| stpmvt.com/3OWd4o7 | 67.199.248.12 | 302 Found | 113 B |
IP67.199.248.12:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text Hash31a73044220da79b302029a1c3321e56 024c2dbacc744e112646634c0cb630e0f07cfbd0 1446d18a8e4767bbcd4467119f2ba3e089dcc3c9f431f704bd9f7b65024081e6
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /3OWd4o7 HTTP/1.1
Host: stpmvt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Dec 2022 03:46:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 113
Location: https://stpmvt.com/3OWd4o7
Strict-Transport-Security: max-age=1209600
Via: 1.1 google
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash3bbb845b153026fc5332dd4506585b57 3cad200fac28fd00f34ce6ef79373e661e188743 6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4678
Expires: Fri, 02 Dec 2022 05:04:31 GMT
Date: Fri, 02 Dec 2022 03:46:33 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash0c748388899e8a8d3680355da2ea5020 903c620cd137613daafb0da0508c37b2f4a67212 39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5676
Cache-Control: max-age=116355
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:46:33 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 12:05:48 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
|
|
| firefox.settings.services.mozilla.com/v1/ | 34.102.187.140 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash14cd9a0afb6ba9a763651d5112760d1e 75d7b104ab9ab11fbb73c3f348b43b0119b5adfa 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 03:18:10 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1703
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash55b4c61a1e99001307750e3647fe1102 7559f9f6770b7d3f45b723167062096312641e08 39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2596
Expires: Fri, 02 Dec 2022 04:29:49 GMT
Date: Fri, 02 Dec 2022 03:46:33 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash9ebddc2b260d081ebbefee47c037cb28 492bad62a7ca6a74738921ef5ae6f0be5edebf39 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: grQo7pelQbUr/a6vMChgzENdYmks+sKW8rsTlrxfxrsxWHfS2Ri0MTIpytHh1xXhC76BLc2N5hc=
x-amz-request-id: 3Z3ZR0SACY57YW9Q
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 03:46:33 GMT
age: 0
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 03:46:33 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashf49a5f7bcde2cabaad184d22bc972ff4 5fd25f6cfcb04f403a1c02c9e96f9ce182598abd 69e35a1a4cafdf22636b3531fed2c58613e2482b08f38e0cd1bbf5c403d6d1c0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "69E35A1A4CAFDF22636B3531FED2C58613E2482B08F38E0CD1BBF5C403D6D1C0"
Last-Modified: Fri, 02 Dec 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21536
Expires: Fri, 02 Dec 2022 09:45:29 GMT
Date: Fri, 02 Dec 2022 03:46:33 GMT
Connection: keep-alive
|
|
| stpmvt.com/3OWd4o7 | 67.199.248.12 | 301 Moved Permanently | 190 B |
IP67.199.248.12:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text Hash65f41712f8d1f20cb133ea2e8918ca3d fa8a57de42ab58b6ce9598a90e3c6bd61132db97 3deb455673e83eb0cd163cc537862a1d826f27b925ab17c68c1d2483ece5a085
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /3OWd4o7 HTTP/1.1
Host: stpmvt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
cache-control: private, max-age=90
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Fri, 02 Dec 2022 03:46:33 GMT
location: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
referrer-policy: unsafe-url
server: nginx
set-cookie: _bit=mb23Kx-1e8320a215c00cc57e-00J; Domain=stpmvt.com; Expires=Wed, 31 May 2023 03:46:33 GMT
strict-transport-security: max-age=1209600
content-length: 190
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 34.102.187.140 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 03:08:57 GMT
cache-control: public,max-age=3600
age: 2257
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash1f88399f3fdd89dbb9ca1229cb67143a 325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3 831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5673
Cache-Control: max-age=111288
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:46:34 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:41:22 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
|
|
| push.services.mozilla.com/ | 44.238.202.79 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP44.238.202.79:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mLn46cw9Uhm0UPZYbnZ6EQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6fnNezyluc1vQfjkSvl7GK/ehb8=
|
|
| therecord.media/wp-content/uploads/2022/11/james-yarema-G3q7mxXkP-M-unsplash-1.jpg | 104.18.29.120 | 200 OK | 130 kB |
URL HTTP/2therecord.media/wp-content/uploads/2022/11/james-yarema-G3q7mxXkP-M-unsplash-1.jpg IP104.18.29.120:0
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1085x602, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size130 kB (129974 bytes) Hash3c09e1486a96de05d700ce70a14b15d3 cf8c132b3e3d737fa3f714d8e342fbfe5653f337 8c5c651dc1d00d20ff342cf0cc5bc7e6a540f08e08ce4f5bbb28f5541bd0ba62
GET /wp-content/uploads/2022/11/james-yarema-G3q7mxXkP-M-unsplash-1.jpg HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: image/webp
content-length: 129974
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=jpeg, origSize=416409
content-disposition: inline; filename="james-yarema-G3q7mxXkP-M-unsplash-1.webp"
vary: Accept
cache-control: public, max-age=31622400
etag: "6387d2fc-65a99"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Wed, 30 Nov 2022 22:02:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-pantheon-styx-hostname: styx-fe2-a-86d8b58f4d-896g4
x-served-by: cache-chi-klot8100020-CHI, cache-iad-kiad7000068-IAD
x-styx-req-id: 141f2b39-7198-11ed-baf0-2aedfd9bf012
x-timer: S1669913525.652567,VS0,VE3
cf-cache-status: HIT
age: 39271
accept-ranges: bytes
server: cloudflare
cf-ray: 77311389fc0f1bfa-OSL
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.min.css?ver=2022-01-20_3 | 104.17.25.14 | 200 OK | 3.4 kB |
URL HTTP/2cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.min.css?ver=2022-01-20_3 IP104.17.25.14:0
File typeASCII text, with very long lines (42839), with no line terminators Hash9ec6e2f20a1df8bdbf265043fbe7ae21 088c7badef2a7317f9ef15e6d62fe8276fb9a2ca 8acc355b50b3e6981fad24841e79fc3a26cc242a8115f679e957aa542b4f8f3c
GET /ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.min.css?ver=2022-01-20_3 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: text/css; charset=utf-8
content-length: 3359
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-a757"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 20064415
expires: Wed, 22 Nov 2023 03:46:35 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VHU88m8O7n%2BzBt4GvIToypInv807WmTxLOp2FzEV1tW%2F2qNQfXzJD6uW50HdfK%2Fd%2B%2BbMcSyDqpUbPXeprluSl6ScXqkOs6ynrKutdD6rBJeSGfDRbzpfEdNOpHwxZtsXOw8AhnSA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7731138a3d0db4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css?ver=2022-01-20_3 | 151.101.1.229 | 200 OK | 3.1 kB |
URL HTTP/2cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css?ver=2022-01-20_3 IP151.101.1.229:0
File typeASCII text, with very long lines (12795), with no line terminators Hash18b46dae08e98971b16123ea48913d23 e0a1aa82445a38538413b488924613c44861c59d 62c06f2ea24cfdf0003164fca05560cc8b5333f6ef312016458e05ecbb7c8f62
GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css?ver=2022-01-20_3 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 03:46:35 GMT
age: 18938300
x-served-by: cache-fra19160-FRA, cache-bma1637-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3096
X-Firefox-Spdy: h2
|
|
| ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1 | 104.18.20.226 | 200 OK | 1.5 kB |
URL HTTP/1.1ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1 IP104.18.20.226:0
Hash1b2dd76f89b8fee3488c38293bf1d6e7 88bbb0c1fb78ea0eb7a36642db5d420732be87ca a1b8a8a2745d499dc5b32f80c80df5f2b036476f16c928046e3d509feada9f05
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 03:46:35 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "088947CF6855250E2026F8C2904947EB665E2A32"
Expires: Fri, 02 Dec 2022 15:00:00 GMT
Last-Modified: Fri, 02 Dec 2022 03:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1970
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7731138a7f8eb503-OSL
|
|
| therecord.media/wp-includes/css/dist/block-library/style.min.css?ver=5.9 | 104.18.29.120 | 200 OK | 22 kB |
URL HTTP/2therecord.media/wp-includes/css/dist/block-library/style.min.css?ver=5.9 IP104.18.29.120:0
File typeUnicode text, UTF-8 text, with very long lines (35768) Hasha993d6e1a0676baba88718f9c79bbb5a ebf72871d0e83275570d0193c7f41358a5617c79 494c835a67dee92064b9ed861b50ea6fe0d66e2229b180cf013e6537442d8b18
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.9 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: text/css
cache-control: public, max-age=31622400
etag: W/"62171956-1357b"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Thu, 24 Feb 2022 05:36:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-c48a57e3fa85462c871cab88f7d4d0c5-311f59738ee0469f-00
x-cloud-trace-context: c48a57e3fa85462c871cab88f7d4d0c5/3539646184989673119;o=0
x-pantheon-styx-hostname: styx-fe2-b-f66bf767-blkw5
x-styx-req-id: 50bfd919-960e-11ec-9e53-4e05055188a5
x-served-by: cache-mdw17382-MDW, cache-iad-kcgs7200026-IAD
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1645777591.280536,VS0,VE2
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
server: cloudflare
cf-ray: 77311389dc051bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/themes/therecordmedia/assets/fonts/oswald/oswald-400-latin.woff2 | 104.18.29.120 | 200 OK | 24 kB |
URL HTTP/2therecord.media/wp-content/themes/therecordmedia/assets/fonts/oswald/oswald-400-latin.woff2 IP104.18.29.120:0
File typeWeb Open Font Format (Version 2), TrueType, length 24064, version 1.0\012- data Hash2c511567c7f7d594b5990ccb8c1336e6 c8099423e244cfade196c255b5579e3e279c6370 f1010cf08825a41c768a117755a496da61a306c41b83c383ea66f1bb3334bb14
