778d317c80ce91826fab13f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Sun, 07 Nov 2021 01:31:33 GMT

GET
H2 200 252628.js Show response
js.hs-banner.com/ 61 KB
16 KB 462ms
437ms Script
text/javascript 2606:4700::6812:15bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/252628.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e90135befb1cde3a65a625bd4b1947fe8241484d5248194fbb3ab8b3b9912706

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:33 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 88VQ1FRW34XET6YJ
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: eQDvpASNzdjQ2ujs1S93oZz3hk/8CQDjUBedRL648GXuW0th1NH7kR9paOCLA99Cw6STATB/nOM=
timing-allow-origin: *
last-modified: Fri, 03 Sep 2021 19:24:49 GMT
server: cloudflare
etag: W/"e0c913f4a0cc31dc55b4467584a6d8e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: lq2tXQvbi9wr797yewJV6QQGCJrrtX2q
access-control-allow-origin: https://www.recordedfuture.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 6aa2c6296c3d435d-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Sun, 07 Nov 2021 01:31:33 GMT

POST
H2 204 matomo.php
recordedfuture.matomo.cloud/ 0
167 B 74ms
42ms Ping
text/plain 52.223.61.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/matomo.php?action_name=therecord.media%2FCERT-France%3A%20Lockean%20ransomware%20group%20behind%20attacks%20on%20French%20companies%20-%20The%20Record%20by%20Recorded%20Future&idsite=2&rec=1&r=660079&h=1&m=26&s=33&url=https%3A%2F%2Ftherecord.media%2Fcert-france-lockean-ransomware-group-behind-attacks-on-french-companies%2F&_id=81e17968988b5ea9&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=fjy17I&fa_pv=1&fa_fp[0][fa_vid]=6OJV2C&fa_fp[0][fa_fv]=1&fa_fp[2][fa_vid]=HSq2lg&fa_fp[2][fa_fv]=1&fa_fp[3][fa_vid]=xg0Cig&fa_fp[3][fa_fv]=1&pf_net=28&pf_srv=938&pf_tfr=2&pf_dm1=21&pf_dm2=713&pf_onl=1
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.61.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8b6f710f441cdbc2.awsglobalaccelerator.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://therecord.media/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://therecord.media
date: Sun, 07 Nov 2021 01:26:33 GMT
access-control-allow-credentials: true
server: Apache
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,User-Agent

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
205 B 15ms
13ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=518321722&t=pageview&_s=1&dl=https%3A%2F%2Ftherecord.media%2Fcert-france-lockean-ransomware-group-behind-attacks-on-french-companies%2F&ul=en-us&de=UTF-8&dt=CERT-France%3A%20Lockean%20ransomware%20group%20behind%20attacks%20on%20French%20companies%20-%20The%20Record%20by%20Recorded%20Future&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=943674730&gjid=95372103&cid=279673762.1636248393&tid=UA-9153858-16&_gid=324000522.1636248393&_r=1&gtm=2oub31&z=775195984

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://therecord.media/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 07 Nov 2021 01:26:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://therecord.media
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 configs.php Show response
recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/ 116 B
291 B 25ms
15ms Script
application/javascript 52.223.61.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=2&trackerid=ieW5nR&url=https%3A%2F%2Ftherecord.media%2Fcert-france-lockean-ransomware-group-behind-attacks-on-french-companies%2F
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.61.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8b6f710f441cdbc2.awsglobalaccelerator.com
Software: Apache /
Resource Hash: 1c1a5c3b528d661109a2e879b9fac186ea38a466b1146ead6e23017c565b2718

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:33 GMT
content-encoding: gzip
server: Apache
content-length: 119
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,Accept-Encoding,User-Agent
content-type: application/javascript

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/8eb5bf0c/www-widgetapi.vflset/ 143 KB
47 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8eb5bf0c/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b64f85d8068989c158ba9a881e4b5f4971eb769a6ec9ae697f5a0728ba294fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 06 Nov 2021 20:15:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18639
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47334
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 00:18:20 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 06 Nov 2022 20:15:54 GMT

