therecord.media Open in urlscan Pro
2606:4700::6812:721  Public Scan

12 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/	57 KB 13 KB	1059ms 1003ms	Document text/html	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6f27c4527badb9e8a95ee69c7a701e9ace9a7616f65255cda05bf61d4346b7cb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Fri, 07 Jan 2022 23:14:48 GMT content-type text/html; charset=UTF-8 cache-control public, max-age=600 link <https://therecord.media/?p=10209>; rel=shortlink strict-transport-security max-age=31536000; includeSubDomains traceparent 00-1cce4f9ba82c4aa896a31b165c34aec4-ea248c1a37dba5ca-00 x-cloud-trace-context 1cce4f9ba82c4aa896a31b165c34aec4/16871764148270900682;o=0 x-pantheon-styx-hostname styx-fe2-a-54cb89b9bf-5wkrk x-pingback https://therecord.media/xmlrpc.php x-styx-req-id 9bb9b2a5-700f-11ec-9014-f227bc29ac87 x-served-by cache-mdw17378-MDW, cache-wdc5552-WDC x-cache MISS, MISS x-cache-hits 0, 0 x-timer S1641597288.092023,VS0,VE458 vary Accept-Encoding, Cookie, Cookie age 0 via 1.1 varnish, 1.1 varnish cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 6ca0e2684e0183ac-MXP content-encoding br
GET H2	200	style.min.css therecord.media/wp-includes/css/dist/block-library/	79 KB 11 KB	37ms 35ms	Stylesheet text/css	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-includes/css/dist/block-library/style.min.css?ver=5.8.2 Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 3095171 x-pantheon-styx-hostname styx-fe2-b-75d6cc764-pcbkb x-cache MISS, HIT content-encoding br x-served-by cache-mdw17337-MDW, cache-wdc5538-WDC last-modified Mon, 22 Nov 2021 09:55:05 GMT server cloudflare x-timer S1638502117.124388,VS0,VE1 etag W/"619b68f9-13abe" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type text/css x-styx-req-id a01ffd78-4cb1-11ec-a363-2eae4f4b1717 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26ebda583ac-MXP x-cache-hits 0, 1
GET H2	200	rf-rss-widget.css therecord.media/wp-content/plugins/rf-rss-feed/public/css/	473 B 454 B	35ms 33ms	Stylesheet text/css	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/plugins/rf-rss-feed/public/css/rf-rss-widget.css?ver=5.8.2 Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 77e8232dee29ca904e5726f29b02f784c6155de5e388e61570a74aedf61b69de Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 3095171 cf-polished origSize=944 x-pantheon-styx-hostname styx-fe2-a-5bffbbcccc-9ssm9 x-cache MISS, HIT cf-bgj minify content-encoding br x-served-by cache-mdw17367-MDW, cache-wdc5534-WDC last-modified Tue, 23 Nov 2021 22:37:20 GMT server cloudflare x-timer S1638502117.083340,VS0,VE1 etag W/"619d6d20-3b0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type text/css x-styx-req-id 9b8e8717-4d72-11ec-811f-062b5d80bfed expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26ebdaa83ac-MXP x-cache-hits 0, 1
GET H2	200	jquery.mCustomScrollbar.min.css cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/	42 KB 4 KB	65ms 23ms	Stylesheet text/css	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.min.css?ver=2021-06-29_1 Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 247184981eb6f698a94e431a83d68c6b0df623cce57b6e29dc5a6c11e23aa195 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 2516595 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 3359 timing-allow-origin * last-modified Mon, 04 May 2020 16:12:04 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ed4-a757" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8JpP2VvnbvvrTnZhHUDcR4EsWdhPJhGpMmg9vnNwDwZ4Nrya2odWJ28xfeGzO2%2BN9k4E8p9mHtsweXwin%2BFQ6KAioL7G%2FpJTAGb51XB2TdPgLMYc0WZ7fDh43ISqAyrAsE8RIrea8ZGGJG8Zw%2BjLDAhi"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6ca0e26eee6d599b-MXP expires Wed, 28 Dec 2022 23:14:48 GMT
GET H2	200	jquery.fancybox.min.css cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/	12 KB 4 KB	68ms 27ms	Stylesheet text/css	2606:4700::6810:5614 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css?ver=2021-06-29_1 Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT age 6402476 x-jsd-version 3.5.7 x-cache HIT, HIT cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-served-by cache-fra19172-FRA, cache-mxp6921-MXP timing-allow-origin * x-jsd-version-type version server cloudflare etag W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable cf-ray 6ca0e26eefdd5995-MXP
GET H2	200	style-v4.css therecord.media/wp-content/themes/therecordmedia/assets/css/	345 KB 48 KB	40ms 38ms	Stylesheet text/css	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css?ver=2021-06-29_1 Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b31a805b14cdf1311a94debe97e7d5695f38eca4dddc65d98cb58e9c281cf36d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4606743 cf-polished origSize=459099 x-pantheon-styx-hostname styx-fe2-a-5bffbbcccc-jl55h x-cache HIT, HIT cf-bgj minify content-encoding br x-served-by cache-mdw17346-MDW, cache-wdc5571-WDC last-modified Mon, 15 Nov 2021 13:38:48 GMT server cloudflare x-timer S1636990545.353696,VS0,VE1 etag W/"619262e8-7015b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type text/css x-styx-req-id 8efc07d4-4625-11ec-8e4f-72b5c3456d69 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26ebdab83ac-MXP x-cache-hits 1, 1
GET H2	200	custom-v8.css therecord.media/wp-content/themes/therecordmedia/assets/css/	6 KB 2 KB	52ms 50ms	Stylesheet text/css	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/themes/therecordmedia/assets/css/custom-v8.css?ver=2021-06-29_1 Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a01127152b090004aa159e0d56664e2268a1de5334ba6d9d6515388a0f53a3b9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4606743 cf-polished origSize=7291 x-pantheon-styx-hostname styx-fe2-a-5bffbbcccc-vqjk6 x-cache HIT, HIT cf-bgj minify content-encoding br x-served-by cache-mdw17368-MDW, cache-wdc5529-WDC last-modified Mon, 15 Nov 2021 13:38:48 GMT server cloudflare x-timer S1636990545.381366,VS0,VE1 etag W/"619262e8-1c7b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type text/css x-styx-req-id 8f01a51d-4625-11ec-8937-3a0169694d83 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26ebdad83ac-MXP x-cache-hits 1, 1
GET H2	200	ytprefs.min.css therecord.media/wp-content/plugins/youtube-embed-plus/styles/	8 KB 2 KB	35ms 34ms	Stylesheet text/css	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.0 Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8b6d59899727d24e2745e5f285811ab052169fce05487c35ab8b8ba11487b63c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4606743 x-pantheon-styx-hostname styx-fe2-b-75d6cc764-mswhl x-cache MISS, HIT content-encoding br x-served-by cache-mdw17333-MDW, cache-wdc5568-WDC last-modified Sun, 14 Nov 2021 18:40:01 GMT server cloudflare x-timer S1636990545.372755,VS0,VE0 etag W/"61915801-1e12" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type text/css x-styx-req-id 8f0129a2-4625-11ec-94ad-96febdd7e5e5 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26ebdae83ac-MXP x-cache-hits 0, 2
GET H2	200	cookieconsent.min.css therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/css/	20 KB 4 KB	33ms 31ms	Stylesheet text/css	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/css/cookieconsent.min.css?ver=5.2.5.1 Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c21f3f80c9adfdf9070c994d881f2069818a2d409b62834c805a7f17f08c91ef Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4606743 x-pantheon-styx-hostname styx-fe2-a-5bffbbcccc-8zzpg x-cache MISS, HIT content-encoding br x-served-by cache-mdw17383-MDW, cache-wdc5538-WDC last-modified Sun, 14 Nov 2021 04:23:24 GMT server cloudflare x-timer S1636990545.377420,VS0,VE0 etag W/"61908f3c-519d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type text/css x-styx-req-id 8effd658-4625-11ec-952d-b6cb26c9e387 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26ebdb083ac-MXP x-cache-hits 0, 2