GET /wp-content/themes/therecordmedia/assets/fonts/oswald/oswald-400-latin.woff2 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v5.css?ver=2022-01-20_3
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: font/woff2
content-length: 24064
access-control-allow-origin: *
cache-control: public, max-age=31622400
etag: "6331184f-5e00"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Mon, 26 Sep 2022 03:11:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-f8096687f66b4240a88ca4012085e3a5-b2c8985d213136fe-00
x-cloud-trace-context: f8096687f66b4240a88ca4012085e3a5/12882714259849557758;o=0
x-pantheon-styx-hostname: styx-fe2-b-6bb5d757d7-mchkw
x-styx-req-id: eb655c64-3f02-11ed-a6bf-eeb8206a6cb9
x-served-by: cache-chi-klot8100177-CHI, cache-iad-kcgs7200082-IAD
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1666332279.935051,VS0,VE4
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 3395669
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7731138bbc7d1bfa-OSL
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/themes/therecordmedia/assets/fonts/gudea/gudea-700-latin.woff2 | 104.18.29.120 | 200 OK | 7.9 kB |
URL HTTP/2therecord.media/wp-content/themes/therecordmedia/assets/fonts/gudea/gudea-700-latin.woff2 IP104.18.29.120:0
File typeWeb Open Font Format (Version 2), TrueType, length 7932, version 1.0\012- data Hash65035e51fbd02a17e02a5ca2be0ebd0a aba1e4de7ab197e4b71cf0fcbd995cf7303814a4 e3d3367b895674ec706b02be65ae0ee7416f158836f88ddc1d3e469e3bdd6cd4
GET /wp-content/themes/therecordmedia/assets/fonts/gudea/gudea-700-latin.woff2 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://therecord.media/wp-content/themes/therecordmedia/assets/css/style-v5.css?ver=2022-01-20_3
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: font/woff2
content-length: 7932
access-control-allow-origin: *
cache-control: public, max-age=31622400
etag: "620b3535-1efc"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Tue, 15 Feb 2022 05:08:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-62470beb6ca04862ad472b481a0dadf8-c9f812d5d7c4aead-00
x-cloud-trace-context: 62470beb6ca04862ad472b481a0dadf8/14553402905505083053;o=0
x-pantheon-styx-hostname: styx-fe2-a-55bcb968f4-ndqlg
x-styx-req-id: 83fe4355-8f06-11ec-ae0a-8abdc849e2cd
x-served-by: cache-mdw17326-MDW, cache-iad-kiad7000024-IAD
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1645778173.390445,VS0,VE1
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 15398542
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7731138bbc801bfa-OSL
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.0.1.4 | 104.18.29.120 | 200 OK | 28 kB |
URL HTTP/2therecord.media/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.0.1.4 IP104.18.29.120:0
File typeASCII text, with very long lines (12325) Hashc23850cccdce1c5c5daefa1edf138d65 19bcb7d6c96ff5711e31c703b851ea1efd88f824 44e3bc3abd0880542312445a54ec5de4c90d45b2e93759aae66fe20a71f0c066
GET /wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.0.1.4 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: application/x-javascript
cache-control: public, max-age=31622400
etag: W/"620f9b37-3026"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Fri, 18 Feb 2022 13:12:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-d8d10a43580c4d9db4e141dc8f634641-0def73d6ad9bc09c-00
x-cloud-trace-context: d8d10a43580c4d9db4e141dc8f634641/1004148607799771292;o=0
x-pantheon-styx-hostname: styx-fe2-a-55bcb968f4-cb89b
x-styx-req-id: 735c7ee3-90bc-11ec-bb7c-ca75a2f2d31e
x-served-by: cache-mdw17379-MDW, cache-iad-kjyo7100023-IAD
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1645777591.355066,VS0,VE1
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 13039104
server: cloudflare
cf-ray: 7731138b9c721bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/uploads/2021/12/2021_1209-Victim-Data-Released-on-Ransomware-Extortion-Sites-1-1024x607.jpg | 104.18.29.120 | 200 OK | 46 kB |
URL HTTP/2therecord.media/wp-content/uploads/2021/12/2021_1209-Victim-Data-Released-on-Ransomware-Extortion-Sites-1-1024x607.jpg IP104.18.29.120:0
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1024x607, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash62a9a1836d5b7cacbdab221ebc5ad8ab cfb368d0a21277828306a84ecd81984b2bfa7575 d9697e2769a5484e3d9086c6f3c97746dff2d88d5c0bd7c5367a020dd5d097ce
GET /wp-content/uploads/2021/12/2021_1209-Victim-Data-Released-on-Ransomware-Extortion-Sites-1-1024x607.jpg HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: image/webp
content-length: 45912
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=jpeg, origSize=56591
content-disposition: inline; filename="2021_1209-Victim-Data-Released-on-Ransomware-Extortion-Sites-1-1024x607.webp"
vary: Accept
cache-control: public, max-age=31622400
etag: "61b3d37d-dd0f"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Fri, 10 Dec 2021 22:23:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-2ca6591e66cc4589b8a4aee17da553a1-9cf284d18078e742-00
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-cloud-trace-context: 2ca6591e66cc4589b8a4aee17da553a1/11309247649619175234;o=0
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-zd2xb
x-served-by: cache-chi-kigq8000035-CHI, cache-iad-kiad7000113-IAD
x-styx-req-id: 5b25b912-32c8-11ed-bdbf-5a83f4138f0e
x-timer: S1663615062.833125,VS0,VE2
cf-cache-status: HIT
age: 190182
accept-ranges: bytes
server: cloudflare
cf-ray: 7731138c0c8b1bfa-OSL
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/themes/therecordmedia/assets/js/custom-v5.js?ver=2022-01-20_3 | 104.18.29.120 | 200 OK | 9.2 kB |
URL HTTP/2therecord.media/wp-content/themes/therecordmedia/assets/js/custom-v5.js?ver=2022-01-20_3 IP104.18.29.120:0
File typeASCII text, with very long lines (856) Hashcddb139411af16132f58773b4b83eddd 672df41632f02e2fc169b991fc480fa296d6365c 2eeae30f1488432debb7d3835cb0e0207ccc91d12a9caea8b54432bf3d2334c5
GET /wp-content/themes/therecordmedia/assets/js/custom-v5.js?ver=2022-01-20_3 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: application/x-javascript
cf-bgj: minify
cf-polished: origSize=5580
cache-control: public, max-age=31622400
etag: W/"6279751f-15cc"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Mon, 09 May 2022 20:10:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-cc54e20098f248888e73d0c38b600430-b86fb7d4309a80a8-00
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-cloud-trace-context: cc54e20098f248888e73d0c38b600430/13290043147370004648;o=0
x-pantheon-styx-hostname: styx-fe2-b-858b886844-57l9d
x-served-by: cache-mdw17363-MDW, cache-iad-kcgs7200103-IAD
x-styx-req-id: ee6a790d-d058-11ec-a377-264566700925
x-timer: S1653526511.128856,VS0,VE4
cf-cache-status: HIT
age: 15401028
server: cloudflare
cf-ray: 7731138b9c701bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/uploads/2022/11/Screen-Shot-2022-11-30-at-2.23.16-PM-1024x607.png | 104.18.29.120 | 200 OK | 220 kB |
URL HTTP/2therecord.media/wp-content/uploads/2022/11/Screen-Shot-2022-11-30-at-2.23.16-PM-1024x607.png IP104.18.29.120:0
File typeRIFF (little-endian) data, Web/P image\012- data Size220 kB (220390 bytes) Hash1a34fe58d702ad695a717403c141691b b51d75112b479d7e44b341d89d8f12d839978bd1 3bb66a044849266d706e1fe9eed7ad1eeb5459b993b6cdc5eff1e514702a7181
GET /wp-content/uploads/2022/11/Screen-Shot-2022-11-30-at-2.23.16-PM-1024x607.png HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: image/webp
content-length: 220390
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=223888
content-disposition: inline; filename="Screen-Shot-2022-11-30-at-2.webp"
vary: Accept
cache-control: public, max-age=31622400
etag: "6387d21d-36a90"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Wed, 30 Nov 2022 21:58:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-pantheon-styx-hostname: styx-fe2-a-86d8b58f4d-mcvgf
x-served-by: cache-chi-klot8100162-CHI, cache-iad-kjyo7100109-IAD
x-styx-req-id: 3b2a1ecf-7198-11ed-bff4-5ae596065430
x-timer: S1669931594.074562,VS0,VE3
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 7731138c0c8a1bfa-OSL
X-Firefox-Spdy: h2
|
|
| cms.recordedfuture.com/uploads/Russian_Information_Operations_Main_Feature_1_87464aebaa.jpg?w=3840 | 151.101.2.216 | 200 OK | 160 kB |
URL HTTP/2cms.recordedfuture.com/uploads/Russian_Information_Operations_Main_Feature_1_87464aebaa.jpg?w=3840 IP151.101.2.216:0
File typeJPEG image data, baseline, precision 8, 1600x600, components 3\012- data Size160 kB (160245 bytes) Hashde40cc1ee4cc0f53411dc8f3262c2fba 0e5cc84fb0071302b8898a6dbea150a94f5b3214 cfc407576d3767758d2c8766e4ad6a45c8406f5e78dfd0935b82cdea4b5a7191
GET /uploads/Russian_Information_Operations_Main_Feature_1_87464aebaa.jpg?w=3840 HTTP/1.1
Host: cms.recordedfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=300
content-type: image/jpeg
etag: "m3OTvQhZ4/xIrAyfBMaTD6IlJpU+PKeFzH3nbw0cU5s"
expires: Thu, 01 Dec 2022 23:19:08 GMT
fastly-io-info: ifsz=160245 idim=1600x600 ifmt=jpeg ofsz=160245 odim=1600x600 ofmt=jpeg
fastly-io-warning: Failed to shrink image
fastly-stats: io=1
traceresponse: 00-172cce5a4400b6b8359d4cd491ea5d0e-d430af8e19102d83-00
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
accept-ranges: bytes
date: Fri, 02 Dec 2022 03:46:35 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1663-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 160245
X-Firefox-Spdy: h2
|
|
| cms.recordedfuture.com/uploads/business_fraud_bank_fraud_d279ba323f.jpg | 151.101.2.216 | 200 OK | 109 kB |
URL HTTP/2cms.recordedfuture.com/uploads/business_fraud_bank_fraud_d279ba323f.jpg IP151.101.2.216:0
File typeJPEG image data, baseline, precision 8, 1920x440, components 3\012- data Size109 kB (109327 bytes) Hash49624d0d1ab9e1932a5ebda258a555bd 22b9afc4f89b13d0a28f1fd1c451b3974245f168 44a9331e991ab7a492e95f1d5f8295a63676a35ce1bf998400a3042e2a75c521
GET /uploads/business_fraud_bank_fraud_d279ba323f.jpg HTTP/1.1
Host: cms.recordedfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=300