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
691 B 48ms
15ms XHR
application/json 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 07 Nov 2021 01:26:33 GMT
X-Proxy-Origin: 91.199.118.155; 91.199.118.155; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: aa279fba-77bb-441e-af4e-5f5563470665
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://therecord.media
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
371 B 36ms
7ms XHR
text/plain 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-140.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 211e289aa6c6588438d8e32743816ec225dfb90bf9cacd2e404a4d5c92eebba7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 07 Nov 2021 01:26:33 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://therecord.media
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H2 200 / Show response
therecord.media/wp-json/complianz/v1/banner/ 130 B
570 B 620ms
620ms XHR
application/json 2606:4700::6812:621
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-json/complianz/v1/banner/?lang=en&locale=en_US&token=zetku

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/complianz.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:621 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3026cea7eff6a33625644f88eef3c6418831341116ff8f04054da6c7abc138f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type: application/json

Response headers

date: Sun, 07 Nov 2021 01:26:33 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 0
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-encoding: br
vary: Accept-Encoding
x-served-by: cache-mdw17366-MDW, cache-wdc5522-WDC
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
server: cloudflare
x-timer: S1636248394.602037,VS0,VE218
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
x-styx-req-id: be2a2bdd-3f69-11ec-8937-3a0169694d83
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-robots-tag: noindex
cf-ray: 6aa2c629eac95b9e-FRA
link: <https://therecord.media/wp-json/>; rel="https://api.w.org/"
x-pantheon-styx-hostname: styx-fe2-a-5bffbbcccc-vqjk6