GET H2	200	PrimaryLogo-RGB-Carrot.svg therecord.media/wp-content/uploads/2021/06/	5 KB 2 KB	50ms 49ms	Image image/svg+xml	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://therecord.media/wp-content/uploads/2021/06/PrimaryLogo-RGB-Carrot.svg Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6429c09d26d4abed1c51691f17eb89c9c1fedf440964890e2a0fe9801e93e653 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4945703 x-pantheon-styx-hostname styx-fe2-a-5bffbbcccc-9ssm9 x-cache MISS, HIT content-encoding br x-served-by cache-mdw17343-MDW, cache-wdc5538-WDC last-modified Mon, 25 Oct 2021 16:39:37 GMT server cloudflare x-timer S1636651586.665141,VS0,VE1 etag W/"6176ddc9-1421" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type image/svg+xml access-control-allow-origin * expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26ebdb183ac-MXP x-styx-req-id d3d7cdaf-3d96-11ec-811f-062b5d80bfed x-cache-hits 0, 1
GET H2	200	HP-iLO.png therecord.media/wp-content/uploads/2021/12/	127 KB 128 KB	51ms 50ms	Image image/webp	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://therecord.media/wp-content/uploads/2021/12/HP-iLO.png Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c5d7741d6c26a72b51d67b3c8cad8c12089c0c11f9adff8e7486dd46fbd7eb4e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish cf-cache-status HIT age 817528 cf-polished origFmt=png, origSize=152485 x-cache HIT, HIT x-cache-hits 1, 1 content-disposition inline; filename="HP-iLO.webp" cf-bgj imgq:100,h2pri content-length 130544 x-served-by cache-mdw17363-MDW, cache-iad-kjyo7100022-IAD last-modified Wed, 29 Dec 2021 11:56:19 GMT server cloudflare x-timer S1640779760.884919,VS0,VE1 etag "61cc4ce3-253a5" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept strict-transport-security max-age=31536000; includeSubDomains content-type image/webp x-styx-req-id 0fc91948-689f-11ec-9e10-429becb6668c expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 accept-ranges bytes cf-ray 6ca0e26ebdb383ac-MXP x-pantheon-styx-hostname styx-fe2-b-79754f9dc6-z4zx8
GET H2	200	rocket-loader.min.js Show response therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/	12 KB 4 KB	23ms 23ms	Script application/javascript	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 05 Jan 2022 15:17:54 GMT server cloudflare x-frame-options DENY etag W/"61d5b6a2-302c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript cache-control max-age=172800, public strict-transport-security max-age=31536000; includeSubDomains cf-ray 6ca0e26ebdb483ac-MXP expires Sun, 09 Jan 2022 23:14:48 GMT
GET H2	200	complianz.min.js Show response therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/	40 KB 9 KB	44ms 44ms	Script application/x-javascript	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/complianz.min.js?ver=5.2.5.1 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 326d6c39524da9a4b3d35286c798b93738a4665b29ce498d5b5df959a3a19012 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4606743 x-pantheon-styx-hostname styx-fe2-a-5bffbbcccc-8zzpg x-cache MISS, HIT content-encoding br x-served-by cache-mdw17381-MDW, cache-wdc5539-WDC last-modified Sun, 14 Nov 2021 04:23:24 GMT server cloudflare x-timer S1636990545.441387,VS0,VE0 etag W/"61908f3c-9e2d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript x-styx-req-id 8f00872e-4625-11ec-952d-b6cb26c9e387 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26ede2083ac-MXP x-cache-hits 0, 3
GET H2	200	postscribe.min.js Show response therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/	17 KB 6 KB	41ms 40ms	Script application/x-javascript	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/postscribe.min.js?ver=5.2.5.1 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 3095170 x-pantheon-styx-hostname styx-fe2-b-75d6cc764-bwd94 x-cache MISS, HIT content-encoding br x-served-by cache-mdw17364-MDW, cache-iad-kjyo7100095-IAD last-modified Tue, 23 Nov 2021 03:51:27 GMT server cloudflare x-timer S1638502118.135576,VS0,VE1 etag W/"619c653f-45f4" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript x-styx-req-id 2125f313-4c5f-11ec-81d2-fe868f914ae4 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26ede2383ac-MXP x-cache-hits 0, 1
GET H2	200	cookieconsent.min.js Show response therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/	25 KB 8 KB	41ms 40ms	Script application/x-javascript	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/cookieconsent.min.js?ver=5.2.5.1 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 81dbdd695385ce9e3065e0cf1d8f058169de79244b1d1be4059b527e31d23c77 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4606743 x-pantheon-styx-hostname styx-fe2-b-75d6cc764-d25qg x-cache MISS, HIT content-encoding br x-served-by cache-mdw17364-MDW, cache-wdc5546-WDC last-modified Mon, 15 Nov 2021 13:38:47 GMT server cloudflare x-timer S1636990545.448491,VS0,VE0 etag W/"619262e7-6441" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript x-styx-req-id 8f00b04a-4625-11ec-882c-ce125293931c expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26ede2683ac-MXP x-cache-hits 0, 2
GET H2	200	fitvids.min.js Show response therecord.media/wp-content/plugins/youtube-embed-plus/scripts/	3 KB 1 KB	41ms 39ms	Script application/x-javascript	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.0 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d8be3a402a3b2ad808402cea111ba3d286239d88e06c8e2969c84f46050dc88a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 3095170 x-pantheon-styx-hostname styx-fe2-b-75d6cc764-4h8d5 x-cache MISS, HIT content-encoding br x-served-by cache-mdw17343-MDW, cache-iad-kjyo7100109-IAD last-modified Wed, 17 Nov 2021 09:36:24 GMT server cloudflare x-timer S1638502118.148167,VS0,VE1 etag W/"6194cd18-c1f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript x-styx-req-id 080c0963-4876-11ec-a2d1-3e3cc0d22aa3 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26eee2f83ac-MXP x-cache-hits 0, 1
GET H2	200	main.js Show response therecord.media/wp-content/themes/therecordmedia/assets/js/	24 KB 7 KB	40ms 39ms	Script application/x-javascript	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/themes/therecordmedia/assets/js/main.js?ver=2021-06-29_1 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 13a5d6deee5c86d1c86f8ab010b3dfcab1b0b500590024d8c7a44c279c96d443 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4483597 cf-polished origSize=45161 x-pantheon-styx-hostname styx-fe2-a-5bffbbcccc-vqjk6 x-cache MISS, HIT cf-bgj minify content-encoding br x-served-by cache-mdw17322-MDW, cache-bwi5043-BWI last-modified Sun, 14 Nov 2021 18:40:01 GMT server cloudflare x-timer S1637113692.648361,VS0,VE1 etag W/"61915801-b069" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript x-styx-req-id 8f00e69f-4625-11ec-8937-3a0169694d83 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26eee3183ac-MXP x-cache-hits 0, 1