content-type: image/jpeg
etag: "LqcWVpdexlWQ8n8AF2H8rr3qItp5kiUjqwv4hZHzcog"
expires: Tue, 29 Nov 2022 20:21:01 GMT
fastly-io-info: ifsz=109327 idim=1920x440 ifmt=jpeg ofsz=109327 odim=1920x440 ofmt=jpeg
fastly-io-warning: Failed to shrink image
fastly-stats: io=1
traceresponse: 00-172c2778b788545f9023815f67f9a4ae-36d4a9ea14828980-00
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
accept-ranges: bytes
date: Fri, 02 Dec 2022 03:46:35 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1663-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 109327
X-Firefox-Spdy: h2
|
|
| cms.recordedfuture.com/uploads/h1_2022_malware_vulnerability_trends_963d831bc6.jpg?w=3840 | 151.101.2.216 | 200 OK | 143 kB |
URL HTTP/2cms.recordedfuture.com/uploads/h1_2022_malware_vulnerability_trends_963d831bc6.jpg?w=3840 IP151.101.2.216:0
File typeJPEG image data, baseline, precision 8, 1600x600, components 3\012- data Size143 kB (143166 bytes) Hash70bddea7dc6089e3d3e4df374c81432f d559406820ce3af0048f7115c6f4f5717d8dac02 44092be9f7702397a98527746b1a421416024bf7ff1492e65a34b778813ddd35
GET /uploads/h1_2022_malware_vulnerability_trends_963d831bc6.jpg?w=3840 HTTP/1.1
Host: cms.recordedfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=300
content-type: image/jpeg
etag: "KQDsGtcG3waAo84UaCEa5GOiNkBKCpxat+JIVA0MHr8"
expires: Thu, 01 Dec 2022 19:34:11 GMT
fastly-io-info: ifsz=143166 idim=1600x600 ifmt=jpeg ofsz=143166 odim=1600x600 ofmt=jpeg
fastly-io-warning: Failed to shrink image
fastly-stats: io=1
traceresponse: 00-172cc213c3a219520f9461910f144b1d-d8907a0bad9454db-00
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
accept-ranges: bytes
date: Fri, 02 Dec 2022 03:46:35 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1663-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 143166
X-Firefox-Spdy: h2
|
|
| cms.recordedfuture.com/uploads/vulnerability_spotlight_dirty_pipe_86e5122687.jpg | 151.101.2.216 | 200 OK | 107 kB |
URL HTTP/2cms.recordedfuture.com/uploads/vulnerability_spotlight_dirty_pipe_86e5122687.jpg IP151.101.2.216:0
File typeJPEG image data, baseline, precision 8, 1920x440, components 3\012- data Size107 kB (107095 bytes) Hash8cd0e47fc7f33306c1f38f9969a90c72 72bde5361d4cb526b9e4f0e64549056f31a704f5 bec29820bbf127195176a43bcc12f19d5b9f2707a4b65c15799debcf5606858a
GET /uploads/vulnerability_spotlight_dirty_pipe_86e5122687.jpg HTTP/1.1
Host: cms.recordedfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=300
content-type: image/jpeg
etag: "/MEWANzqNi5Tww2svNVeCvhXbMplo0veLvB5IoOGCi4"
expires: Thu, 01 Dec 2022 13:40:53 GMT
fastly-io-info: ifsz=107095 idim=1920x440 ifmt=jpeg ofsz=107095 odim=1920x440 ofmt=jpeg
fastly-io-warning: Failed to shrink image
fastly-stats: io=1
traceresponse: 00-172caecc36b2d219aa45c0bed2aaaa26-3dae5996ae3e2c8d-00
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
accept-ranges: bytes
date: Fri, 02 Dec 2022 03:46:35 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1663-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 107095
X-Firefox-Spdy: h2
|
|
| cms.recordedfuture.com/uploads/webinar_header_analysis_mitigations_wiper_malware_variants_used_against_ukraine_c6144dd081.jpg | 151.101.2.216 | 200 OK | 345 kB |
URL HTTP/2cms.recordedfuture.com/uploads/webinar_header_analysis_mitigations_wiper_malware_variants_used_against_ukraine_c6144dd081.jpg IP151.101.2.216:0
File typeJPEG image data, baseline, precision 8, 2189x768, components 3\012- data Size345 kB (345132 bytes) Hasha9ac61aec02eec48bff12b79edc5f740 332ce1c9fa361ff1d372505d5881eba278686afa aa131d8e527f225fd8fb8e4d1844562d128263f09c0e649363987bba2857a7d5
GET /uploads/webinar_header_analysis_mitigations_wiper_malware_variants_used_against_ukraine_c6144dd081.jpg HTTP/1.1
Host: cms.recordedfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=300
content-type: image/jpeg
etag: "KsQxYOrTJMqmnAxSsc99ZZjEGFNS44Wj6lto0Cy61Ns"
expires: Thu, 01 Dec 2022 22:27:04 GMT
fastly-io-info: ifsz=345132 idim=2189x768 ifmt=jpeg ofsz=345132 odim=2189x768 ofmt=jpeg
fastly-io-warning: Failed to shrink image
fastly-stats: io=1
traceresponse: 00-172ccb82ea833dfe88da0744dd543aeb-6169d40020956ac6-00
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
accept-ranges: bytes
date: Fri, 02 Dec 2022 03:46:35 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1663-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 345132
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashecab83d593cc540b02689be5be7abc8a 81cda579b7b9b22332b85266b0126585f3d3f73f d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11559
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 03:46:35 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashecab83d593cc540b02689be5be7abc8a 81cda579b7b9b22332b85266b0126585f3d3f73f d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11559
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 03:46:35 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashecab83d593cc540b02689be5be7abc8a 81cda579b7b9b22332b85266b0126585f3d3f73f d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11559
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 03:46:35 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F321bfec8-0690-49d3-ba43-a2899f137b6b.jpeg | 34.120.237.76 | 200 OK | 1.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F321bfec8-0690-49d3-ba43-a2899f137b6b.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash367a113e3826442861c63ba501d2d67d 764f6910ecc1ee436a70aa83f5bd363c2e500341 5e5cc53aba99e68211c86a2fd83ac4a023d1c82875d60a09d52875ef129cbb71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F321bfec8-0690-49d3-ba43-a2899f137b6b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 1654
x-amzn-requestid: 537d523f-a3fb-4514-bda5-ecc834c1ed39
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGgBEFNIAMFTjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891dff-0c12ccea20e953c236ca2b1b;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IXNpFJsiqPvrg8f-op2tcIVW2qoV7ZPm12wsTTXfYu0369N4Csy8BA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:56 GMT
age: 22299
etag: "764f6910ecc1ee436a70aa83f5bd363c2e500341"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe82fdd03-be1f-4def-adb8-61eefd79def6.jpeg | 34.120.237.76 | 200 OK | 9.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe82fdd03-be1f-4def-adb8-61eefd79def6.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash6e65083422468e512aa73eb68f20b2ec 73884daab5e71e4917637b3679c0bb5a1f0447de f0d97bb9e3f01bbdbe91ba1f9b6ea0f649c66192383c51fe5c7ca9ac2a38ebdb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe82fdd03-be1f-4def-adb8-61eefd79def6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9719
x-amzn-requestid: c4ba3502-e191-40fa-8ae0-71dc6f733db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPjhHE8woAMFyKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382e606-70ab0e5523c91e5420efec78;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 04:22:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oBn917CDV6DjSs9TAL2iBU0Rn8_f8ny1rAVXrbI9KML2P7pxusbdjA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 03:43:52 GMT
age: 163
etag: "73884daab5e71e4917637b3679c0bb5a1f0447de"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg | 34.120.237.76 | 200 OK | 7.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash498ab4412ed5cf977bc23e4e870894b0 23753fe8af09ec8ffa10eed4d201a71833885c99 036042656f15e42b4d1537c45f5b8e7190c70305fa9a69c1287c6739ad0b7122
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7334
x-amzn-requestid: a6b8b420-8394-496b-8be8-26dee52e3887
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoHJOoAMF75g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-0b38d07f518c8b3134457df2;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tuKmV_nb4HVbqkhtCnZY3b33VB-bB6UxaBl6HsY_JgWesbUB8SPt-g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:09:38 GMT
age: 20217
etag: "23753fe8af09ec8ffa10eed4d201a71833885c99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg | 34.120.237.76 | 200 OK | 7.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashcd78aa69439c995167f32b8a41a1f4f6 d07d6145182f312f3ed86ecf96b4ffa175416fa0 3b08cf3fad31ee0cf3ee25abc2484fb4283543865a42dfc568b14f9856fd3bb5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7722
x-amzn-requestid: 8d7c4800-6c06-43ed-afa1-94840d42f591
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGy2Gr1IAMFWeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e78-429ae3135d47e3b020c4c7a1;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Z8thSamrCRejcAcQEGAp4WpSMzMEvstuZtVpKAjiCH4dyJyf1yihBA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:50:11 GMT
age: 21384
etag: "d07d6145182f312f3ed86ecf96b4ffa175416fa0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg | 34.120.237.76 | 200 OK | 2.9 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashb47431190f34eccf0a6efb98e2a32b7d 9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704 08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 21399
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F092f8542-1ed2-47c2-82aa-d5ef970a77ca.png | 34.120.237.76 | 200 OK | 3.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F092f8542-1ed2-47c2-82aa-d5ef970a77ca.png IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash89e1a735e16f55c78fa75ae434294029 6c56f4015305eff04a99cec9758cd40bf4e5f704 26e8b042c0bbef2c7f93f77451563cf6e12af282251ef864652574be2b2c5b15
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F092f8542-1ed2-47c2-82aa-d5ef970a77ca.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3711
x-amzn-requestid: 68772438-16c4-40ab-a40e-860425d8301c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGyhHVsIAMFmsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e76-21d27db6708228002e738938;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JOCSKxy4WUDbS22Gd9BlyN1gmcDsDNlNWnT57KITGlNwfOe_Iaco9g==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:59 GMT
age: 21456