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 199ms
176ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10028b070000492b8761c40000003a0e0b00&session=b0bf6d9e-3ded-44ba-8713-231ee05409c8&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Sun%2C%2007%20Nov%202021%2001%3A26%3A33%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CERT-France%3A%20Lockean%20ransomware%20group%20behind%20attacks%20on%20French%20companies%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fcert-france-lockean-ransomware-group-behind-attacks-on-french-companies%2F&pageViewId=2aa374e3-0873-4305-86ab-33ab098a83bd&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 07 Nov 2021 01:26:33 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 5fcff613fdfb0dbe15ddb3c49d4f54cd
secure.gravatar.com/avatar/ 3 KB
3 KB 26ms
6ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/5fcff613fdfb0dbe15ddb3c49d4f54cd?s=96&d=mm&r=g
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f9dbfba2249f983c34ca80b4b4bbae5e4a0931683fdce8b2d5da86d90839960c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 07 Nov 2021 01:26:33 GMT
last-modified: Fri, 05 Mar 2021 15:49:20 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="5fcff613fdfb0dbe15ddb3c49d4f54cd.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/5fcff613fdfb0dbe15ddb3c49d4f54cd?s=96&d=mm&r=g>; rel="canonical"
content-length: 3268
expires: Sun, 07 Nov 2021 01:31:33 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1003 B 62ms
35ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2427650321&v=1.1&a=252628&rcu=https%3A%2F%2Ftherecord.media%2Fcert-france-lockean-ransomware-group-behind-attacks-on-french-companies%2F&pu=https%3A%2F%2Ftherecord.media%2Fcert-france-lockean-ransomware-group-behind-attacks-on-french-companies%2F&t=CERT-France%3A+Lockean+ransomware+group+behind+attacks+on+French+companies+-+The+Record+by+Recorded+Future&cts=1636248393371&vi=5880654f380b22f3271facf7b586a56d&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 01:26:33 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 8c233145-eb10-4221-a0dc-49e2d6a04177
cf-ray: 6aa2c62acd6c69a3-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hs679TxBs19NVYquIckvBE90fMZY%2FEIIg9wkL0rJQEnpAvdAKkRwry9g90pVDYcvWBuuGZG30dLUJzPdkjzcdlMGwN%2FLqV%2FiChUHDXvbPQkiYONWpqQSr%2F6xjWjcjfGnVstVYsPf3%2BoF8RbzPPxU"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 430ms
430ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10028b070000492b8761c40000003a0e0b00&session=b0bf6d9e-3ded-44ba-8713-231ee05409c8&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2007%20Nov%202021%2001%3A26%3A34%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2007%20Nov%202021%2001%3A26%3A33%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CERT-France%3A%20Lockean%20ransomware%20group%20behind%20attacks%20on%20French%20companies%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fcert-france-lockean-ransomware-group-behind-attacks-on-french-companies%2F&pageViewId=2aa374e3-0873-4305-86ab-33ab098a83bd&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 07 Nov 2021 01:26:34 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 177ms
177ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10028b070000492b8761c40000003a0e0b00&session=b0bf6d9e-3ded-44ba-8713-231ee05409c8&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2007%20Nov%202021%2001%3A26%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2007%20Nov%202021%2001%3A26%3A34%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CERT-France%3A%20Lockean%20ransomware%20group%20behind%20attacks%20on%20French%20companies%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fcert-france-lockean-ransomware-group-behind-attacks-on-french-companies%2F&pageViewId=2aa374e3-0873-4305-86ab-33ab098a83bd&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 07 Nov 2021 01:26:35 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 177ms
177ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10028b070000492b8761c40000003a0e0b00&session=b0bf6d9e-3ded-44ba-8713-231ee05409c8&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2007%20Nov%202021%2001%3A26%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2007%20Nov%202021%2001%3A26%3A35%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CERT-France%3A%20Lockean%20ransomware%20group%20behind%20attacks%20on%20French%20companies%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fcert-france-lockean-ransomware-group-behind-attacks-on-french-companies%2F&pageViewId=2aa374e3-0873-4305-86ab-33ab098a83bd&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 07 Nov 2021 01:26:36 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 177ms
177ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10028b070000492b8761c40000003a0e0b00&session=b0bf6d9e-3ded-44ba-8713-231ee05409c8&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2007%20Nov%202021%2001%3A26%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2007%20Nov%202021%2001%3A26%3A36%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CERT-France%3A%20Lockean%20ransomware%20group%20behind%20attacks%20on%20French%20companies%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fcert-france-lockean-ransomware-group-behind-attacks-on-french-companies%2F&pageViewId=2aa374e3-0873-4305-86ab-33ab098a83bd&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 07 Nov 2021 01:26:37 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10028b070000492b8761c40000003a0e0b00&session=b0bf6d9e-3ded-44ba-8713-231ee05409c8&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2007%20Nov%202021%2001%3A26%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2007%20Nov%202021%2001%3A26%3A37%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225006%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CERT-France%3A%20Lockean%20ransomware%20group%20behind%20attacks%20on%20French%20companies%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fcert-france-lockean-ransomware-group-behind-attacks-on-french-companies%2F&pageViewId=2aa374e3-0873-4305-86ab-33ab098a83bd&an_uid=0