GET H2	200	jquery.fancybox.min.js Show response cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/	67 KB 22 KB	41ms 32ms	Script application/javascript	2606:4700::6810:5614 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js?ver=2021-06-29_1 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT age 6402475 x-jsd-version 3.5.7 x-cache HIT, HIT cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-served-by cache-fra19166-FRA, cache-mxp6928-MXP timing-allow-origin * x-jsd-version-type version server cloudflare etag W/"10a9d-YYFBLnOWZpbQjh5bEkOlctDyK6Y" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable cf-ray 6ca0e26eefde5995-MXP
GET H2	200	jquery.mCustomScrollbar.min.js Show response cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/	39 KB 11 KB	34ms 25ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.min.js?ver=2021-06-29_1 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 00a1230e22b6af3f9df1348f2cd54dc9dbe026f3a41b9bde3009dcefd1648ae1 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 2518793 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 10595 timing-allow-origin * last-modified Mon, 04 May 2020 16:12:04 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ed4-9cd4" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gBl0y8kfQCf0PxTyosdWFTo92loqYlFryKQJooRmXet8%2Fa90Z%2FfQl7XI8bgIlqFEqXKwrN4HAuRR3HZcPRckuLw0EXf4JkccPDq4UNQdDwD8RM8IHxCc0mKkPVqmlEiLy4oZNl%2FBtUo8ZkvHWIX6JrRH"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6ca0e26eee70599b-MXP expires Wed, 28 Dec 2022 23:14:48 GMT
GET H2	200	custom-v2.js Show response therecord.media/wp-content/themes/therecordmedia/assets/js/	828 B 644 B	41ms 34ms	Script application/x-javascript	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/themes/therecordmedia/assets/js/custom-v2.js?ver=2021-06-29_1 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9f7b3c1c9a817380967e2d68f41c86b4649b68dba06b37a49dab55bb5c5a6eab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4606743 cf-polished origSize=1551 x-pantheon-styx-hostname styx-fe2-a-5bffbbcccc-jl55h x-cache MISS, HIT cf-bgj minify content-encoding br x-served-by cache-mdw17352-MDW, cache-bwi5039-BWI last-modified Sun, 14 Nov 2021 04:23:25 GMT server cloudflare x-timer S1636990545.454014,VS0,VE0 etag W/"61908f3d-60f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript x-styx-req-id 8eff80e2-4625-11ec-8e4f-72b5c3456d69 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26eee4883ac-MXP x-cache-hits 0, 2
GET H2	200	bundle.js Show response therecord.media/wp-content/themes/therecordmedia/assets/js/	276 KB 72 KB	47ms 40ms	Script application/x-javascript	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/themes/therecordmedia/assets/js/bundle.js?ver=2021-06-29_1 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8df981a2e0d74a44530cfe140f2ce72ad4cb7be724706b7a3cfcb160bd06590f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 3095170 cf-polished origSize=525445 x-pantheon-styx-hostname styx-fe2-a-5bffbbcccc-2js64 x-cache MISS, HIT cf-bgj minify content-encoding br x-served-by cache-mdw17346-MDW, cache-iad-kjyo7100056-IAD last-modified Mon, 22 Nov 2021 09:51:30 GMT server cloudflare x-timer S1638502118.207039,VS0,VE2 etag W/"619b6822-80485" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript x-styx-req-id 21309816-4c5f-11ec-be4d-62a9cd3ae778 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26eee4d83ac-MXP x-cache-hits 0, 1
GET H2	200	js Show response www.googletagmanager.com/gtag/	90 KB 36 KB	42ms 17ms	Script application/javascript	2a00:1450:4001:831::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-9153858-16 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 724ddc2356d4f6ad05e503494a9ee0f25237fcc806be41f8580d5a5b3f18b377 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 36311 x-xss-protection 0 last-modified Fri, 07 Jan 2022 21:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 07 Jan 2022 23:14:48 GMT
GET		252628.js js.hs-scripts.com/	0 0
GET H2	200	ytprefs.min.js Show response therecord.media/wp-content/plugins/youtube-embed-plus/scripts/	11 KB 4 KB	45ms 38ms	Script application/x-javascript	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.0 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ce42194a19b1b5cf0191b339629deba1e3441298dc72a3145fe37f65276f09a2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4606743 x-pantheon-styx-hostname styx-fe2-b-75d6cc764-8wd9d x-cache HIT, HIT content-encoding br x-served-by cache-mdw17340-MDW, cache-bwi5067-BWI last-modified Sun, 14 Nov 2021 18:40:01 GMT server cloudflare x-timer S1636990545.461981,VS0,VE0 etag W/"61915801-2ba6" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript x-styx-req-id 8f01529b-4625-11ec-8f8f-e2b451120909 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26eee5583ac-MXP x-cache-hits 1, 2
GET H2	200	modernizr_2.8.3.js Show response therecord.media/wp-content/themes/therecordmedia/assets/js/	15 KB 6 KB	41ms 36ms	Script application/x-javascript	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/themes/therecordmedia/assets/js/modernizr_2.8.3.js?ver=2021-06-29_1 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 82bfc506040c981ec142b63ec85a43e603310d9b5fac6598c5664a144f3c4e3e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 3095170 cf-polished origSize=15506 x-pantheon-styx-hostname styx-fe2-b-75d6cc764-4h8d5 x-cache MISS, HIT cf-bgj minify content-encoding br x-served-by cache-mdw17369-MDW, cache-wdc5577-WDC last-modified Tue, 16 Nov 2021 23:08:29 GMT server cloudflare x-timer S1638502118.200656,VS0,VE1 etag W/"619439ed-3c92" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript x-styx-req-id 080f50be-4876-11ec-a2d1-3e3cc0d22aa3 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26eee5c83ac-MXP x-cache-hits 0, 1
GET H2	200	jquery-migrate.min.js Show response therecord.media/wp-includes/js/jquery/	11 KB 4 KB	39ms 36ms	Script application/x-javascript	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4606743 x-pantheon-styx-hostname styx-fe2-a-5bffbbcccc-8zzpg x-cache HIT, HIT content-encoding br x-served-by cache-mdw17380-MDW, cache-wdc5554-WDC last-modified Sun, 14 Nov 2021 04:23:26 GMT server cloudflare x-timer S1636990545.448927,VS0,VE1 etag W/"61908f3e-2bd8" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript x-styx-req-id 8f017d9e-4625-11ec-952d-b6cb26c9e387 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26eee5f83ac-MXP x-cache-hits 1, 1
GET H2	200	jquery.min.js Show response therecord.media/wp-includes/js/jquery/	87 KB 31 KB	37ms 33ms	Script application/x-javascript	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4606743 x-pantheon-styx-hostname styx-fe2-a-5bffbbcccc-2js64 x-cache MISS, HIT content-encoding br x-served-by cache-mdw17373-MDW, cache-bwi5077-BWI last-modified Sun, 14 Nov 2021 04:23:26 GMT server cloudflare x-timer S1636990545.462311,VS0,VE1 etag W/"61908f3e-15db1" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript x-styx-req-id 8effef48-4625-11ec-be4d-62a9cd3ae778 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26eee6683ac-MXP x-cache-hits 0, 1