etag: "6c56f4015305eff04a99cec9758cd40bf4e5f704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash188c50963e7939b1f26a31dbcb8c8200 859416e6148ea6618584e53604efcf072bb989cc 3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:46:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.googletagmanager.com/gtm.js?id=GTM-PVJ5W86 | 142.250.74.168 | 200 OK | 54 kB |
URL HTTP/2www.googletagmanager.com/gtm.js?id=GTM-PVJ5W86 IP142.250.74.168:0
File typeASCII text, with very long lines (5035) Hash56ee6afa6d2d4af04ade1814bffb1ba7 da38ec8ef0c8fdefa3080c96f526aac33aaf8645 4cf5f9aff53356b48b3b132d4f2c2e309b826fdec78a8efec6068c45fcba68f4
GET /gtm.js?id=GTM-PVJ5W86 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 03:46:36 GMT
expires: Fri, 02 Dec 2022 03:46:36 GMT
cache-control: private, max-age=900
last-modified: Fri, 02 Dec 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 53640
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash188c50963e7939b1f26a31dbcb8c8200 859416e6148ea6618584e53604efcf072bb989cc 3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:46:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hasha6ad57d839c4b452d7118cf2052f9d35 50afdbe46f04c7611c1a0111bce3a76775e50272 4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:46:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.youtube.com/iframe_api | 142.250.74.110 | 200 OK | 959 B |
URL HTTP/2www.youtube.com/iframe_api IP142.250.74.110:0
File typeASCII text, with very long lines (509) Hash2fd4ca37f83c6f62c7347c34ad51fa90 2409953a70cfc6bbafc9bf2c13491f7b75a9f2cb 877d070040d9b4f142a8f83024fe864ab7a1516de627f418810e04703c031091
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Fri, 02 Dec 2022 03:46:36 GMT
date: Fri, 02 Dec 2022 03:46:36 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=ZO14ErnOSr4; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=rtyhiCaL9rs; Domain=.youtube.com; Expires=Wed, 31-May-2023 03:46:36 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+059; expires=Sun, 01-Dec-2024 03:46:36 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.sca1b.amazontrust.com/ | 54.230.245.118 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP54.230.245.118:0
Hashddee669b7dd64a6edc228dd6e82465a6 ce755c704357db3e88bad3ab3f254041c7e3a9c7 3222dfc5bc518f43a77dd7c6dcc50721d051d34eebeceb4aacd474aac468de39
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=134675
Date: Fri, 02 Dec 2022 03:46:36 GMT
Etag: "6388ccfc-1d7"
Expires: Sat, 03 Dec 2022 17:11:11 GMT
Last-Modified: Thu, 01 Dec 2022 15:49:16 GMT
Server: ECS (nyb/1D17)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lqo91UofQ_qrkS_XXd35CqWzqgfbzjmGXHLVCRbJ2YCMrO2fWBnrTA==
Age: 4915
|
|
| ocsp.sca1b.amazontrust.com/ | 54.230.245.118 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP54.230.245.118:0
Hashddee669b7dd64a6edc228dd6e82465a6 ce755c704357db3e88bad3ab3f254041c7e3a9c7 3222dfc5bc518f43a77dd7c6dcc50721d051d34eebeceb4aacd474aac468de39
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=134644
Date: Fri, 02 Dec 2022 03:46:36 GMT
Etag: "6388ccfc-1d7"
Expires: Sat, 03 Dec 2022 17:10:40 GMT
Last-Modified: Thu, 01 Dec 2022 15:49:16 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PnUQk9VLujq1hdAAWWGzBZBXRIa6Iv80h0-AyoCEh1eCK0CmzuTFMg==
Age: 4884
|
|
| recordedfuture.matomo.cloud/matomo.php?action_name=therecord.media%2FHundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future&idsite=2&rec=1&r=433371&h=3&m=46&s=34&url=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&_id=cd3f3c0917bf32e0&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=nsfVme&fa_pv=1&fa_fp[0][fa_vid]=ANOOsc&fa_fp[0][fa_fv]=1&fa_fp[2][fa_vid]=8dpodX&fa_fp[2][fa_fv]=1&fa_fp[3][fa_vid]=LqPrBx&fa_fp[3][fa_fv]=1&pf_net=55&pf_srv=1043&pf_tfr=1&pf_dm1=39&pf_dm2=725&pf_onl=0&uadata=%7B%7D | 3.126.133.169 | 204 No Content | 0 B |
URL HTTP/2recordedfuture.matomo.cloud/matomo.php?action_name=therecord.media%2FHundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future&idsite=2&rec=1&r=433371&h=3&m=46&s=34&url=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&_id=cd3f3c0917bf32e0&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=nsfVme&fa_pv=1&fa_fp[0][fa_vid]=ANOOsc&fa_fp[0][fa_fv]=1&fa_fp[2][fa_vid]=8dpodX&fa_fp[2][fa_fv]=1&fa_fp[3][fa_vid]=LqPrBx&fa_fp[3][fa_fv]=1&pf_net=55&pf_srv=1043&pf_tfr=1&pf_dm1=39&pf_dm2=725&pf_onl=0&uadata=%7B%7D IP3.126.133.169:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /matomo.php?action_name=therecord.media%2FHundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future&idsite=2&rec=1&r=433371&h=3&m=46&s=34&url=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&_id=cd3f3c0917bf32e0&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=nsfVme&fa_pv=1&fa_fp[0][fa_vid]=ANOOsc&fa_fp[0][fa_fv]=1&fa_fp[2][fa_vid]=8dpodX&fa_fp[2][fa_fv]=1&fa_fp[3][fa_vid]=LqPrBx&fa_fp[3][fa_fv]=1&pf_net=55&pf_srv=1043&pf_tfr=1&pf_dm1=39&pf_dm2=725&pf_onl=0&uadata=%7B%7D HTTP/1.1
Host: recordedfuture.matomo.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: https://therecord.media
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 03:46:36 GMT
server: Apache
access-control-allow-origin: https://therecord.media
access-control-allow-credentials: true
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,User-Agent
X-Firefox-Spdy: h2
|
|
| recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=2&trackerid=xEzJkL&url=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F | 3.126.133.169 | 200 OK | 119 B |
URL HTTP/2recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=2&trackerid=xEzJkL&url=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F IP3.126.133.169:0
File typeASCII text, with no line terminators Hash7d4f89183041c6fd8b1cab9dbb9020ed 0a6bd474dedac681b291f82bb5c6d00b0a4e456f 2fa3efded21c4aabd447c5641d68bcf19a08e152ba6a18e36fa08bb6e8e469a7
GET /plugins/HeatmapSessionRecording/configs.php?idsite=2&trackerid=xEzJkL&url=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F HTTP/1.1
Host: recordedfuture.matomo.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:36 GMT
content-type: application/javascript
content-length: 119
server: Apache
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,Accept-Encoding,User-Agent
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| j.6sc.co/6si.min.js | 23.14.5.116 | 200 OK | 10 kB |
IP23.14.5.116:0
File typeASCII text, with very long lines (31446), with no line terminators Hash196d887c95a70e13368078cd7dc3588b 152f2169214fbaabca75c73721ff3af9830b4c0d acc2a94beeae0d952d795c021bddca3077b053bbbd1417208d6b4f517b9410d7
GET /6si.min.js HTTP/1.1
Host: j.6sc.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/javascript
etag: "63890c9b-7ad6"
last-modified: Thu, 01 Dec 2022 20:20:43 GMT
pragma: no-cache
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
content-length: 10143
cache-control: private, no-cache, proxy-revalidate
expires: Fri, 02 Dec 2022 03:46:36 GMT
date: Fri, 02 Dec 2022 03:46:36 GMT
X-Firefox-Spdy: h2
|
|
| j.6sc.co/6si.min.js | 23.14.5.116 | 304 Not Modified | 0 B |
IP23.14.5.116:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /6si.min.js HTTP/1.1
Host: j.6sc.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 01 Dec 2022 20:20:43 GMT
If-None-Match: "63890c9b-7ad6"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 20:20:43 GMT
etag: "63890c9b-7ad6"
cache-control: private, no-cache, proxy-revalidate
expires: Fri, 02 Dec 2022 03:46:36 GMT
date: Fri, 02 Dec 2022 03:46:36 GMT
X-Firefox-Spdy: h2
|
|
| cdn.matomo.cloud/recordedfuture.matomo.cloud/container_41sBJe2I.js | 54.230.111.115 | 200 OK | 8.4 kB |
URL HTTP/2cdn.matomo.cloud/recordedfuture.matomo.cloud/container_41sBJe2I.js IP54.230.111.115:0
Hash1eddbee6f967f28cf80a6d8ca3ddf74c b9398271e865bb4379e72ce298b73af734436a51 9a12d70fb35604d0739dbf360e6f5fcc80942db2f776a8784cd7aec8dcdd45e7
GET /recordedfuture.matomo.cloud/container_41sBJe2I.js HTTP/1.1
Host: cdn.matomo.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 02 Dec 2022 03:46:37 GMT
x-amz-replication-status: COMPLETED
last-modified: Wed, 19 Oct 2022 22:01:49 GMT
etag: W/"839ec9cd752c4e512960109f6ac6b404"
x-amz-server-side-encryption: AES256
cache-control: max-age=691200
x-amz-version-id: qfWuDlDjmwmn8lRN4xF2ccxR21WuJHO0
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vu6fQDGqomUMpKbh-2Zsm_6cL5ZwoYJBlrAJ7irO2-WFuARG6mZcqw==
X-Firefox-Spdy: h2
|
|
| c.6sc.co/ | 23.14.5.116 | 200 OK | 7 B |
IP23.14.5.116:0
File typeASCII text, with no line terminators Hashd97623d172f087d9640da9acd38830ff 515bd358bb7d990930f0e2b3de399db1787a2567 fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
GET / HTTP/1.1
Host: c.6sc.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://therecord.media
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 7
date: Fri, 02 Dec 2022 03:46:36 GMT
access-control-allow-origin: https://therecord.media
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
X-Firefox-Spdy: h2
|
|
| secure.adnxs.com/getuidj | 185.89.210.82 | 200 OK | 11 B |
IP185.89.210.82:0
File typeJSON data\012- , ASCII text, with no line terminators Hash096dc398f48c9a61584478fea3ee50a1 7d0a5f87833db711b2eb52c73638c5e14538a969 31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
GET /getuidj HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://therecord.media
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 02 Dec 2022 03:46:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 11
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://therecord.media
AN-X-Request-Uuid: f2ce7781-6956-45da-aa31-2bed91fd5d57
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
|
|
| secure.adnxs.com/getuidj | 185.89.210.82 | 200 OK | 11 B |
IP185.89.210.82:0
File typeJSON data\012- , ASCII text, with no line terminators Hash096dc398f48c9a61584478fea3ee50a1 7d0a5f87833db711b2eb52c73638c5e14538a969 31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
GET /getuidj HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://therecord.media