Verdicts & Comments Add Verdict or Comment

78 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
therecord.media/	1969-12-31 23:59:59	Name: wordpress_google_apps_login Value: 5030ee40afb9cefd93f9b3d09bbf561f
.therecord.media/	1970-01-20 07:56:43	Name: _pk_id.2.de70 Value: 81e17968988b5ea9.1636248393.
.therecord.media/	1970-01-19 22:30:50	Name: _pk_ses.2.de70 Value: 1
.therecord.media/	1970-01-20 16:02:00	Name: _ga Value: GA1.2.279673762.1636248393
.therecord.media/	1970-01-19 22:32:14	Name: _gid Value: GA1.2.324000522.1636248393
.therecord.media/	1970-01-19 22:30:48	Name: _gat_gtag_UA_9153858_16 Value: 1
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: YRLE8oQHVBg
.youtube.com/	1970-01-20 02:50:00	Name: VISITOR_INFO1_LIVE Value: 88C23uyudiI
.6sc.co/	1970-01-20 16:02:00	Name: 6suuid Value: 36bb10028b070000492b8761c40000003a0e0b00
therecord.media/	1970-01-20 16:02:00	Name: _gd_svisitor Value: 36bb10028b070000492b8761c40000003a0e0b00
therecord.media/	1970-01-19 22:40:53	Name: _an_uid Value: 0
therecord.media/	1970-01-20 16:02:00	Name: _gd_visitor Value: 1e6ae0e8-3633-4a80-8b6d-d34b6e3f30b7
therecord.media/	1970-01-19 22:31:02	Name: _gd_session Value: b0bf6d9e-3ded-44ba-8713-231ee05409c8
.hubspot.com/	1970-01-19 22:30:50	Name: __cf_bm Value: qL05AhlzVlRgMur01ubjqOIWgn0cYwxQYDfv_Hxw.ks-1636248393-0-ATDTdcLNWvd3tUcxda0Mp8YJ0MUy9w15MmgW8EGzZKruJaT4zBxhCJQxuPSTb+mhqCwJZkU49ZQH8yxAKI3fNvU=
.therecord.media/	1970-01-20 07:52:24	Name: __hstc Value: 156209188.5880654f380b22f3271facf7b586a56d.1636248393368.1636248393368.1636248393368.1
.therecord.media/	1970-01-20 07:52:24	Name: hubspotutk Value: 5880654f380b22f3271facf7b586a56d
.therecord.media/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.therecord.media/	1970-01-19 22:30:50	Name: __hssc Value: 156209188.1.1636248393369
therecord.media/	1970-01-20 07:16:24	Name: cmplz_policy_id Value: 19
therecord.media/	1970-01-20 07:16:24	Name: cmplz_functional Value: allow
therecord.media/	1970-01-20 07:16:24	Name: cmplz_statistics-anonymous Value: allow