GET H2	200	icomoon.ttf therecord.media/wp-content/themes/therecordmedia/assets/fonts/custom/	4 KB 4 KB	30ms 26ms	Font application/x-font-ttf	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/themes/therecordmedia/assets/fonts/custom/icomoon.ttf?fiuh6y Requested by Host: therecord.media URL: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css?ver=2021-06-29_1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4a6db13132ef5e4dc98723529dedf677f84b4993b7db70339cb1de93a910ffce Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css?ver=2021-06-29_1 Origin https://therecord.media Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish vary Accept-Encoding cf-cache-status HIT age 4944801 x-pantheon-styx-hostname styx-fe2-b-6cf4595974-tkn5g x-cache HIT, HIT x-served-by cache-mdw17350-MDW, cache-bwi5023-BWI last-modified Thu, 28 Oct 2021 15:47:40 GMT server cloudflare x-timer S1636652488.898771,VS0,VE1 etag W/"617ac61c-107c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/x-font-ttf access-control-allow-origin * expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 cf-ray 6ca0e26f2f1383ac-MXP x-styx-req-id 0a749615-3812-11ec-8dcb-6ed349c1c73f x-cache-hits 1, 1
GET H2	200	gudea-400-latin.woff2 therecord.media/wp-content/themes/therecordmedia/assets/fonts/gudea/	8 KB 8 KB	40ms 35ms	Font font/woff2	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/themes/therecordmedia/assets/fonts/gudea/gudea-400-latin.woff2 Requested by Host: therecord.media URL: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css?ver=2021-06-29_1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f23ec5c633f64e45cdb8119ea2bd55f81bd2bf4a46131cc6e7aa415024db18f1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css?ver=2021-06-29_1 Origin https://therecord.media Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish cf-cache-status HIT age 4944801 x-pantheon-styx-hostname styx-fe2-a-5f44469ddc-9l82c x-cache MISS, HIT strict-transport-security max-age=31536000; includeSubDomains content-length 7856 x-served-by cache-mdw17344-MDW, cache-wdc5562-WDC last-modified Wed, 03 Nov 2021 15:54:03 GMT server cloudflare x-timer S1636652488.927120,VS0,VE1 etag "6182b09b-1eb0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 accept-ranges bytes cf-ray 6ca0e26f3f1b83ac-MXP x-styx-req-id 08112dbf-3d46-11ec-92da-66ca9ee36be7 x-cache-hits 0, 1
GET H2	200	oswald-400-latin.woff2 therecord.media/wp-content/themes/therecordmedia/assets/fonts/oswald/	24 KB 24 KB	31ms 28ms	Font font/woff2	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/themes/therecordmedia/assets/fonts/oswald/oswald-400-latin.woff2 Requested by Host: therecord.media URL: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css?ver=2021-06-29_1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f1010cf08825a41c768a117755a496da61a306c41b83c383ea66f1bb3334bb14 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css?ver=2021-06-29_1 Origin https://therecord.media Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish cf-cache-status HIT age 4944801 x-pantheon-styx-hostname styx-fe2-a-5f44469ddc-p85k9 x-cache MISS, HIT strict-transport-security max-age=31536000; includeSubDomains content-length 24064 x-served-by cache-mdw17331-MDW, cache-bwi5043-BWI last-modified Thu, 28 Oct 2021 15:47:40 GMT server cloudflare x-timer S1636652488.899371,VS0,VE3 etag "617ac61c-5e00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 accept-ranges bytes cf-ray 6ca0e26f3f1f83ac-MXP x-styx-req-id 56d54f37-381a-11ec-8d6c-a6abd588099d x-cache-hits 0, 1
GET H2	200	oswald-700-latin.woff2 therecord.media/wp-content/themes/therecordmedia/assets/fonts/oswald/	24 KB 24 KB	33ms 30ms	Font font/woff2	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/themes/therecordmedia/assets/fonts/oswald/oswald-700-latin.woff2 Requested by Host: therecord.media URL: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css?ver=2021-06-29_1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f1010cf08825a41c768a117755a496da61a306c41b83c383ea66f1bb3334bb14 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css?ver=2021-06-29_1 Origin https://therecord.media Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish cf-cache-status HIT age 4944801 x-pantheon-styx-hostname styx-fe2-b-6cf4595974-6m9mg x-cache MISS, HIT strict-transport-security max-age=31536000; includeSubDomains content-length 24064 x-served-by cache-mdw17334-MDW, cache-wdc5563-WDC last-modified Wed, 03 Nov 2021 15:54:03 GMT server cloudflare x-timer S1636652488.918515,VS0,VE1 etag "6182b09b-5e00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 accept-ranges bytes cf-ray 6ca0e26f3f2283ac-MXP x-styx-req-id 6605c713-3d5e-11ec-a383-3277ea497536 x-cache-hits 0, 1
GET H2	200	gudea-700-latin.woff2 therecord.media/wp-content/themes/therecordmedia/assets/fonts/gudea/	8 KB 8 KB	34ms 32ms	Font font/woff2	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-content/themes/therecordmedia/assets/fonts/gudea/gudea-700-latin.woff2 Requested by Host: therecord.media URL: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css?ver=2021-06-29_1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3d3367b895674ec706b02be65ae0ee7416f158836f88ddc1d3e469e3bdd6cd4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v4.css?ver=2021-06-29_1 Origin https://therecord.media Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish cf-cache-status HIT age 4944801 x-pantheon-styx-hostname styx-fe2-b-6cf4595974-8pr5t x-cache MISS, HIT strict-transport-security max-age=31536000; includeSubDomains content-length 7932 x-served-by cache-mdw17370-MDW, cache-wdc5538-WDC last-modified Thu, 28 Oct 2021 15:47:40 GMT server cloudflare x-timer S1636652488.905926,VS0,VE2 etag "617ac61c-1efc" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 accept-ranges bytes cf-ray 6ca0e26f3f2483ac-MXP x-styx-req-id 4436d55e-3822-11ec-b1cd-36fd5dbf0b73 x-cache-hits 0, 1
GET H2	200	HP-iLO-fake-update.png therecord.media/wp-content/uploads/2021/12/	87 KB 88 KB	29ms 29ms	Image image/webp	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://therecord.media/wp-content/uploads/2021/12/HP-iLO-fake-update.png Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8a82f00ab65c16e088696a4c21fb39abc4f96360ed1c69fc08cf736fdfb4f504 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish cf-cache-status HIT age 817480 cf-polished origFmt=png, origSize=137518 x-cache MISS, HIT x-cache-hits 0, 1 content-disposition inline; filename="HP-iLO-fake-update.webp" cf-bgj imgq:100,h2pri content-length 89214 x-served-by cache-mdw17376-MDW, cache-wdc5560-WDC last-modified Wed, 29 Dec 2021 11:56:14 GMT server cloudflare x-timer S1640779809.536660,VS0,VE1 etag "61cc4cde-2192e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept strict-transport-security max-age=31536000; includeSubDomains content-type image/webp x-styx-req-id 106c7def-689f-11ec-9a7f-02d924bfecf7 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 accept-ranges bytes cf-ray 6ca0e26f6f9b83ac-MXP x-pantheon-styx-hostname styx-fe2-b-79754f9dc6-lhh9b
GET H2	200	2021_1209-Victim-Data-Released-on-Ransomware-Extortion-Sites-1-1024x607.jpg therecord.media/wp-content/uploads/2021/12/	45 KB 45 KB	31ms 31ms	Image image/webp	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://therecord.media/wp-content/uploads/2021/12/2021_1209-Victim-Data-Released-on-Ransomware-Extortion-Sites-1-1024x607.jpg Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d9697e2769a5484e3d9086c6f3c97746dff2d88d5c0bd7c5367a020dd5d097ce Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT via 1.1 varnish, 1.1 varnish cf-cache-status HIT age 1996049 cf-polished origFmt=jpeg, origSize=56591 x-cache MISS, HIT x-cache-hits 0, 1 content-disposition inline; filename="2021_1209-Victim-Data-Released-on-Ransomware-Extortion-Sites-1-1024x607.webp" cf-bgj imgq:100,h2pri content-length 45912 x-served-by cache-mdw17330-MDW, cache-wdc5568-WDC last-modified Fri, 10 Dec 2021 22:23:57 GMT server cloudflare x-timer S1639601239.227973,VS0,VE1 etag "61b3d37d-dd0f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept strict-transport-security max-age=31536000; includeSubDomains content-type image/webp x-styx-req-id 26cda47e-5ddc-11ec-8fd2-baa71e14cff3 expires Sun, 08 Jan 2023 23:14:48 GMT cache-control public, max-age=31622400 accept-ranges bytes cf-ray 6ca0e26f6f9e83ac-MXP x-pantheon-styx-hostname styx-fe2-b-79754f9dc6-9hr9h