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 02 Dec 2022 03:46:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 11
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://therecord.media
AN-X-Request-Uuid: 3e649157-0001-47de-b2b7-6e0565ed1334
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
|
|
| cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js | 54.230.111.115 | 200 OK | 59 kB |
URL HTTP/2cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js IP54.230.111.115:0
Hash2abb64571273cb43f8d80d608d3e59fd d58720bfb71fc8fd91e6200c4007008104e016e4 a3e768a9520a2cc4698afbc95a8c915db6c46cd04bb897e45cd06c82fd1fd005
GET /recordedfuture.matomo.cloud/matomo.js HTTP/1.1
Host: cdn.matomo.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 02 Dec 2022 01:36:11 GMT
x-amz-replication-status: COMPLETED
last-modified: Wed, 19 Oct 2022 22:01:32 GMT
etag: W/"68e452a57db35118c39f5187498f8cf5"
x-amz-server-side-encryption: AES256
cache-control: max-age=691200
x-amz-version-id: 7Iod4X3mS7SmO.Y3BHKg1lMsUB7q4a4o
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: q68-Un5HWRiJVEw9G3cyYDzZF0KwtJlFZ_-Fyx2mvHUz-f_zYeloag==
age: 7826
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 280 B |
IP93.184.220.29:0
Hash6d15b7a8e1fe3c0bb4c2a72ecce789fe 70e388800fb7c45b39aa4d35fdb2b2b471e869e9 cf1f71974f520a7eb182437dbcc55af4261b0e34464fe23a4aa00bf14a92a640
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4072
Cache-Control: max-age=100719
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:46:36 GMT
Etag: "63884ba3-118"
Expires: Sat, 03 Dec 2022 07:45:15 GMT
Last-Modified: Thu, 01 Dec 2022 06:37:23 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280
|
|
| ipv6.6sc.co/ | 2.23.139.23 | 200 OK | 4 B |
IP2.23.139.23:0 ASN#1299 Telia Company AB
File typeASCII text, with no line terminators Hash37a6259cc0c1dae299a7866489dff0bd 2be88ca4242c76e8253ac62474851065032d6833 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
GET / HTTP/1.1
Host: ipv6.6sc.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://therecord.media
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 4
expires: Fri, 02 Dec 2022 03:46:36 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 02 Dec 2022 03:46:36 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
6si-ipv6: null
access-control-allow-origin: https://therecord.media
vary: Origin
X-Firefox-Spdy: h2
|
|
| js.hs-scripts.com/252628.js | 104.17.213.204 | 200 OK | 469 B |
URL HTTP/2js.hs-scripts.com/252628.js IP104.17.213.204:0
File typeASCII text, with very long lines (1374), with no line terminators Hash621fd71a29213dedd09607c2c5e2674a ed54e8cfeb7d64144b8e3c36b17477171369284e 698406c87a5de3dbbeaa1ebb6ed0ee34b186290955f05aca124bd012422bc504
GET /252628.js HTTP/1.1
Host: js.hs-scripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:36 GMT
content-type: application/javascript;charset=utf-8
access-control-allow-credentials: true
access-control-allow-origin: https://therecord.media
access-control-max-age: 3600
cache-control: public, max-age=60
cf-bgj: minify
cf-polished: origSize=1482
vary: origin, Accept-Encoding
x-hubspot-correlation-id: e249d59b-eb1b-462b-bf8b-31de2a9d6765
x-trace: 2BA8986FBC43050815818A04FCF4B4A3F7660BD19E000000000000000000
last-modified: Fri, 02 Dec 2022 03:46:33 GMT
cf-cache-status: HIT
expires: Fri, 02 Dec 2022 03:47:36 GMT
server: cloudflare
cf-ray: 773113925e1fb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ocsp.sca1b.amazontrust.com/ | 54.230.245.118 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP54.230.245.118:0
Hash8b8c8885765524b51adfcd4867a0a33e 8c40db3406653d2b60bf32c0c84776e4bc2e2cd3 f73d36f7dedb1e1d3edc574c3711b436d427cff094bb41a3baf21fc633834360
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=144225
Date: Fri, 02 Dec 2022 03:46:36 GMT
Etag: "6388f874-1d7"
Expires: Sat, 03 Dec 2022 19:50:21 GMT
Last-Modified: Thu, 01 Dec 2022 18:54:44 GMT
Server: ECS (nyb/1D18)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2Ymz3bQdln2_gJ1dpJxgTjLqh98IuxxNzKJuQIhoR5ihbcf5RXvQ6g==
Age: 3337
|
|
| ocsp.sca1b.amazontrust.com/ | 54.230.245.118 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP54.230.245.118:0
Hash8b8c8885765524b51adfcd4867a0a33e 8c40db3406653d2b60bf32c0c84776e4bc2e2cd3 f73d36f7dedb1e1d3edc574c3711b436d427cff094bb41a3baf21fc633834360
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=144972
Date: Fri, 02 Dec 2022 03:46:36 GMT
Etag: "6388f874-1d7"
Expires: Sat, 03 Dec 2022 20:02:48 GMT
Last-Modified: Thu, 01 Dec 2022 18:54:44 GMT
Server: ECS (nyb/1D1A)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yW92KRjtcP8dNIzuq28Oy5yK3HnP2gM6dU0zJFDKbu4jOGVepofBSg==
Age: 4084
|
|
| epsilon.6sense.com/v3/company/details | 18.184.252.128 | 200 OK | 382 B |
URL HTTP/2epsilon.6sense.com/v3/company/details IP18.184.252.128:0
File typeJSON data\012- , ASCII text, with very long lines (716), with no line terminators Hash7af911ca2a99647d0a0663e3444beef7 8a46c1e052e24cb88e9b662cbfe38ec0c2179a01 f299d19e0b58b5c7469fc496524b35675c99b33d366e2fc2b8348a3ec3fe72de
GET /v3/company/details HTTP/1.1
Host: epsilon.6sense.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Token edabaa1866fe08952dde1be9ff37302d63145f08
Origin: https://therecord.media
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:37 GMT
content-type: application/json
content-length: 382
server: nginx
access-control-allow-origin: https://therecord.media
access-control-allow-credentials: true
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 280 B |
IP93.184.220.29:0
Hash1f3b5bcb7768f7ea14c845d4b30fa6b8 be390ecd5837808378b4307ab89db94f197cc178 01f2126ecaafe9296efe33f09dcda3c744b1869afdbcf8b45b2466e3c2a6bdff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3836
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:46:37 GMT
Last-Modified: Fri, 02 Dec 2022 02:42:41 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280
|
|
| secure.gravatar.com/avatar/8dfb5b75ee7d706a760b55b313d4f564?s=96&d=mm&r=g | 192.0.73.2 | 200 OK | 20 kB |
URL HTTP/2secure.gravatar.com/avatar/8dfb5b75ee7d706a760b55b313d4f564?s=96&d=mm&r=g IP192.0.73.2:0
File typePNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data Hash8939ae63d57241f7140f8e8527d3926e 434622dcaccf976071377a8b2e4853188a48923b 5cf996e872e52f60fa6d956f1d7a957ff0d1c4bdcede8b795636bc0ceff91d7f
GET /avatar/8dfb5b75ee7d706a760b55b313d4f564?s=96&d=mm&r=g HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 03:46:37 GMT
content-type: image/png
content-length: 20493
last-modified: Tue, 22 Mar 2022 14:38:25 GMT
link: <https://www.gravatar.com/avatar/8dfb5b75ee7d706a760b55b313d4f564?s=96&d=mm&r=g>; rel="canonical"
content-disposition: inline; filename="8dfb5b75ee7d706a760b55b313d4f564.png"
access-control-allow-origin: *
expires: Fri, 02 Dec 2022 03:51:37 GMT
cache-control: max-age=300
x-nc: HIT arn 4
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| js.hs-analytics.net/analytics/1669952700000/252628.js | 104.17.71.176 | 200 OK | 21 kB |
URL HTTP/2js.hs-analytics.net/analytics/1669952700000/252628.js IP104.17.71.176:0
File typeASCII text, with very long lines (63747) Hash85511d0cf813b725192112a8ba81bd55 f983563586c2ce98285b6f9fdd4fb86dbbed276f a70ae55e8208f809182c75c409804bea1cfd1b73404b766e476567dd339670a4
GET /analytics/1669952700000/252628.js HTTP/1.1
Host: js.hs-analytics.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:37 GMT
content-type: text/javascript
x-amz-id-2: TXwrhxUbGUilYsyGseNkCO86O/vGlZwmVCEj8At61x8jPuJ0X37w4q9Qamew5g44NUEP1jaee4U=
x-amz-request-id: KEG3QRW1CG370NCG
last-modified: Thu, 01 Dec 2022 14:02:00 GMT
etag: W/"35ec93d71cf6c3630ff94685ad84639c"
x-amz-server-side-encryption: AES256
cache-control: max-age=300, public
x-amz-version-id: null
access-control-allow-credentials: false
vary: origin, Accept-Encoding
expires: Fri, 02 Dec 2022 03:50:03 GMT
cf-cache-status: HIT
server: cloudflare
cf-ray: 77311395dfe9b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=504767505&v=1.1&a=252628&rcu=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pu=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&t=Hundreds+of+scam+predatory+loan+platforms+found+on+Google+and+Apple+app+stores+-+The+Record+by+Recorded+Future&cts=1669952795678&vi=78268ae0dabd351086dfec1d40043f78&nc=true&u=156209188.78268ae0dabd351086dfec1d40043f78.1669952795677.1669952795677.1669952795677.1&b=156209188.1.1669952795677&pt=0&cc=15 | 104.19.154.83 | 200 OK | 45 B |
URL HTTP/2track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=504767505&v=1.1&a=252628&rcu=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pu=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&t=Hundreds+of+scam+predatory+loan+platforms+found+on+Google+and+Apple+app+stores+-+The+Record+by+Recorded+Future&cts=1669952795678&vi=78268ae0dabd351086dfec1d40043f78&nc=true&u=156209188.78268ae0dabd351086dfec1d40043f78.1669952795677.1669952795677.1669952795677.1&b=156209188.1.1669952795677&pt=0&cc=15 IP104.19.154.83:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashc8817d472077ebfc04593c1fa019d32d e1e86f41c86c7b9cd2e8b76c6a925a1a3e7e3247 dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
GET /__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=504767505&v=1.1&a=252628&rcu=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pu=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&t=Hundreds+of+scam+predatory+loan+platforms+found+on+Google+and+Apple+app+stores+-+The+Record+by+Recorded+Future&cts=1669952795678&vi=78268ae0dabd351086dfec1d40043f78&nc=true&u=156209188.78268ae0dabd351086dfec1d40043f78.1669952795677.1669952795677.1669952795677.1&b=156209188.1.1669952795677&pt=0&cc=15 HTTP/1.1
Host: track.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:37 GMT
content-type: image/gif
content-length: 45
cf-ray: 773113978aeeb512-OSL
cache-control: no-cache, no-store, no-transform
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-hubspot-correlation-id: c4a7f061-6f3e-4a15-bf9b-3efe45af2245
x-robots-tag: none