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.6sc.co
c.6sc.co
cdn.jsdelivr.net
cdn.matomo.cloud
cdnjs.cloudflare.com
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
recordedfuture.matomo.cloud
secure.adnxs.com
secure.gravatar.com
static.cloudflareinsights.com
therecord.media
track.hubspot.com
www.google-analytics.com
www.googletagmanager.com
www.recordedfuture.com
www.youtube.com
b.6sc.co
104.111.233.140
104.18.12.124
185.33.220.244
2600:9000:223f:dc00:c:7d55:b3c0:93a1
2606:4700::6810:125e
2606:4700::6810:5614
2606:4700::6810:5f41
2606:4700::6811:46b0
2606:4700::6811:d6cc
2606:4700::6812:15bf
2606:4700::6812:621
2606:4700::6813:9b53
2a00:1450:4001:808::200e
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::200e
2a04:fa87:fffe::c000:4902
52.223.61.136
00a1230e22b6af3f9df1348f2cd54dc9dbe026f3a41b9bde3009dcefd1648ae1
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
13a5d6deee5c86d1c86f8ab010b3dfcab1b0b500590024d8c7a44c279c96d443
1c1a5c3b528d661109a2e879b9fac186ea38a466b1146ead6e23017c565b2718
211e289aa6c6588438d8e32743816ec225dfb90bf9cacd2e404a4d5c92eebba7
247184981eb6f698a94e431a83d68c6b0df623cce57b6e29dc5a6c11e23aa195
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
2aee396045e8313003eda4d9b0acc42c7a9cbd7c29b4a32480ba2489baacbecc
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
2f617a099ba9e73c30624d09ec9c8cb90ae3e784e8f89d94be4574dfe1496266
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
326d6c39524da9a4b3d35286c798b93738a4665b29ce498d5b5df959a3a19012
33552950223a893ab31e75e809382ff2fa2764942c74b8a18db2f0fe3ffffbbd
3541fdf9d8da029f9c6f4e0a34940395e46f95a112b830d7f9f7acc9e5b8a392
4a6db13132ef5e4dc98723529dedf677f84b4993b7db70339cb1de93a910ffce
54b16a534f27d39f8edb7dd908ecf182b4be466f86f28ac0f01f415f2ba9d1cf
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0
5b617436a0767ee70e0eaedfd7d423c998be25dcdd3c6a997a3c17a2317b692e
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
6429c09d26d4abed1c51691f17eb89c9c1fedf440964890e2a0fe9801e93e653
65c8182d14dac6f60e0865e949489e903cd1cd54689f04c08db049ba60ac644a
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
77d1c3c8ec1a286ae4eecc079f48f5c91a6d6a1ad8145ca29abec55904934168
77e8232dee29ca904e5726f29b02f784c6155de5e388e61570a74aedf61b69de
7cf773718da7d5c04f384586325b0dd3ad827daea5741f119071463b9d051ecb
81dbdd695385ce9e3065e0cf1d8f058169de79244b1d1be4059b527e31d23c77
82bfc506040c981ec142b63ec85a43e603310d9b5fac6598c5664a144f3c4e3e
8df981a2e0d74a44530cfe140f2ce72ad4cb7be724706b7a3cfcb160bd06590f
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
9b64f85d8068989c158ba9a881e4b5f4971eb769a6ec9ae697f5a0728ba294fb
9f7b3c1c9a817380967e2d68f41c86b4649b68dba06b37a49dab55bb5c5a6eab
a01127152b090004aa159e0d56664e2268a1de5334ba6d9d6515388a0f53a3b9
a3026cea7eff6a33625644f88eef3c6418831341116ff8f04054da6c7abc138f
aba0ac3c89011196a2c6b54d868991e18ffaf494c8e3afc97451be087b93770c
acd89c8dd5cc9cf47ee574302ec883993c33d419da8840ddb05763b857f1f09f
b31a805b14cdf1311a94debe97e7d5695f38eca4dddc65d98cb58e9c281cf36d
c1519dacf01319cb5e0caa709cf1cb40794474a6ca4eb2de3d6fcb86c6157bf5
c21f3f80c9adfdf9070c994d881f2069818a2d409b62834c805a7f17f08c91ef
c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a
cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d56c47b16f28b437878a4da97d3d57b03fe7fae1ef27087b709f3d9f40882ebf
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e21533f30d64e48b8fdfc843f81198621a6c43d23dd66704c18abeb1d888aa5d
e331b9f3cc250a83492ca83902ca6bbd62cd955716a865a819d36b8e5dbe84d5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d3367b895674ec706b02be65ae0ee7416f158836f88ddc1d3e469e3bdd6cd4
e5cf71d2598e09f6d774ddf02d6ffb687023648c66ed7b03ed75116fefc0a4f0
e90135befb1cde3a65a625bd4b1947fe8241484d5248194fbb3ab8b3b9912706
ea4a235e83977d477d1f72e32749358b1594a3e7122cd0b5496038d5ccd791cc
ef0af8374f5f461615841a0310b1519bded90707a4702a79660de4280e28b9d4
f1010cf08825a41c768a117755a496da61a306c41b83c383ea66f1bb3334bb14
f23ec5c633f64e45cdb8119ea2bd55f81bd2bf4a46131cc6e7aa415024db18f1
f958b4527bcb3c4da9d038386657b0a8e498e40bb6d5eede4f0a42d4b1503221
f9dbfba2249f983c34ca80b4b4bbae5e4a0931683fdce8b2d5da86d90839960c
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

therecord.media Open in urlscan Pro 2606:4700::6812:621 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

63 Requests

98 %HTTPS

76 %IPv6

16 Domains

19 Subdomains

18 IPs

5 Countries

957 kBTransfer

2354 kBSize

21 Cookies

17 Outgoing links

Redirected requests

63 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

therecord.media Open in urlscan Pro
2606:4700::6812:621 Public Scan

Screenshot
Live screenshot

Full Image

63
Requests

98 %
HTTPS

76 %
IPv6

16
Domains

19
Subdomains

18
IPs

5
Countries

957 kB
Transfer

2354 kB
Size

21
Cookies

63 HTTP transactions
0 data transactions