GET H2	200	gtm.js Show response www.googletagmanager.com/	86 KB 33 KB	19ms 19ms	Script application/javascript	2a00:1450:4001:831::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-PVJ5W86 Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 59413cb5f7d6b535b61959a1a4dfb238e030198adf1e3e4b4fe7764a5c243e3a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 33899 x-xss-protection 0 last-modified Fri, 07 Jan 2022 21:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 07 Jan 2022 23:14:48 GMT
GET H2	200	matomo.js Show response cdn.matomo.cloud/recordedfuture.matomo.cloud/	193 KB 56 KB	66ms 8ms	Script application/javascript	2600:9000:2156:9200:c:7d55:b3c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9200:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 19408a2a6d8207752bb520e95e694c4f2e4e56d93c4a3e0a4cc3753e8b5dd33d Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 31 Dec 2021 03:14:52 GMT content-encoding gzip age 676797 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED last-modified Mon, 20 Dec 2021 22:48:10 GMT server AmazonS3 etag W/"58b53f4f1db062679d6a7cdc258d2cfe" vary Accept-Encoding x-amz-version-id JGCD0MqQAK2z07sl5epncp464KxxSm7K via 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront) cache-control max-age=691200 x-amz-cf-pop FRA50-C1 content-type application/javascript; charset=utf-8 x-amz-cf-id RIVQz6W1HIQNn6DULtSxASsYvSW2M1uOj_Hk4e2NY42_RFrfCQYe5A==
GET H2	200	container_41sBJe2I.js Show response cdn.matomo.cloud/recordedfuture.matomo.cloud/	25 KB 8 KB	66ms 9ms	Script application/javascript	2600:9000:2156:9200:c:7d55:b3c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.matomo.cloud/recordedfuture.matomo.cloud/container_41sBJe2I.js Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9200:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 0d29a99ba6e6339a9e40f9cb8ec7f396c94beae09ce7cfc28ea886c24826ea22 Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 04 Jan 2022 22:29:13 GMT content-encoding gzip age 261936 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED last-modified Mon, 20 Dec 2021 22:48:10 GMT server AmazonS3 etag W/"eacbf10aba86e780c7be3d168e5ce52a" vary Accept-Encoding x-amz-version-id Ap.ZmkicvvkJ_miwo.asmF.Pci0o0KZP via 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront) cache-control max-age=691200 x-amz-cf-pop FRA50-C1 content-type application/javascript; charset=utf-8 x-amz-cf-id OVYaNjXtBeLNRjL4GY1WHoEPKcEZYRlLkHi1km6Z0VhNpgRBy94OKg==
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	29ms 6ms	Script text/javascript	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-9153858-16 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Tue, 02 Nov 2021 17:39:06 GMT server Golfe2 age 822 date Fri, 07 Jan 2022 23:01:06 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Sat, 08 Jan 2022 01:01:06 GMT
GET H3	200	jquery.mousewheel.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/	3 KB 2 KB	47ms 25ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js Requested by Host: therecord.media URL: https://therecord.media/wp-content/themes/therecordmedia/assets/js/bundle.js?ver=2021-06-29_1 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 6842181 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 1046 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:46 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec2-ad3" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=02GViCxCLEvm%2BfJYrLGMbsQOoQt42BADE4%2Beyg2TaYFNnj6YQpVtiVkrG26pv74xQ7hsUxR5%2FM8pRtfXhXjN7g99qUaxsIXoD2dyMztjAQCDoyfwgCqm6lrLbMwkyCaDOg4hhvQD%2B0oO7qDbpPjbG4hE"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6ca0e2702c210f86-MXP expires Wed, 28 Dec 2022 23:14:48 GMT
GET H2	200	iframe_api Show response www.youtube.com/	980 B 1 KB	49ms 28ms	Script text/javascript	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/iframe_api Requested by Host: therecord.media URL: https://therecord.media/wp-content/themes/therecordmedia/assets/js/main.js?ver=2021-06-29_1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2807db05f536fe45b16757ee0be3052e74fc954f23604d07c53889796adbbdab Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:48 GMT content-encoding br x-content-type-options nosniff p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info." cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 server ESF x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 report-to {"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]} content-type text/javascript; charset=utf-8 cache-control private, max-age=0 permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=* cross-origin-opener-policy-report-only same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ" expires Fri, 07 Jan 2022 23:14:48 GMT
GET H2	200	252628.js Show response js.hs-scripts.com/	1 KB 953 B	140ms 139ms	Script application/javascript	2606:4700::6811:d4cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/252628.js Requested by Host: therecord.media URL: https://therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5c91d86908b061183221f862979302269be67d1887014767fc954c8a9485d98e Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:49 GMT content-encoding br vary Accept-Encoding cf-cache-status EXPIRED x-hubspot-correlation-id 8b23e75c-888d-4a34-8bfd-a7ed83ee8d0f last-modified Fri, 07 Jan 2022 23:11:32 GMT server cloudflare x-trace 2BFB6A8974D8EF499651F15E3140BCF2C06ADE9C9F000000000000000000 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://therecord.media cache-control public, max-age=60 access-control-allow-credentials true cf-ray 6ca0e2700b7d5a19-MXP expires Fri, 07 Jan 2022 23:15:49 GMT
GET H/1.1	200 OK	6si.min.js Show response j.6sc.co/	27 KB 9 KB	71ms 18ms	Script application/javascript	104.111.233.140 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: therecord.media URL: https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-233-140.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 07 Jan 2022 23:14:49 GMT Content-Encoding gzip X-Content-Type-Options nosniff Connection keep-alive Vary Accept-Encoding Content-Length 8575 Pragma no-cache Last-Modified Thu, 07 Oct 2021 17:17:43 GMT Server nginx/1.14.0 (Ubuntu) ETag "615f2bb7-6a5f" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type application/javascript Access-Control-Allow-Origin Cache-Control private, no-cache, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Fri, 07 Jan 2022 23:14:49 GMT