set-cookie: __cf_bm=2w_3Penyhq25IkNzB5RkYC5CNa8J6vgx.zUzDQnbNLU-1669952797-0-Aa5rvieqN1hoFuZik0Nl2PA+lX99axSDU4O/8nYiRhkc5ghJ2objD+DHAC3hDG9QqMWto9leMbHwicKX2QO7NgM=; path=/; expires=Fri, 02-Dec-22 04:16:37 GMT; domain=.hubspot.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GdNa9adQOfGifE24iI7HElVdjItJ8PdTfJDxSSOOwj3rK3oF22CPEKagHjFNjz2uvmP2iD5JHMH%2BJKkzUFbjGVGLuX4vA3Ie3pu0spNgGibWM0cNkOeI2J6rkX17cJUpRWMk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hash462bd1920adf582c53b62bf5bd15cbfd e8524bd822d024906c927f22f9f6ff64e53c3c73 f0fc888f0c5048a613cb857ef8c052ac93e6505ee10010e436acee86a12e5a6c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4937
Cache-Control: max-age=141903
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:46:37 GMT
Etag: "6388e923-117"
Expires: Sat, 03 Dec 2022 19:11:40 GMT
Last-Modified: Thu, 01 Dec 2022 17:49:23 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
|
|
| forms.hubspot.com/lead-flows-config/v1/config/json?portalId=252628&utk=78268ae0dabd351086dfec1d40043f78&__hstc=156209188.78268ae0dabd351086dfec1d40043f78.1669952795677.1669952795677.1669952795677.1&__hssc=156209188.1.1669952795677¤tUrl=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F | 104.19.154.83 | 200 OK | 1.1 kB |
URL HTTP/2forms.hubspot.com/lead-flows-config/v1/config/json?portalId=252628&utk=78268ae0dabd351086dfec1d40043f78&__hstc=156209188.78268ae0dabd351086dfec1d40043f78.1669952795677.1669952795677.1669952795677.1&__hssc=156209188.1.1669952795677¤tUrl=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F IP104.19.154.83:0
File typeJSON data\012- , ASCII text, with very long lines (2222), with no line terminators Hash879cf454116cd71ce53acd4b104850f7 044c1321c474db67b639a3dad4a8bd70ba85e620 d3dfbbaff023f98a1d3bb8df40ba40b9bfdc437acfadc840b90ca82e8b147570
GET /lead-flows-config/v1/config/json?portalId=252628&utk=78268ae0dabd351086dfec1d40043f78&__hstc=156209188.78268ae0dabd351086dfec1d40043f78.1669952795677.1669952795677.1669952795677.1&__hssc=156209188.1.1669952795677¤tUrl=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F HTTP/1.1
Host: forms.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://therecord.media
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:37 GMT
content-type: application/json;charset=utf-8
vary: origin
x-hubspot-correlation-id: 4cba6ee2-0280-44d4-81c2-8edb8c8d6afd
access-control-allow-credentials: false
access-control-allow-origin: https://therecord.media
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
access-control-max-age: 180
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=guEMFRNOmHjRmvGmVIHv0pxBnwF2Dk5Y25RoVs7CVwc-1669952797-0-Aa/wNnVRT39iH3KVNtI6652+XtMLZ57az+XudykUT/9ASU4PUGZNb/JMznxl//5brr4gs1L1inA37MeBgv9VLPg=; path=/; expires=Fri, 02-Dec-22 04:16:37 GMT; domain=.hubspot.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ffnxNE2Hwun2aSeKwrI%2FwAGnDahtfF8smZQKiHaVZMDflC8CWgXgJhBo05hybnrWl6kzhyXNpmZtix3pjnqenAR%2Be7DQJ0TVnsWhNJ3IpenFCmku99QZszLkTMSegmhAwBv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77311397ad23b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| go.recordedfuture.com/hubfs/iphonex_mockup.png | 199.60.103.254 | 200 OK | 195 kB |
URL HTTP/2go.recordedfuture.com/hubfs/iphonex_mockup.png IP199.60.103.254:0 ASN#209242 Cloudflare London, LLC
File typeRIFF (little-endian) data, Web/P image\012- data Size195 kB (195034 bytes) Hashb88f4e9ba458288793acce9241b16de6 eb0ab9c8272271e3aec19442fbd5f057babc759f 7ddb97a3966309b4797886170a224d94f37195a7b99a93ddf9a4856b1bbbf82b
GET /hubfs/iphonex_mockup.png HTTP/1.1
Host: go.recordedfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:38 GMT
content-type: image/webp
content-length: 195034
cf-ray: 7731139fea51b50f-OSL
accept-ranges: bytes
access-control-allow-origin: *
age: 801369
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
content-disposition: inline; filename="iphonex_mockup.webp"
etag: "8e4a9a910444dc630d9dde1cc3bd77f7"
last-modified: Thu, 09 Dec 2021 17:00:15 GMT
strict-transport-security: max-age=31536000
vary: Accept, Accept-Encoding
via: 1.1 22696b6e831fc717b53b9273ad3341c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
access-control-allow-methods: GET
cache-tag: F-38679274737,P-252628,FLS-ALL
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=331559
edge-cache-tag: F-38679274737,P-252628,FLS-ALL
x-amz-cf-id: eJHz4rPOBc9SE0KkxidM_9up52msda-8qgH51kZhrrNL5udAq5bEuQ==
x-amz-cf-pop: ARN1-C1
x-amz-id-2: oxqq7N0+Zkz1Qy54VtJ3mvMcjGq8BmlQtV6s/A2vbo6Ecsgmdv9fhislh4Y7JO9IUgB2XRXrm30=
x-amz-meta-cache-tag: F-38679274737,P-252628,FLS-ALL
x-amz-meta-created-unix-time-millis: 1607733110293
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
x-amz-request-id: WN71X0RYPBCMWY8V
x-amz-server-side-encryption: AES256
x-amz-version-id: r9ZOT95rdFsvuhynefdRWZgkO0lzhV1L
x-cache: RefreshHit from cloudfront
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-hs-https-only: worker
x-robots-tag: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1AoJ5DFczkWLfEdxipSxsylPem7n7dNNHcl3zfdz9KbivpQQ44%2BXQnRnSd2YCDWHJ0nr8yFarGdL3qrCQ12OLrgR%2BvYLCxQfzzHWvbNaUvX%2BkwMZL0ysKnj5lsk3exEaKcBNimH0Ng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=sRLQBxHZbgR2x_L_vjevJDahWpJnVY9qylNIGr1iEK8-1669952798-0-Ae8MgvoAnCQgAalc7E8ZFKLokljIzrYgxUX9TyRNew8gyWjHfrTRw1iaxiNBKEkC9yXio6uy2D3vk+OtTOZTIyU=; path=/; expires=Fri, 02-Dec-22 04:16:38 GMT; domain=.go.recordedfuture.com; HttpOnly; Secure; SameSite=None
__cfruid=fb3727197884c513b152a2fbffdbaa933f344984-1669952798; path=/; domain=.go.recordedfuture.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=3aff0dec-279f-4290-826b-59dcf8c7c899&session=1a4c9ea4-208f-4bb7-861a-c49106efe34e&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A35%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%222005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pageViewId=b9011e3e-7212-46a6-8774-07a3e8e3824f&an_uid=0 | 23.14.5.116 | 200 OK | 43 B |
URL HTTP/2b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=3aff0dec-279f-4290-826b-59dcf8c7c899&session=1a4c9ea4-208f-4bb7-861a-c49106efe34e&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A35%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%222005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pageViewId=b9011e3e-7212-46a6-8774-07a3e8e3824f&an_uid=0 IP23.14.5.116:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=3aff0dec-279f-4290-826b-59dcf8c7c899&session=1a4c9ea4-208f-4bb7-861a-c49106efe34e&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A35%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%222005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pageViewId=b9011e3e-7212-46a6-8774-07a3e8e3824f&an_uid=0 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Cookie: 6suuid=1c985468f27e00001c758963cd0300008a8b3600
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: image/gif
etag: "5e502810-2b"
expires: Wed, 19 Apr 2000 11:43:00 GMT
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
pragma: no-cache
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
date: Fri, 02 Dec 2022 03:46:38 GMT
set-cookie: 6suuid=1c985468f27e00001c758963cd0300008a8b3600; expires=Sun, 01-Dec-2024 03:46:38 GMT; path=/; domain=.6sc.co; SameSite=None; secure
access-control-allow-origin:
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=3aff0dec-279f-4290-826b-59dcf8c7c899&session=1a4c9ea4-208f-4bb7-861a-c49106efe34e&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A36%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223007%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pageViewId=b9011e3e-7212-46a6-8774-07a3e8e3824f&an_uid=0 | 23.14.5.116 | 200 OK | 43 B |
URL HTTP/2b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=3aff0dec-279f-4290-826b-59dcf8c7c899&session=1a4c9ea4-208f-4bb7-861a-c49106efe34e&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A36%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223007%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pageViewId=b9011e3e-7212-46a6-8774-07a3e8e3824f&an_uid=0 IP23.14.5.116:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=3aff0dec-279f-4290-826b-59dcf8c7c899&session=1a4c9ea4-208f-4bb7-861a-c49106efe34e&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A36%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223007%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pageViewId=b9011e3e-7212-46a6-8774-07a3e8e3824f&an_uid=0 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Cookie: 6suuid=1c985468f27e00001c758963cd0300008a8b3600
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: image/gif
etag: "60bb2e15-2b"
expires: Wed, 19 Apr 2000 11:43:00 GMT
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
pragma: no-cache
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
date: Fri, 02 Dec 2022 03:46:39 GMT
set-cookie: 6suuid=1c985468f27e00001c758963cd0300008a8b3600; expires=Sun, 01-Dec-2024 03:46:39 GMT; path=/; domain=.6sc.co; SameSite=None; secure
access-control-allow-origin:
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=3aff0dec-279f-4290-826b-59dcf8c7c899&session=1a4c9ea4-208f-4bb7-861a-c49106efe34e&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A37%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224009%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pageViewId=b9011e3e-7212-46a6-8774-07a3e8e3824f&an_uid=0 | 23.14.5.116 | 200 OK | 43 B |
URL HTTP/2b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=3aff0dec-279f-4290-826b-59dcf8c7c899&session=1a4c9ea4-208f-4bb7-861a-c49106efe34e&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A37%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224009%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pageViewId=b9011e3e-7212-46a6-8774-07a3e8e3824f&an_uid=0 IP23.14.5.116:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=3aff0dec-279f-4290-826b-59dcf8c7c899&session=1a4c9ea4-208f-4bb7-861a-c49106efe34e&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A37%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224009%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pageViewId=b9011e3e-7212-46a6-8774-07a3e8e3824f&an_uid=0 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Cookie: 6suuid=1c985468f27e00001c758963cd0300008a8b3600