GET H2	200	/ Show response therecord.media/wp-json/complianz/v1/banner/	125 B 677 B	594ms 593ms	XHR application/json	2606:4700::6812:721 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://therecord.media/wp-json/complianz/v1/banner/?lang=en&locale=en_US&token=jwejx Requested by Host: therecord.media URL: https://therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/js/complianz.min.js?ver=5.2.5.1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eb4cc9acf9651a4fe776ead01593f1f6bcbcfba7416274359ac9922450dabe4a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-type application/json Response headers date Fri, 07 Jan 2022 23:14:49 GMT via 1.1 varnish, 1.1 varnish x-content-type-options nosniff cf-cache-status DYNAMIC age 0 x-pantheon-styx-hostname styx-fe2-a-54cb89b9bf-5wkrk x-cache MISS, MISS x-cloud-trace-context 8de929c95d8940599393a0ab5743888a/5605503390772615859;o=0 strict-transport-security max-age=31536000; includeSubDomains content-encoding br x-served-by cache-mdw17363-MDW, cache-wdc5555-WDC access-control-allow-headers Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type server cloudflare traceparent 00-8de929c95d8940599393a0ab5743888a-4dcabfa27a3fdab3-00 x-timer S1641597289.341565,VS0,VE159 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/json x-styx-req-id 9c782274-700f-11ec-9014-f227bc29ac87 access-control-expose-headers X-WP-Total, X-WP-TotalPages, Link x-robots-tag noindex cf-ray 6ca0e270194583ac-MXP link <https://therecord.media/wp-json/>; rel="https://api.w.org/" x-cache-hits 0, 0
GET H2	200	5fcff613fdfb0dbe15ddb3c49d4f54cd secure.gravatar.com/avatar/	3 KB 3 KB	126ms 40ms	Image image/jpeg	2a04:fa87:fffe::c000:4902 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://secure.gravatar.com/avatar/5fcff613fdfb0dbe15ddb3c49d4f54cd?s=96&d=mm&r=g Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash b7385d6b65674888c6500c665b56a10ef98183a22dc8674ec0caf3deb532d215 Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-nc HIT mxp 1 date Fri, 07 Jan 2022 23:14:49 GMT last-modified Fri, 05 Mar 2021 15:49:20 GMT server nginx content-type image/jpeg access-control-allow-origin * cache-control max-age=300 content-disposition inline; filename="5fcff613fdfb0dbe15ddb3c49d4f54cd.jpeg" accept-ranges bytes link <https://www.gravatar.com/avatar/5fcff613fdfb0dbe15ddb3c49d4f54cd?s=96&d=mm&r=g>; rel="canonical" content-length 3276 expires Fri, 07 Jan 2022 23:19:49 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	1 B 21 B	28ms 13ms	XHR text/plain	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1447803232&t=pageview&_s=1&dl=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F&ul=en-us&de=UTF-8&dt=Threat%20actor%20uses%20HP%20iLO%20rootkit%20to%20wipe%20servers%20-%20The%20Record%20by%20Recorded%20Future&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1457513151&gjid=2079355382&cid=866377386.1641597289&tid=UA-9153858-16&_gid=1436840923.1641597289&_r=1&gtm=2ou150&z=949192494 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://therecord.media/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 07 Jan 2022 23:14:49 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://therecord.media cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	matomo.php recordedfuture.matomo.cloud/	0 167 B	79ms 51ms	Ping text/plain	35.71.162.228 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://recordedfuture.matomo.cloud/matomo.php?action_name=therecord.media%2FThreat%20actor%20uses%20HP%20iLO%20rootkit%20to%20wipe%20servers%20-%20The%20Record%20by%20Recorded%20Future&idsite=2&rec=1&r=779427&h=23&m=14&s=49&url=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F&_id=ca0d698f210fb067&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=OMtf78&fa_pv=1&fa_fp[0][fa_vid]=bAL3B3&fa_fp[0][fa_fv]=1&fa_fp[2][fa_vid]=FcxQOt&fa_fp[2][fa_fv]=1&fa_fp[3][fa_vid]=wCShv8&fa_fp[3][fa_fv]=1&pf_net=56&pf_srv=1003&pf_tfr=2&pf_dm1=20&pf_dm2=128&pf_onl=0 Requested by Host: cdn.matomo.cloud URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.71.162.228 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a8b6f710f441cdbc2.awsglobalaccelerator.com Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://therecord.media/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=utf-8 Response headers access-control-allow-origin https://therecord.media date Fri, 07 Jan 2022 23:14:49 GMT access-control-allow-credentials true server Apache vary X-Forwarded-Port-Override,X-Forwarded-Proto-Override,User-Agent
GET H3	200	www-widgetapi.js Show response www.youtube.com/s/player/edff9f99/www-widgetapi.vflset/	149 KB 48 KB	22ms 7ms	Script text/javascript	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/edff9f99/www-widgetapi.vflset/www-widgetapi.js Requested by Host: www.youtube.com URL: https://www.youtube.com/iframe_api Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a30efe5482066576af9976d7b0716c88d2ccd05e54bfb481bd8485427945dbd0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 19:48:58 GMT content-encoding br x-content-type-options nosniff age 12351 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 49417 x-xss-protection 0 last-modified Wed, 05 Jan 2022 01:18:03 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Sat, 07 Jan 2023 19:48:58 GMT
GET H3	200	jquery.mCustomScrollbar.min.css Show response cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/	42 KB 4 KB	43ms 23ms	XHR text/css	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.min.css?ver=2021-06-29_1 Requested by Host: cdn.matomo.cloud URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 247184981eb6f698a94e431a83d68c6b0df623cce57b6e29dc5a6c11e23aa195 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:49 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 2516596 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 3359 timing-allow-origin * last-modified Mon, 04 May 2020 16:12:04 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ed4-a757" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JCA66POOPPE3Erl3IQoSjjd3S2Fu23qc%2Frp2W9ZHYDY9WZWkWSis84PYMbIApJpFa%2BCAZAbDW5wnv1bgJZjVZo1Uy9cfuEQav1GBdzs4A9n0UOIkVWs6p0YAVfhJ%2Fqo1bsxzNZPdpNjfbtSJp07WpvsE"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6ca0e270a9d03754-MXP expires Wed, 28 Dec 2022 23:14:49 GMT
GET H3	200	jquery.fancybox.min.css Show response cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/	12 KB 4 KB	50ms 24ms	XHR text/css	2606:4700::6810:5614 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css?ver=2021-06-29_1 Requested by Host: cdn.matomo.cloud URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:49 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT age 6402477 x-jsd-version 3.5.7 x-cache HIT, HIT cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-served-by cache-fra19172-FRA, cache-mxp6921-MXP timing-allow-origin * x-jsd-version-type version server cloudflare etag W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable cf-ray 6ca0e270bc993743-MXP
GET H2	200	configs.php Show response recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/	116 B 291 B	15ms 15ms	Script application/javascript	35.71.162.228 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=2&trackerid=H3TekT&url=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F Requested by Host: cdn.matomo.cloud URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.71.162.228 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a8b6f710f441cdbc2.awsglobalaccelerator.com Software Apache / Resource Hash d6811e00e500f0da18cfa32bf861ec012af99b00d62f126e434f7682ea69dcd1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:49 GMT content-encoding gzip server Apache content-length 119 vary X-Forwarded-Port-Override,X-Forwarded-Proto-Override,Accept-Encoding,User-Agent content-type application/javascript