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: image/gif
etag: "60bb2e15-2b"
expires: Wed, 19 Apr 2000 11:43:00 GMT
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
pragma: no-cache
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
date: Fri, 02 Dec 2022 03:46:40 GMT
set-cookie: 6suuid=1c985468f27e00001c758963cd0300008a8b3600; expires=Sun, 01-Dec-2024 03:46:40 GMT; path=/; domain=.6sc.co; SameSite=None; secure
access-control-allow-origin:
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=3aff0dec-279f-4290-826b-59dcf8c7c899&session=1a4c9ea4-208f-4bb7-861a-c49106efe34e&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A38%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225010%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pageViewId=b9011e3e-7212-46a6-8774-07a3e8e3824f&an_uid=0 | 23.14.5.116 | 200 OK | 43 B |
URL HTTP/2b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=3aff0dec-279f-4290-826b-59dcf8c7c899&session=1a4c9ea4-208f-4bb7-861a-c49106efe34e&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A38%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225010%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pageViewId=b9011e3e-7212-46a6-8774-07a3e8e3824f&an_uid=0 IP23.14.5.116:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=3aff0dec-279f-4290-826b-59dcf8c7c899&session=1a4c9ea4-208f-4bb7-861a-c49106efe34e&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2002%20Dec%202022%2003%3A46%3A38%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225010%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Record%20by%20Recorded%20Future%20gives%20exclusive%2C%20behind-the-scenes%20access%20to%20leaders%2C%20policymakers%2C%20researchers%2C%20and%20the%20shadows%20of%20the%20cyber%20underground.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hundreds%20of%20scam%20predatory%20loan%20platforms%20found%20on%20Google%20and%20Apple%20app%20stores%20-%20The%20Record%20by%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ftherecord.media%2Fhundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores%2F&pageViewId=b9011e3e-7212-46a6-8774-07a3e8e3824f&an_uid=0 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Cookie: 6suuid=1c985468f27e00001c758963cd0300008a8b3600
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: image/gif
etag: "615ccf10-2b"
expires: Wed, 19 Apr 2000 11:43:00 GMT
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
pragma: no-cache
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
date: Fri, 02 Dec 2022 03:46:41 GMT
set-cookie: 6suuid=1c985468f27e00001c758963cd0300008a8b3600; expires=Sun, 01-Dec-2024 03:46:41 GMT; path=/; domain=.6sc.co; SameSite=None; secure
access-control-allow-origin:
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/themes/therecordmedia/assets/js/bundle.js?ver=2022-01-20_3 | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-content/themes/therecordmedia/assets/js/bundle.js?ver=2022-01-20_3 IP104.18.29.120:0
GET /wp-content/themes/therecordmedia/assets/js/bundle.js?ver=2022-01-20_3 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:36 GMT
content-type: application/x-javascript
cf-bgj: minify
cf-polished: origSize=525445
cache-control: public, max-age=31622400
etag: W/"627a67ad-80485"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Tue, 10 May 2022 13:25:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-aafffe33f3a94e30934d3fc889f346c7-68a7eaa1825a78a5-00
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-cloud-trace-context: aafffe33f3a94e30934d3fc889f346c7/7541254080452786341;o=0
x-pantheon-styx-hostname: styx-fe2-a-5659d4cf87-7xm8h
x-served-by: cache-mdw17351-MDW, cache-iad-kjyo7100150-IAD
x-styx-req-id: 9b71127e-d06e-11ec-9491-962e6f6f2faa
x-timer: S1654762000.581559,VS0,VE2
cf-cache-status: HIT
server: cloudflare
cf-ray: 7731138b9c711bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/ | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/ IP104.18.29.120:0
GET /hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/ HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=600
link: <https://therecord.media/?p=19624>; rel=shortlink
set-cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77; path=/; secure; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains
x-pantheon-styx-hostname: styx-fe2-b-749969788b-dskhz
x-pingback: https://therecord.media/xmlrpc.php
x-styx-req-id: ea8f83f0-71f3-11ed-a0be-021c735fba4a
x-served-by: cache-chi-kigq8000055-CHI, cache-iad-kiad7000074-IAD
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1669952794.444727,VS0,VE447
vary: Accept-Encoding, Cookie, Cookie
age: 0
via: 1.1 varnish, 1.1 varnish
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77311382b9ec1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/css/cookieconsent.min.css?ver=5.2.5.1 | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-content/plugins/complianz-gdpr-premium/assets/css/cookieconsent.min.css?ver=5.2.5.1 IP104.18.29.120:0
GET /wp-content/plugins/complianz-gdpr-premium/assets/css/cookieconsent.min.css?ver=5.2.5.1 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: text/css
cache-control: public, max-age=31622400
etag: W/"633c9ee1-519d"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Tue, 04 Oct 2022 21:00:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-pantheon-styx-hostname: styx-fe2-a-7d98b4cfd9-289r8
x-styx-req-id: 13731ead-4544-11ed-a357-16feb0cd7ecd
x-served-by: cache-chi-klot8100085-CHI, cache-iad-kcgs7200053-IAD
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1666329523.675264,VS0,VE12
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 1339510
server: cloudflare
cf-ray: 77311389ec0a1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| js.hs-banner.com/252628.js | 104.18.33.171 | 200 OK | 0 B |
URL HTTP/2js.hs-banner.com/252628.js IP104.18.33.171:0
GET /252628.js HTTP/1.1
Host: js.hs-banner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:36 GMT
content-type: text/javascript; charset=UTF-8
x-amz-id-2: LS1MGhtctyJoIr11NDZF1lL9WPYe+AAUax+D59qdPquLlUqQG+J5d/dfqJ3QuSpYc0E9cqkO4sE=
x-amz-request-id: 38D3M2Z2BZP2FW8D
last-modified: Tue, 22 Nov 2022 18:16:27 GMT
etag: W/"958aec4309434ebd2375a04b9417fe9e"
x-amz-server-side-encryption: AES256
cache-control: max-age=300, public
x-amz-version-id: gyyxqe83cA5pJsCJa4mL1Y.D_KR2WUmi
access-control-allow-origin: https://www.recordedfuture.com
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
vary: origin, Accept-Encoding
expires: Fri, 02 Dec 2022 03:51:33 GMT
cf-cache-status: HIT
server: cloudflare
cf-ray: 77311393db45b51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/uploads/2020/08/TheRecord-Favicon.ico | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-content/uploads/2020/08/TheRecord-Favicon.ico IP104.18.29.120:0
GET /wp-content/uploads/2020/08/TheRecord-Favicon.ico HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: image/x-icon
cache-control: public, max-age=31622400
etag: W/"6176da46-47e"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Mon, 25 Oct 2021 16:24:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-pantheon-styx-hostname: styx-fe2-a-5bffbbcccc-fbjph
x-styx-req-id: 0bf515ba-3db8-11ec-a770-9af5deefdbaa
x-served-by: cache-mdw17359-MDW, cache-bwi5031-BWI
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1636649532.691926,VS0,VE1
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 1674397
server: cloudflare
cf-ray: 7731138ebd391bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/uploads/2021/06/PrimaryLogo-RGB-Carrot.svg | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-content/uploads/2021/06/PrimaryLogo-RGB-Carrot.svg IP104.18.29.120:0
GET /wp-content/uploads/2021/06/PrimaryLogo-RGB-Carrot.svg HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31622400
etag: W/"6176ddc9-1421"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Mon, 25 Oct 2021 16:39:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-0724553d20d14569b9c4aa74dd1e5800-f1ed39c245dc442d-00
x-cloud-trace-context: 0724553d20d14569b9c4aa74dd1e5800/17432653239179559981;o=0
x-pantheon-styx-hostname: styx-fe2-a-8dffc8694-rvctd
x-styx-req-id: 08f25e83-d5de-11ec-af7a-feafbb5d6829
x-served-by: cache-mdw17377-MDW, cache-iad-kjyo7100119-IAD
x-cache: MISS, HIT
x-cache-hits: 0, 2
x-timer: S1654761999.098123,VS0,VE0
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
server: cloudflare
cf-ray: 77311389ec0d1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.0.1.4 | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.0.1.4 IP104.18.29.120:0
GET /wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.0.1.4 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: application/x-javascript
cache-control: public, max-age=31622400
etag: W/"627079a5-c1f"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Tue, 03 May 2022 00:39:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-127ab74ace624e9bbf0fe10680296586-c34a59812e18e0d6-00
x-cloud-trace-context: 127ab74ace624e9bbf0fe10680296586/14072158397031571670;o=0
x-pantheon-styx-hostname: styx-fe2-b-8f57d8f9b-jjd4r
x-styx-req-id: 5c4dd69f-cb83-11ec-92c7-cab78af247e0
x-served-by: cache-mdw17372-MDW, cache-iad-kiad7000092-IAD
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1653890893.617868,VS0,VE2
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 11588328
server: cloudflare
cf-ray: 7731138b8c6c1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 IP104.18.29.120:0
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: application/x-javascript
cache-control: public, max-age=31622400
etag: W/"62956a0e-15db1"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Tue, 31 May 2022 01:06:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-5ce1923ff0c64f6c865b0914d5f6209e-ad1c07d7afeff0a0-00