GET H/1.1	200 OK	getuidj Show response secure.adnxs.com/	11 B 689 B	34ms 12ms	XHR application/json	37.252.173.22 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/getuidj Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.17.9 / Resource Hash 31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Fri, 07 Jan 2022 23:14:49 GMT X-Proxy-Origin 217.64.151.28; 217.64.151.28; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com AN-X-Request-Uuid 25d4e403-6c4e-4826-b6e0-fdc9f5638a72 Server nginx/1.17.9 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin https://therecord.media Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json; charset=utf-8 Content-Length 11 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	/ Show response c.6sc.co/	47 B 371 B	72ms 18ms	XHR text/plain	104.111.233.140 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-233-140.deploy.static.akamaitechnologies.com Software / Resource Hash b15ae1647df56846b4b4c490bea10267627dc51234c719944c710ebd61a2a5f8 Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 07 Jan 2022 23:14:49 GMT Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type text/plain Access-Control-Allow-Origin https://therecord.media Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers * Content-Length 47
GET H2	200	252628.js Show response js.hs-analytics.net/analytics/1641597000000/	63 KB 20 KB	79ms 29ms	Script text/javascript	2606:4700::6811:43b0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1641597000000/252628.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/252628.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:43b0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f958b4527bcb3c4da9d038386657b0a8e498e40bb6d5eede4f0a42d4b1503221 Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:49 GMT content-encoding br cf-cache-status HIT age 213 x-amz-server-side-encryption AES256 x-amz-request-id 51RWFK265PD2QC2F x-amz-id-2 +JDqVU354IyD0JFVRxxq/In3GOrs4grdcLg9XtabbnjI+Cu1ku6MpLvDKe4/0cMDJWljgmiuQ1Q= last-modified Mon, 19 Jul 2021 13:55:02 GMT server cloudflare etag W/"eb683456778d317c80ce91826fab13f7" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/javascript cache-control max-age=300, public access-control-allow-credentials false x-amz-version-id null cf-ray 6ca0e27148eb0f7e-MXP expires Fri, 07 Jan 2022 23:16:16 GMT
GET H2	200	252628.js Show response js.hs-banner.com/	61 KB 16 KB	97ms 45ms	Script text/javascript	2606:4700::6812:15bf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/252628.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/252628.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e90135befb1cde3a65a625bd4b1947fe8241484d5248194fbb3ab8b3b9912706 Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:49 GMT content-encoding br cf-cache-status HIT age 213 x-amz-server-side-encryption AES256 content-type text/javascript; charset=UTF-8 access-control-max-age 604800 x-amz-request-id FP09MQT0SSP4QMMR x-amz-id-2 HDiVsa6zUK5INntQ/3sSYCBxjqSc3vVoFXpCbOdgsyPBlLAMZINkSbfH/qGzkDLPTBqshzUDpDQ= timing-allow-origin * last-modified Fri, 03 Sep 2021 19:24:49 GMT server cloudflare etag W/"e0c913f4a0cc31dc55b4467584a6d8e8" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-amz-version-id lq2tXQvbi9wr797yewJV6QQGCJrrtX2q access-control-allow-origin https://therecord.media access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300, public access-control-allow-credentials true cf-ray 6ca0e27148c15a0d-MXP access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id expires Fri, 07 Jan 2022 23:16:16 GMT
GET H2	200	leadflows.js Show response js.hsleadflows.net/	537 KB 87 KB	81ms 36ms	Script application/javascript	2606:4700::6811:e9cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsleadflows.net/leadflows.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/252628.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:e9cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bb54934c45f4c74ce2c3d2cc7b8b08b49b5c75d1dc0a64dd5071bf2b452c69ea Request headers Referer https://therecord.media/ Origin https://therecord.media Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:49 GMT via 1.1 b9d1b307966c2273bf97ed7c681603da.cloudfront.net (CloudFront) cf-cache-status HIT age 80990 x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1066/bundle/main/lead-flows-release.js&cfRay=6c9929271f123757-IAD x-cache RefreshHit from cloudfront access-control-max-age 3000 x-amz-replication-status COMPLETED content-encoding br cf-ray 6ca0e2713a84375f-MXP last-modified Fri, 10 Dec 2021 01:08:50 UTC server cloudflare etag W/"a20da5f3327ff62c3dfbc71571e4fc6d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding access-control-allow-methods GET x-amz-version-id L5EK4Wtvn0GVRD3yODp9CC_dzIEEuKk. access-control-allow-origin * cache-control s-maxage=86400, max-age=0 x-hs-cache-status MISS x-amz-cf-pop IAD89-P1 content-type application/javascript; charset=utf-8 x-amz-cf-id SWIL5adibEeqNgHSmPkYifE-CwTirDwLPD_fm-AzX-5EO_o6PeHDKQ== x-hs-target-asset lead-flows-js/static-1.1066/bundle/main/lead-flows-release.js
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	236ms 189ms	Image image/gif	104.111.233.140 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&session=6b5559c3-199d-4314-8153-9149d0c02150&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2007%20Jan%202022%2023%3A14%3A49%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20actor%20uses%20HP%20iLO%20rootkit%20to%20wipe%20servers%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F&pageViewId=b3015d64-d52d-4ba3-8000-8a0738597440&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-233-140.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 07 Jan 2022 23:14:49 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Tue, 05 Oct 2021 22:17:52 GMT Server nginx/1.14.0 (Ubuntu) ETag "615ccf10-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1005 B	203ms 152ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1792297217&v=1.1&a=252628&rcu=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F&pu=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F&t=Threat+actor+uses+HP+iLO+rootkit+to+wipe+servers+-+The+Record+by+Recorded+Future&cts=1641597289196&vi=f45b67329312347fd8244ba47941a8d9&nc=true&ce=false&cc=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:49 GMT vary Accept-Encoding cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id 4d4f4836-ce21-4950-9a2a-3e6b19bcb4ae cf-ray 6ca0e271ec01375f-MXP p3p CP="NOI CUR ADM OUR NOR STA NID" alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 45 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pQ4PUgbxU9AozshtDcgUY6jTucivgYLrNOexIz60F7%2F%2FMCnmW2BikZqOafIuWE0gH%2BZTzh8EYdhmbBsDVR6i%2BgEXOoZso%2BXNsjFQZpZqghgBcT8QR0YvTlameHi0VEXM1vHiv2R%2F%2FWQYdg3qrrSL"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control no-cache, no-store, no-transform access-control-allow-credentials false x-robots-tag none
GET H2	200	json Show response forms.hubspot.com/lead-flows-config/v1/config/	2 KB 2 KB	205ms 155ms	XHR application/json	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=252628&utk=f45b67329312347fd8244ba47941a8d9&__hstc=156209188.f45b67329312347fd8244ba47941a8d9.1641597289194.1641597289194.1641597289194.1&__hssc=156209188.1.1641597289194&currentUrl=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F Requested by Host: js.hsleadflows.net URL: https://js.hsleadflows.net/leadflows.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 46fbf30af674d112acf2d55c44a982141bfea718a44e6eea8cf4f25e470f12a2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:49 GMT content-encoding br vary Accept-Encoding cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id a503fe35-873b-4ce1-9f03-abe4c7bcb0cf access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-robots-tag none server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 180 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wmdmIBYAN96SHXt5sQtV8QgJivY%2Fnp9y6uCKqkwlP4bJiTpiXy43Tbsg%2Bfz1EGC3%2BkGgiJ1aArCwsXTjd2kEQkSOhSK0xY4F%2B%2FwXN8XkRel%2F3aizcxuveodj%2FFEVKXKVWR%2FX2hkgmQF3t6%2BSH4LA"}],"group":"cf-nel","max_age":604800} content-type application/json;charset=utf-8 access-control-allow-origin https://therecord.media cache-control max-age=0, no-cache, no-store access-control-allow-credentials false cf-ray 6ca0e272998e5a3d-MXP access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
GET H3	200	__ptq.gif track.hubspot.com/	45 B 774 B	184ms 163ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=16&fi=1b047a85-2db0-47ce-a965-8fa2de5a991b&lfi=2694169&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1792297217&v=1.1&a=252628&rcu=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F&pu=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F&t=Threat+actor+uses+HP+iLO+rootkit+to+wipe+servers+-+The+Record+by+Recorded+Future&cts=1641597289533&vi=f45b67329312347fd8244ba47941a8d9&nc=true&u=156209188.f45b67329312347fd8244ba47941a8d9.1641597289194.1641597289194.1641597289194.1&b=156209188.1.1641597289194&cc=15 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 07 Jan 2022 23:14:49 GMT vary Accept-Encoding cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id 0c08f07b-17c8-43fc-97b0-64f4446712d1 cf-ray 6ca0e273c814375c-MXP p3p CP="NOI CUR ADM OUR NOR STA NID" alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 45 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=en8VR%2F5x1%2Bns9oontVYnSTN6hOR1YI059GipJ0ddn7In1qryCx10BfId6BHAW0GoTQblrQvZgNUGSKrG0Csl29It3PmXAW%2FSqjs4eN6s9MNGpIOZ%2B11XT9dfMPSONjvGwrpf5cMBTW2o22HmwAKs"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control no-cache, no-store, no-transform access-control-allow-credentials false x-robots-tag none
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	212ms 212ms	Image image/gif	104.111.233.140 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10028324000069c9d861150000002c0b0d00&session=6b5559c3-199d-4314-8153-9149d0c02150&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2007%20Jan%202022%2023%3A14%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2007%20Jan%202022%2023%3A14%3A49%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20actor%20uses%20HP%20iLO%20rootkit%20to%20wipe%20servers%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F&pageViewId=b3015d64-d52d-4ba3-8000-8a0738597440&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-233-140.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 07 Jan 2022 23:14:50 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Fri, 21 Feb 2020 18:57:20 GMT Server nginx/1.14.0 (Ubuntu) ETag "5e502810-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	iphonex_mockup.png go.recordedfuture.com/hubfs/	190 KB 192 KB	220ms 47ms	Image image/webp	2606:2c40::c73c:67fe CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://go.recordedfuture.com/hubfs/iphonex_mockup.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 9f5a9ec8652b839da4c94dadcf813b464f836d80d6083989853f1033957acc60 Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-meta-cache-tag F-38679274737,P-252628,FLS-ALL age 709969 x-amz-server-side-encryption AES256 edge-cache-tag F-38679274737,P-252628,FLS-ALL x-amz-replication-status PENDING content-disposition inline; filename="iphonex_mockup.webp" x-hs-cf-lambda us-east-1.enforceAclForReadsProd 12 x-amz-request-id N6N6MMX5D1NHGYEH cf-bgj imgq:85,h2pri etag "8e4a9a910444dc630d9dde1cc3bd77f7" vary Accept, Accept-Encoding access-control-allow-methods GET content-type image/webp access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 12 x-amz-meta-created-unix-time-millis 1607733110293 date Fri, 07 Jan 2022 23:14:50 GMT via 1.1 dcfd78c05ae02ba7df7f221cacf87f22.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop MXP63-P3 x-hs-alternate-content-type text/plain cf-polished origFmt=png, origSize=331559 x-cache RefreshHit from cloudfront x-amz-meta-index-tag all content-length 194832 x-amz-id-2 vG9ID0UBaNn/hhagPIPZqdoOxhC+HlvQy3oOIuAmDzSZ1GONYUIkjU3ROev9buzs6pxpJ6u8J0M= last-modified Thu, 09 Dec 2021 17:00:15 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9yZJtN%2FgXOSucxlds2KGU2699scdn%2BgM0rXHdhpmV5qxvlYFv3%2BL7GWnrLgujIO6kcV89Pn20Dur0NxbEfwg7G6bqlsPzlLxHSOK1IbLyE5AW09zQH4CIiz%2FWSCCehwi6XsMCruO1Ie7gZn%2BGbVhg8u4dA%3D%3D"}],"group":"cf-nel","max_age":604800} x-amz-version-id r9ZOT95rdFsvuhynefdRWZgkO0lzhV1L accept-ranges bytes cf-ray 6ca0e27afe09839d-MXP x-amz-cf-id OKRbZ9AiK5lCZsKlIFciaZZd2KkWUFo71Ks_czyajDrU-Vlc6lpUXA==
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	249ms 248ms	Image image/gif	104.111.233.140 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10028324000069c9d861150000002c0b0d00&session=6b5559c3-199d-4314-8153-9149d0c02150&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2007%20Jan%202022%2023%3A14%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2007%20Jan%202022%2023%3A14%3A50%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222002%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20actor%20uses%20HP%20iLO%20rootkit%20to%20wipe%20servers%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F&pageViewId=b3015d64-d52d-4ba3-8000-8a0738597440&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-233-140.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 07 Jan 2022 23:14:51 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Fri, 21 Feb 2020 18:57:20 GMT Server nginx/1.14.0 (Ubuntu) ETag "5e502810-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	190ms 190ms	Image image/gif	104.111.233.140 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10028324000069c9d861150000002c0b0d00&session=6b5559c3-199d-4314-8153-9149d0c02150&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2007%20Jan%202022%2023%3A14%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2007%20Jan%202022%2023%3A14%3A51%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20actor%20uses%20HP%20iLO%20rootkit%20to%20wipe%20servers%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F&pageViewId=b3015d64-d52d-4ba3-8000-8a0738597440&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-233-140.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 07 Jan 2022 23:14:52 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Fri, 21 Feb 2020 18:57:20 GMT Server nginx/1.14.0 (Ubuntu) ETag "5e502810-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	194ms 193ms	Image image/gif	104.111.233.140 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10028324000069c9d861150000002c0b0d00&session=6b5559c3-199d-4314-8153-9149d0c02150&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2007%20Jan%202022%2023%3A14%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2007%20Jan%202022%2023%3A14%3A52%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20actor%20uses%20HP%20iLO%20rootkit%20to%20wipe%20servers%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fthreat-actor-uses-hp-ilo-rootkit-to-wipe-servers%2F&pageViewId=b3015d64-d52d-4ba3-8000-8a0738597440&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-233-140.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://therecord.media/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 07 Jan 2022 23:14:53 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Tue, 05 Oct 2021 22:17:52 GMT Server nginx/1.14.0 (Ubuntu) ETag "615ccf10-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

js.hs-scripts.com

URL

https://js.hs-scripts.com/252628.js