x-cloud-trace-context: 5ce1923ff0c64f6c865b0914d5f6209e/12473853690860531872;o=0
x-pantheon-styx-hostname: styx-fe2-b-7d66648565-qk9wk
x-styx-req-id: 2315ece4-e0d4-11ec-853a-ba4f8aa48311
x-served-by: cache-mdw17381-MDW, cache-iad-kiad7000033-IAD
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1654453090.021780,VS0,VE2
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 15390931
server: cloudflare
cf-ray: 7731138bac7b1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| js.hsleadflows.net/leadflows.js | 104.17.232.204 | 200 OK | 0 B |
URL HTTP/2js.hsleadflows.net/leadflows.js IP104.17.232.204:0
GET /leadflows.js HTTP/1.1
Host: js.hsleadflows.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://therecord.media
Connection: keep-alive
Referer: https://therecord.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:36 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
last-modified: Thu, 17 Nov 2022 02:20:30 UTC
etag: W/"74fae7dd863591ed0e85827bc178f500"
x-amz-server-side-encryption: AES256
x-amz-version-id: WdFozKBx4SUx.lzBGe8mkR8wgVUrEMev
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
x-amz-cf-id: asmer8LZ3X72cZCs05nuiq_GIaaT_D1gWVGA_dzRuOMnwFDAKXBx4Q==
cache-control: s-maxage=86400, max-age=0
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1120/bundle/main/lead-flows-release.js&cfRay=76c166835ec0be49-IAD
x-hs-target-asset: lead-flows-js/static-1.1120/bundle/main/lead-flows-release.js
x-hs-cache-status: MISS
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
cf-cache-status: HIT
age: 60047
server: cloudflare
cf-ray: 773113940fe3b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| epsilon.6sense.com/v3/company/details | 18.184.252.128 | 200 OK | 0 B |
URL HTTP/2epsilon.6sense.com/v3/company/details IP18.184.252.128:0
OPTIONS /v3/company/details HTTP/1.1
Host: epsilon.6sense.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://therecord.media/
Origin: https://therecord.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:37 GMT
server: nginx
access-control-allow-origin: https://therecord.media
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: OPTIONS,GET
access-control-allow-headers: authorization
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/plugins/rf-rss-feed/public/css/rf-rss-widget.css?ver=5.9 | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-content/plugins/rf-rss-feed/public/css/rf-rss-widget.css?ver=5.9 IP104.18.29.120:0
GET /wp-content/plugins/rf-rss-feed/public/css/rf-rss-widget.css?ver=5.9 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=944
cache-control: public, max-age=31622400
etag: W/"62a7c6e9-3b0"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Mon, 13 Jun 2022 23:23:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-b8b0ec718b92420f929e3d43222c1080-cb42a8f8634e9d14-00
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-cloud-trace-context: b8b0ec718b92420f929e3d43222c1080/14646454722933726484;o=0
x-pantheon-styx-hostname: styx-fe2-a-55bc5f95bf-ctgww
x-served-by: cache-mdw17374-MDW, cache-iad-kcgs7200076-IAD
x-styx-req-id: b5b314a6-ecac-11ec-a59d-86a3cab65434
x-timer: S1655442334.403647,VS0,VE12
cf-cache-status: HIT
age: 12993446
server: cloudflare
cf-ray: 77311389ec061bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP104.18.29.120:0
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 18:31:41 GMT
etag: W/"6387a18d-302c"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
server: cloudflare
cf-ray: 77311389fc101bfa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 04 Dec 2022 03:46:35 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-json/complianz/v1/banner/?lang=en&locale=en_US&token=jghrw | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-json/complianz/v1/banner/?lang=en&locale=en_US&token=jghrw IP104.18.29.120:0
GET /wp-json/complianz/v1/banner/?lang=en&locale=en_US&token=jghrw HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77; _pk_id.2.de70=cd3f3c0917bf32e0.1669952795.; _pk_ses.2.de70=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:36 GMT
content-type: application/json
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
link: <https://therecord.media/wp-json/>; rel="https://api.w.org/"
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-pantheon-styx-hostname: styx-fe2-a-86d8b58f4d-x2x9k
x-robots-tag: noindex
x-styx-req-id: ebb59040-71f3-11ed-acb7-122badd39cc0
x-served-by: cache-chi-kigq8000073-CHI, cache-iad-kiad7000127-IAD
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1669952796.373209,VS0,VE354
vary: Accept-Encoding
age: 0
via: 1.1 varnish, 1.1 varnish
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77311390edc01bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/themes/therecordmedia/assets/js/modernizr_2.8.3.js?ver=2022-01-20_3 | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-content/themes/therecordmedia/assets/js/modernizr_2.8.3.js?ver=2022-01-20_3 IP104.18.29.120:0
GET /wp-content/themes/therecordmedia/assets/js/modernizr_2.8.3.js?ver=2022-01-20_3 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: application/x-javascript
cf-bgj: minify
cf-polished: origSize=15506
cache-control: public, max-age=31622400
etag: W/"634774f4-3c92"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Thu, 13 Oct 2022 02:16:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-pantheon-styx-hostname: styx-fe2-a-7f7c576796-t9pjd
x-served-by: cache-chi-klot8100087-CHI, cache-iad-kjyo7100128-IAD
x-styx-req-id: c579ad78-4bb7-11ed-bcf5-22c03b495636
x-timer: S1666329523.487549,VS0,VE2
cf-cache-status: HIT
age: 191573
server: cloudflare
cf-ray: 7731138bac771bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP104.18.29.120:0
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: application/x-javascript
cache-control: public, max-age=31622400
etag: W/"620526db-2bd8"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Thu, 10 Feb 2022 14:53:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-2689dd90b8af4cdf8e2bd1364d1f5fd8-c55d056313ede92e-00
x-cloud-trace-context: 2689dd90b8af4cdf8e2bd1364d1f5fd8/14221529121400154414;o=0
x-pantheon-styx-hostname: styx-fe2-a-55bcb968f4-4fsk2
x-styx-req-id: 2ed58edc-8ac5-11ec-9bd9-92f7ed4c6de9
x-served-by: cache-mdw17356-MDW, cache-iad-kiad7000171-IAD
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1644547638.173274,VS0,VE1
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 15396023
server: cloudflare
cf-ray: 7731138bac7a1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/themes/therecordmedia/assets/css/custom-v8.css?ver=2022-01-20_3 | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-content/themes/therecordmedia/assets/css/custom-v8.css?ver=2022-01-20_3 IP104.18.29.120:0
GET /wp-content/themes/therecordmedia/assets/css/custom-v8.css?ver=2022-01-20_3 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7291
cache-control: public, max-age=31622400
etag: W/"62835b45-1c7b"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Tue, 17 May 2022 08:22:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-aa3f4fafc610470c98d532a4cfe39f86-b0012068e4446890-00
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-cloud-trace-context: aa3f4fafc610470c98d532a4cfe39f86/12682453660530403472;o=0
x-pantheon-styx-hostname: styx-fe2-b-5b85c46fc7-cjkxj
x-served-by: cache-mdw17348-MDW, cache-iad-kiad7000111-IAD
x-styx-req-id: f9c46596-d5d0-11ec-a3f4-b23862e2270a
x-timer: S1653890893.500856,VS0,VE2
cf-cache-status: HIT
age: 15398542
server: cloudflare
cf-ray: 77311389ec081bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.0.1.4 | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.0.1.4 IP104.18.29.120:0
GET /wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.0.1.4 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: text/css
cache-control: public, max-age=31622400
etag: W/"629de6f3-2046"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Mon, 06 Jun 2022 11:37:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-09abf1cbaf1343639abe7ff96e4e795e-d94b362e51697cb3-00
x-cloud-trace-context: 09abf1cbaf1343639abe7ff96e4e795e/15657668102045924531;o=0
x-pantheon-styx-hostname: styx-fe2-b-5d8c4d9d59-lh42g
x-styx-req-id: 3b205ed4-e5b3-11ec-aa4c-123f3b800958
x-served-by: cache-mdw17371-MDW, cache-iad-kiad7000116-IAD
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1655442335.803913,VS0,VE2
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 13039105
server: cloudflare
cf-ray: 77311389ec091bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| therecord.media/wp-content/themes/therecordmedia/assets/css/style-v5.css?ver=2022-01-20_3 | 104.18.29.120 | 200 OK | 0 B |
URL HTTP/2therecord.media/wp-content/themes/therecordmedia/assets/css/style-v5.css?ver=2022-01-20_3 IP104.18.29.120:0
GET /wp-content/themes/therecordmedia/assets/css/style-v5.css?ver=2022-01-20_3 HTTP/1.1
Host: therecord.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therecord.media/hundreds-of-scam-predatory-loan-platforms-found-on-google-and-apple-app-stores/
Cookie: wordpress_google_apps_login=5aa60872c8cf0446e874564a36569f77
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 03:46:35 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=460519
cache-control: public, max-age=31622400
etag: W/"62811405-706e7"
expires: Sun, 03 Dec 2023 03:46:35 GMT
last-modified: Sun, 15 May 2022 14:53:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-14ae0d09ec154b1b94c0719b2e27bad6-6c219a7fb48ce2e8-00
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-cloud-trace-context: 14ae0d09ec154b1b94c0719b2e27bad6/7791678703608324840;o=0
x-pantheon-styx-hostname: styx-fe2-a-8dffc8694-cgfdq
x-served-by: cache-mdw17365-MDW, cache-iad-kjyo7100094-IAD
x-styx-req-id: 08f16e14-d5de-11ec-8d78-62fd88d1513f
x-timer: S1654148627.743576,VS0,VE1
cf-cache-status: HIT
age: 15401032
server: cloudflare
cf-ray: 77311389ec071bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|